Moody’s has issued a stark warning in its 2026 cyber outlook report, predicting a rise in dangerous AI-powered cyberattacks and growing challenges to regulatory harmonization. The report, released Thursday, forecasts an increase in cryptocurrency thefts as attackers target both transaction and storage platforms, highlighting the urgency for businesses to bolster their defenses against evolving threats.
As more organizations adopt AI technologies without adequate safeguards, Moody’s anticipates that threats like model poisoning will become increasingly prevalent. The report states that while AI has already facilitated more personalized attacks via phishing emails and deepfake media, the next few years may bring a wave of “adaptive malware” that evades detection by security measures. Furthermore, there are expectations of AI agents assisting cybercriminals in executing attacks more swiftly. The firm cautioned that 2026 might even reveal early signs of autonomous attacks, raising alarms among cybersecurity experts.
In response to these evolving threats, Moody’s emphasizes that companies failing to invest in “AI-driven defenses” will find themselves increasingly vulnerable. However, the report also notes that the autonomous capabilities of agentic AI may introduce unpredictable behaviors and errors, complicating incident response efforts. “AI-powered defense solutions are not a silver bullet; they introduce new risks and require strong governance,” the report asserts. In a landscape increasingly shaped by AI-enabled cybercrime, firms relying solely on manual processes are likely to fall behind, heightening their exposure to costly breaches.
Moody’s does not foresee fully autonomous malware—capable of adapting in real-time to defensive tactics—emerging for another three to five years. This timeline indicates that while businesses need to prepare for increasingly sophisticated threats, the most dire form of cyber danger may still be on the horizon.
On the regulatory front, the report sheds light on the diverging paths of the European Union, the United States, and countries in the Asia-Pacific region. Moody’s notes that the EU is actively pursuing coordinated regulatory frameworks like the Network and Information Security Directive. In contrast, the U.S. is witnessing a retreat from previous regulatory efforts under the Trump administration, which has delayed or abandoned several initiatives.
Moody’s observes, “Regional harmonization may gain traction in 2026, yet achieving true global alignment will be difficult, given conflicting domestic priorities and legislative agendas.” As cyber attackers exploit regulatory gaps faster than authorities can close them, the challenge will be to introduce harmonization that enhances resilience rather than diluting it.
As organizations prepare for the looming threats highlighted in the report, the emphasis on adopting AI technologies for both offense and defense underscores the crucial role of regulation in maintaining cybersecurity integrity. This evolving landscape calls for a proactive approach from businesses and policymakers alike, as they navigate the complexities of an interconnected digital world.
See also
African Firms Lag in AI Cyber Defense as 82% Struggle to Hire Talent, Report Finds
Physical Intrusion Detection Market to Reach $24.6B by 2033, Driven by AI Innovations
AI Agent Security Emerges as Critical Cyber Defense Frontier to Combat Evolving Threats
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
