2025 Cybersecurity Recap and 8 Predictions for What’s Next

2025 was a turbulent year for cybersecurity. The typical trends around lacking security protocols and exposed vulnerabilities that plague many companies year after year were exacerbated by increasingly volatile external conditions that are giving cyber criminals a leg up.

The cybersecurity threats themselves haven’t changed much – and will largely remain the same in the coming year. We’re still focused on attack vectors like phishing scams, ransomware, MFA and password compromise, and third-party vulnerabilities. However, 2026 will show us a threat landscape dominated by AI and weakened by government instability, shrinking budgets, and operational strain – and attackers are manipulating these factors to heighten already serious challenges around effective threat management.

Companies currently on unstable footing with their cybersecurity programs will be playing a harder game of catch-up in 2026 than in past years as attackers take advantage of the AI-wrapped gifts corporations are giving them. 

For this reason, my cyber threat analysis for the new year is focused on the increasing pressures from all sides that put our sensitive information and data at risk and are getting harder to predict and manage.

2025 Recap: The Pressures That Created a Cybersecuring Tipping Point – A Year of Shrinking Budgets, Expanding Risk, and Accelerating AI Reliance

Let’s start with a brief post-mortem. 2025 brought a number of issues to light that together are creating serious challenges for cybersecurity and threat management. At the root of many of these issues are funding shortfalls and budget cuts.

• Government Instability Has Created Systemic Cyber Weakness
  In 2025, the US government’s aggressive budget cuts led to significant restructuring and financial strain within CISA (Cybersecurity Infrastructure & Security Agency) and related federal cybersecurity entities. These cuts also forced compliance programs like CMMC (Cybersecurity Maturity Model Certification) to move the goal post another two years, resulting in ambiguity around Department of Defense security protocols and creating downstream supply chain impacts. Further, many states and municipalities are similarly affected by funding shortfalls and have resulting cybersecurity gaps that leave critical infrastructures and operations more vulnerable to attack.

• Budget Constraints Have Hit Corporate Security Programs Hard
  Economic concerns are shaping cybersecurity decisions across industries, and the funding ambiguities created by the federal government have resulted in stalled projects, delayed security modernization, and scaled-down staffing.

• Operational Strains and Workforce Reductions
  Funding shortfalls have caused companies to lay off positions integral to cybersecurity like developers, analysts, and engineers. These staffing cuts run counter to increasing cybersecurity threats – shrinking teams make event monitoring, patching, compliance, and system upkeep more difficult to manage and maintain.

• AI Has Gone Mainstream Without Guardrails
  AI-powered tools like ChatGPT, Claude, and Microsoft Copilot have been rapidly deployed in work environments, which has been helpful in many ways for employee productivity, but carries plenty of risk. For example, the China-linked espionage campaign against Anthropic’s AI model Claude, which I’ll discuss in more detail below, made headlines in 2025 for its deviant tactics.

AI usage, especially when installed directly by employees, causes widespread security blind spots, including within web browsers, plugins, and shadow tools. The same tools helping make work easier are actually causing major security challenges – and it will only become more problematic in 2026.

Against this backdrop, we’re entering a new year that’s already proving to be a fraught cybersecurity landscape. While there are no quick solutions, this article aims to make companies more aware of the road ahead and offer recommendations for balancing economic uncertainty, budget shortfalls, and conflicting AI use to establish a surer cybersecurity footing going forward.

Here is my cyber threat analysis for 2026:

1. Cybersecurity Decisions Will be Driven by the Economy

The more than $130 million in cuts to CISA handed down by the US government in 2025 did no favors for cybersecurity protections. CISA suffered staffing shortages and were forced to cut training initiatives, which weakened cyber protections over critical infrastructures like the power grid and water treatment systems. 

These cuts also handicapped federal agencies overall, rolling back certain executive orders and requirements for phishing-resistant MFA (multi-factor authentication) and encryption, critically reducing their ability to detect, respond to, and prevent cyberattacks. In addition to causing downstream vulnerabilities among private companies and critical infrastructure operators, these large-scale funding cuts and ambiguities hamper information sharing and incident response, and can erode the nation’s overall cybersecurity posture. 

Risks include:

• Delayed cybersecurity compliance and projects, which can increase vulnerabilities and exposure at a time when attacks are only becoming more severe. Stalled compliance timelines for standards like CMMC and other federal frameworks have consequently weakened supply chain visibility and third-party vendor security.
• Difficulty among organizations to approve or continue cybersecurity investments, leaving data and information vulnerable across the board. 
• Funding gaps at companies, vendors, and critical infrastructure providers at the federal and state levels that, when coupled with existing workforce shortages, make cybersecurity efforts more difficult to execute and monitor. 

2025 is largely considered to have been one of the most challenging years for cybersecurity given the ripple effect of funding uncertainties and cuts on adequate protections against advancing threats. 

Read More: Avoiding the “Oh Sh!t” Factor Even on a Tight Budget

According to the 2025 Verizon Data Breach Investigations Report, there was a 34% increase compared to 2024 in incidents where attackers exploited vulnerabilities to gain initial access and cause security breaches. 

