As 2026 approaches, James Wickett, CEO of DryRun Security, offers a glimpse into the future of technology, particularly focusing on cybersecurity trends that organizations may soon face. Wickett’s insights highlight a transformative shift in cyber threats, emphasizing that the era of traditional injection attacks is giving way to what he terms “agent exploits.” He argues that as businesses increasingly integrate AI agents into their workflows, the potential for misuse will grow significantly.
Wickett warns that attackers will exploit this “agency abuse,” manipulating the AI’s actions to perform harmful tasks under the guise of routine operations. For instance, an attacker could issue a seemingly innocuous command to transfer database backups for “auditing purposes,” ultimately exfiltrating sensitive data without raising alarms. This evolution of cyberattacks will mark a departure from data breaches and lead to incidents that cause tangible damage to organizational infrastructure.
The issue of AI-generated misinformation, often referred to as “hallucinations,” is another concern for the coming years. Wickett asserts that rather than attempting to eliminate these errors entirely, developers will shift their focus towards managing them more effectively. By 2026, he anticipates a transformation in how teams handle inaccuracies, embracing layered AI architectures where secondary agents validate outputs to ensure higher accuracy. This approach aims to treat hallucinations as manageable background noise instead of attempting to eradicate them completely.
Anticipating Change in Security Needs
As AI systems become more autonomous, Wickett predicts that multi-agent architectures will become ubiquitous across industries. These systems will feature discrete sub-agents that communicate and collaborate, enhancing efficiency but complicating security. Each agent introduces its own permissions and contexts, potentially expanding the attack surface for malicious actors. Organizations, according to Wickett, will often be caught off guard by unauthorized agent activity, leading to unexpected vulnerabilities.
To mitigate these risks, he advocates for fundamental engineering practices, such as limiting tool access and maintaining visibility into agent interactions. This proactive approach could help organizations navigate the complexities introduced by agentic systems, ensuring that security measures keep pace with technological advancements.
Wickett also emphasizes the changing role of the Chief Information Security Officer (CISO) in this evolving landscape. He contends that the modern CISO must possess a deep understanding of code, particularly as the volume of code produced by companies continues to surge. As AI and automation become integral to software development, a technically savvy CISO will be essential for securely navigating these advancements. Wickett believes that organizations will increasingly prioritize leaders who can substantively assess risk and ensure that new technologies are implemented safely.
Another critical prediction centers around the emergence of bespoke malware, driven by advancements in AI. Wickett highlights a significant shift from traditional, generic malware to customized exploits tailored for specific targets. In 2026, he foresees that attackers will leverage AI to quickly generate effective malware, making it accessible to those without extensive technical knowledge. This change will likely lead to a rise in micro-targeted attacks, fundamentally altering the economic landscape of cybercrime.
Wickett concludes by discussing the anticipated evolution of the dark web, which he believes will transition from a marketplace focused on stolen identities to one centered around proprietary code and trade secrets. The proliferation of easily generated custom malware will facilitate this shift, allowing bad actors to offer pre-built tools designed for specific attacks. Rather than resembling traditional ransomware forums, these new underground marketplaces will function more like GitHub for cybercriminals, providing comprehensive attack pipelines tailored for individual targets.
As organizations prepare for these impending changes in cybersecurity, Wickett’s insights serve as a cautionary forecast of the risks and challenges that lie ahead. The convergence of advanced AI capabilities and evolving attack vectors will necessitate a reevaluation of security protocols and strategies, underscoring the need for vigilance in an increasingly complex digital landscape.
See also
AI Predictions for 2026: Custom Malware, Hallucination Management, and Cybersecurity Challenges
AI Coding Tools Like GitHub Copilot Expose 30+ Security Vulnerabilities, Researchers Warn
FAMU Cyber Policy Institute Secures $5M Grant to Boost AI and Cybersecurity Initiatives
