Cybersecurity Predictions: 5 That Came True In 2025, And 5 More For 2026

IT folks will remember 2025 as the year when cyber threats like phishing, deepfakes, injections and more became turbo-boosted with the rise of AI.



As the year closes, some will remember 2025 as a year of political turmoil, the loss of beloved celebrity figures, and increasing prices on everyday goods and services.

IT folks, however, will remember 2025 as the year when cyber threats like phishing, deepfakes, injections and more became turbo-boosted with the rise of AI.

Here is a summary of the five biggest cybersecurity predictions in 2024 that came to fruition in 2025 and five more predictions for 2026.

What Was Predicted For Cybersecurity And What Actually Happened In 2025

  1. AI Will Blur Reality

“Large Language Models (LLMs) will begin to create hyper-personalized experiences as people work more with AI. In late 2024, over 200 million people used ChatGPT on a weekly basis. While convenient, these technologies will likely begin shaping individual perceptions and reality, prompting ethical discussions on AI’s impact on human thought,” cybersecurity company Gen said in an emailed statement to MES Computing in December 2024.

Thanks to AI, threat actors are now creating polished attack campaigns that often feature high-quality animation such as a real-looking installation bar, according to a new HP Wolf Security report.

  1. Unrecognizable Deepfakes

According to the 2025 “Voice Intelligence & Security” report by Pindrop, a provider of voice authentication and fraud detection services, there was a 1,300 percent increase overall in deepfake attacks in 2024.

A September 2025 report from market research firm Gartner found that 62 percent of businesses experienced a deepfake attack within the last 12 months.

Voice deepfake fraud has ridden the coattails of AI’s advancement. In the U.S., there was a 173 percent increase in synthetic voice calls between Q1 and Q4 2024, according to Pindrop’s report.

  1. AI-Fueled Ransomware

In addition to ramping up very realistic looking deepfakes, AI also heightened ransomware. Almost every major cybersecurity watchdog group sounded the alarm about ransomware threats increasing with AI in 2025. In 2024, the IEEE said that AI could render “conventional [security] detection methods less effective.”

This month, cybersecurity company ESET released its latest threat report, which revealed that it had discovered the PromptLock threat– which researchers said was the first known AI-driven ransomware, capable of generating malicious scripts on the fly. From 2025 to 2025, ESET researchers projected a 40 percent year-over-year increase in ransomware attacks, much of that buoyed by AI.

  1. AI Creates IT Talent Shortage

Back at the end of 2023, Access Partnership and Amazon Web Services (AWS) collaborated on a survey of 3,297 employees and 1,340 organizations in the U.S., across various industries. The survey found that 75 percent of those surveyed said they could not find IT staff skilled in AI. That lack of AI skills can mean not having the best workforce to defend against rising AI attacks.

According to a report from IBM: “cybersecurity professionals must embrace AI-specific upskilling to remain competitive.”

On the MES podcast for the midmarket IT executives, Ready.Set.Midmarket!, guest Rory Devine, vice president at staffing agency Robert Half Talent Solutions, spoke about the need for IT professionals to upskill for AI.

“Early adopters of AI within their companies are being promoted. They're not being replaced. It's the ones who are dragging their feet on the education piece,” Devine said.

  1. Rise In Supply Chain Attacks

In 2024, industry insiders warned about a rise in supply chain attacks. That happened in 2025, according to cybersecurity company Cyble which saw an “uptick in supply chain attacks [beginning] April 2025, when Cyble dark web researchers observed claims of 31 such attacks. Since then, cyberattacks with supply chain implications have averaged 26 a month, twice the rate seen from early 2024 through March 2025.”

5 Cybersecurity Predictions For 2026

1. The Innocuous Printer In The Corner Will Be A Threat Vector

“While PCs and other endpoints are firmly under IT and information security protection, printers are still treated as business equipment procured through supply chain,” said Jim LaRoe, CEO of Symphion, Inc., in a statement to MES Computing. “Organizations rely on manufacturers’ built-in features that are left at factory defaults and never turned into a real protection program. That’s complacency, and it’s dangerous.”

2. AI-Powered Social Engineering And AI-Enabled Malware

"Social engineering is the basis for many attacks, and with AI, it's bound to get more advanced," said Andrius Buinovskis, a cybersecurity expert at NordLayer. "It will become increasingly more difficult to understand if an attack is being carried out using a sophisticated method or a simple approach. Essentially, the line between basic and advanced social engineering is blurring, making both its detection and resistance significantly more difficult."

3. GPU Optimization, AI Attacks Make Organizations Reconsider Their Cloud Strategy

“GPU optimization becomes a headline topic in 2026. Today, most companies only use about 60 percent of the GPU power for which they are paying. Next-gen optimization software is going to flip that on its head, giving organizations the ability to squeeze full value out of their infrastructure. That matters not just for cost control, but for AI reliability. When your model performance becomes a competitive advantage, you can’t afford wasted compute, unpredictable throttling, or hardware carved into fractional units you can’t see. This is where optimized IaaS and regional GPU clouds start to shine,” said Richard Copeland, CEO, Leaseweb USA in a statement shared with MES Computing.

At the same time, attackers are getting smarter, and they’re starting to use AI too. The largest, most complex cloud environments become the biggest targets - when bad actors can spin up their own LLMs. Hyperscalers have hundreds of thousands of tenants, which means hundreds of thousands of potential attack surfaces (and pockets to pick). Regional providers have tighter vetting, cleaner environments, and fewer noisy neighbors. In 2026, security-conscious organizations will realize that the safest place to run AI and high-value workloads often isn’t the biggest cloud, it’s the one that actually keeps out the wrong people,” Copeland added.

4. Non-Human Identity Conundrum

As AI agents become more commonplace, concerns are emerging over how autonomous those agents should be. Managing the access and permissions of non-human identities is going to be a significant tech focus in 2026.

“Enterprises are adopting more and more AI agents and those agents have their own identity. But we saw a challenge—many security and enterprise teams are not fully adopting those agents because of the fear of the access and permissions that those agents will have,” cautioned Token Security co-founder and CEO Itamar Apelblat, in a recent interview with MES Computing.

5. Model Poisoning Leads To AI Manipulation

Nicolas Fort, director of product management at One Identity, shared his prediction via an emailed statement: “AI assurance will become inseparable from identity assurance. Organizations will need to track not just who accessed a model, but who influenced it and who still has access. Every training event, prompt, and parameter change must be tied to an authenticated identity.”