Security teams anticipate a significant increase in AI-driven cyberattacks by 2026, while facing challenges in distinguishing genuine threats from false positives, according to new research from cybersecurity firm Hadrian. The study indicates that two out of three Chief Information Security Officers (CISOs) and security professionals consider AI-driven threats their primary concern for the upcoming year.
Hadrian reported that a staggering 99.5% of the findings dealt with by security teams are classified as false positives, with merely 0.47% of security issues deemed exploitable. This overwhelming volume of non-actionable alerts is pushing organizations to focus on ticket management instead of proactive remediation, which leaves them vulnerable to cyber threats that may go unnoticed.
“Traditional defensive cybersecurity will no longer be sufficient in an AI-first world in 2026,” said Rogier Fischer, CEO of Hadrian. “The only viable path forward is a decisive shift toward continuous, offensive cybersecurity, powered by automation and real-world exploit validation.”
Hadrian’s research paints a picture of an industry burdened by substantial alert volumes and limited visibility into new attack vectors associated with AI-driven techniques. Notably, nearly 90% of all verified exposures are categorized as medium or low severity, contributing to alert fatigue among security teams. This fatigue complicates their ability to identify the small fraction of issues that attackers can exploit.
Hadrian notes that critical exposures represent only 3% of validated findings, which often compete for attention among thousands of other alerts. “The biggest risk going into 2026 isn’t that organizations lack security tools. It’s that they no longer know which threats are real while attackers know exactly where to strike,” Fischer added.
The report highlights the evolving tactics employed by cybercriminals, who now leverage automation, large language models, and AI-assisted reconnaissance. These methodologies enable attackers to swiftly discover vulnerabilities, exploit them, and connect weaknesses within concise timeframes. In contrast, traditional defensive strategies continue to rely on manual validation and internal prioritization cycles, hindering timely decision-making as adversaries act rapidly.
Remediation timelines reveal further challenges; Hadrian found that critical vulnerabilities typically take an average of four days to remediate, with some lingering unresolved for over four months. However, when organizations classify an issue as urgent, the response time improves significantly, with 94% of zero-day vulnerabilities remediated within five days. Hadrian attributes this discrepancy not to technical limitations, but rather to confidence in what can be exploited.
The study underscores the necessity for continuous testing and exploit validation, marking a shift in security strategies that closely aligns with attacker behavior. Hadrian asserts that cybercriminals consistently test environments and explore exploit chains, creating an imperative for defenders to adopt automation, adversarial emulation, and ongoing exploit validation. This transition represents a broader organizational change, rather than a mere product upgrade.
“The industry has treated offensive cybersecurity as something advanced or optional for too long,” Fischer stated. “It should be the baseline. If you’re not continuously testing your environment the way attackers do, you’re no longer defending, you’re guessing.”
Hadrian based its benchmark report on verified risk data collected throughout 2025, utilizing quantitative survey research. The analysis encompasses verified risk data from over 300 organizations across the U.S., UK, Netherlands, Germany, France, and Italy. Additionally, a focus group comprising 34 enterprise CISOs and senior security operations leaders provided qualitative insights, alongside extensive cross-validation of platform telemetry and attacker behavior.
As security teams grapple with an increasing volume of alerts and a low percentage of exploitable issues, Hadrian warns that challenges will persist into 2026, primarily as AI-driven reconnaissance and automation further accelerate the timeline from discovery to exploitation.
See also
AI-Powered Cybersecurity Defenses Transform Incident Response Times to Minutes by 2026
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
