Google Cloud has issued a stark warning about the future of cybersecurity, projecting that AI-driven cyberattacks will escalate significantly by 2026, particularly impacting sectors such as manufacturing, retail, and finance linked to global supply chains. The growing risks associated with AI agents, hypervisors, and third-party providers are likely to increase vulnerabilities to extortion, intellectual property theft, and regulatory non-compliance, underscoring the need for enhanced identity and infrastructure controls.
According to the report, as AI becomes an integral tool for cyber adversaries, they will be able to conduct automated attacks on an unprecedented scale. Jon Ramsey, Vice President and General Manager of Google Cloud Security, emphasized the necessity for organizations to brace themselves against the evolving threats posed by AI. This is particularly pertinent for the Latin American market, where rapid adoption of AI agents without adequate safeguards heightens risks related to compliance and intellectual property protection.
The “Cybersecurity Forecast for 2026” report highlights alarming statistics, revealing that the first quarter of 2025 saw 2,302 victims listed on data leak sites—an all-time high since tracking commenced in 2020. This spike indicates a well-established cyber extortion ecosystem that is increasingly utilizing specialized techniques, such as targeting third-party providers while exploiting zero-day vulnerabilities in managed file transfer software. In economies deeply integrated into global supply chains like Mexico, these trends could have immediate financial ramifications, with incidents in 2025 related to food retail and wholesale causing damages exceeding hundreds of millions of US dollars.
Google Cloud’s report also discusses the evolving nature of cyber threats, particularly the potential for adversaries to employ AI to enhance the speed and effectiveness of social engineering and malware development. One worrying trend is “instruction injection,” a cyberattack that can manipulate AI models to bypass security measures and carry out hidden commands from attackers. To combat these threats, organizations are urged to adopt a defense-in-depth strategy, which includes machine learning content classifiers to filter harmful instructions and reinforcement of security protocols to maintain user intent within AI models.
The evolution of identity and access management is another critical aspect addressed in the report. As AI agents take on more roles in executing workflows and making decisions, the concept of identity is expected to expand to treat these agents as distinct digital entities. This shift necessitates moving from traditional human authentication methods to agent identity management, which will involve real-time risk assessment and context-driven access controls. Organizations will be compelled to adhere to the principle of least privilege and implement just-in-time access to minimize unauthorized actions.
The rise of sophisticated AI agents also raises concerns regarding “Shadow AI,” where employees may deploy autonomous agents independently, potentially creating invisible channels for sensitive data that could lead to compliance breaches. As security controls advance within virtualized operating systems, adversaries are shifting focus to the underlying infrastructure, particularly hypervisors, which have become critical vulnerabilities due to insufficient visibility and outdated software versions.
Google Cloud warns that a single breach at the hypervisor level can grant attackers complete control over a corporation’s digital assets. This could lead to the encryption of virtual machine disks, causing widespread operational disruptions within hours—far quicker than traditional ransomware attacks. For industrial control systems, the forecast indicates that cybercrime will remain the principal threat, with adversaries likely to design ransomware targeting essential enterprise software, disrupting the data supply chain vital for industrial operations.
Looking ahead, the geopolitical landscape presents additional challenges. Charles Carmakal, Chief Technology Officer at Mandiant Consulting, notes that nation-state adversaries will continue to infiltrate organizations and remain embedded within their environments for extended periods. As per the report, U.S. adversaries are expected to maintain long-term persistence, while operations in Russia may pivot towards establishing advanced cyber capabilities and strategic footholds within critical international infrastructure.
In parallel, the volume of Chinese cyber operations is projected to remain high, with a focus on edge devices and third-party providers, particularly in the semiconductor sector amid ongoing competition and export restrictions. Regional tensions involving Iran may also lead to increased cyber espionage and disruptive attacks aimed at Israel and its allies, while North Korea will intensify its efforts against cryptocurrency users and organizations as part of its revenue-generation and espionage strategies.
As the financial industry increasingly adopts cryptocurrencies and tokenized assets, malicious actors are expected to exploit the decentralization of blockchain technology. By 2026, elements of their operational lifecycle may migrate to public blockchains, utilizing techniques like EtherHiding for payload delivery. Sandra Joyce, Vice President of Google Threat Intelligence, cautions that organizations must adapt their security postures to safeguard against these emerging threats, ensuring operational resilience in an evolving landscape of cybersecurity challenges.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