Here’s What You Can Do:
Any critical industry whose operation is essential for people’s livelihood should take action to improve its security posture and align personnel on a response plan in the event of an attack. Across industries, funding uncertainties, legacy systems, and inadequate security training create significant vulnerabilities, so organizations should focus on incremental improvements in these areas to close security gaps. 

Because many of the cybersecurity challenges we face going into 2026 are related to economic turbulence, it makes sense that supply chains and third-party security are top concerns. Plus, cutting back on cybersecurity audits – and therefore pulling back enforcement – is causing greater variability in vendor security. However, even while federal oversight decreases, organizations should increase third-party security assessments and review vendor contracts to ensure security protocols and protections are built in. Third-party vendor compromise is an easier attack vector than ever, and the longer organizations are allowed to pause compliance, the more risk they will inherit from poorly-secured vendors, partners, and service providers.

4. Data Exfiltration Delivered by AI is a #1 Challenge

Most organizations have no idea what AI tools their employees are using, which is introducing a host of risks into networks. The number one challenge today across most organizations is the exfiltration of data delivered via AI, which is an unfortunate side-effect of AI use.

The reality is that everyone is installing AI tools. Organizations without locked-down desktops or protocols around installation inside the environment have generally limited awareness of which employees are using a tool with AI. Coupled with the fact that AI is automatically built into browsers, and many companies are voluntarily funding an AI tool to enhance productivity, controlling AI’s access and use is growing more difficult.

Visibility into what employees are sending out of an organization has become more difficult with remote work. During the pandemic, we worked with many clients on installing content filtering software or Zero Trust Networking (ZTNA) solutions to monitor for signs of compromise coming from work from home employee systems. Today, these same investments are coming in handy for monitoring for workforce AI usage as well. 

Here’s What You Can Do:
Consider creating a department – or at the very least a focus group – in your company to document your ideal AI needs. If you’re going to invest in AI or allow employees to install and use AI on their corporate devices, you need an internally-managed program to monitor what’s being used, what information is being sent out to your AI solution providers, and how they handle your data.

Fundamentally, it makes sense to be able to control where employees are browsing to and what they’re installing for the sake of protecting your organization.

5. AI-Driven Attacks Will Be Automated, Invisible, and Rapid

In last year’s predictions for 2025, I discussed the need for companies to reconcile the benefits of AI with its many risks. While I’d love to report progress going into 2026, we’re actually seeing quite the opposite. 

I previously warned about GenAI and deepfakes changing the rules of traditional social engineering campaigns; however, 2026 is serving up something a lot more sinister. AI is enabling fully automated attacks, making them faster, more efficient, and exponentially more devastating.

In September, a Chinese state-sponsored hacking group deployed what has been called the first example of almost total automation of an AI-orchestrated cyber espionage campaign. The attackers tricked Anthropic’s AI model, Claude Code, to bypass its own security protocols and execute malicious tasks, including reconnaissance, scanning for vulnerabilities, generating exploit code, harvesting credentials, creating backdoors, and organizing stolen data. 

Ultimately, attackers used the AI to automate cyberattacks against approximately 30 global organizations. Anthropic reported that 80-90% of the operation was executed by the AI with minimal human intervention, and while some argue the attack was predominantly human-led but amplified by AI, there is no arguing the increased degree to which AI was involved in these attacks.

The Anthropic attack signifies a shift in how AI can be leveraged for faster and more destructive data exfiltration, executing thousands of requests per second – a rate no human attacker could possibly match. 

Here’s What You Can Do:

Organizations need to control AI use to prevent or at least be aware of growing and often invisible data loss; a major component is making sure you have real-time monitoring and 24/7 detection in place.

6. Ransomware Will Hit Harder Using Remote Access Tools

Ransomware tactics have been ramping up for some time, taking it from a singular attack to a calculated step in extortion campaigns. 

A new attack vector for ransomware threat actors is to install legitimate remote access tools like Kaseya, ConnectWise, AnyDesk, or Atera. The tools IT professionals use to do remote support are now the common technique attackers use because they appear legitimate and don’t often raise any alarm bells via traditional detection. 

Additionally, due to the abuse of RMM solutions and exploitation of traditional VPN solutions, many companies have considered installing ZTNA solutions like Zscaler, Cato Networks, and Palo Alto’s GlobalProtect to facilitate employee remote access and reduce the IP addresses allowed into their network, greatly reducing the attack surface. These content filtering tools are necessary to detect AI plugins and shadow tools, but we understand adoption will be slowed by cost.

The economy is driving behavior right now, and these are not mandatory security technologies. I predict that in 2026, we’ll see a gradual rise in adoption, with the most security-mature organizations leading the way.

Here’s What You Can Do:
Consider a zero trust approach to monitor and limit network access and gain greater control over app and extension policies, especially if you have employees working remotely. 

Read More: Transitioning to Zero Trust Protection

7. AI-Produced Code Will Create New Vulnerabilities

AI is not synonymous with secure code, but many organizations are using AI to generate up to 40% of their code base. 

A September Veracode report found that 45% of AI-generated code sampled from 100 AI tools contained security flaws classified within the Open Web Application Security Project (OWASP) Top 10 list of critical web application security risks. 

Not only is AI generating insecure code, but it’s doing it faster. Adding to the vulnerability is the fact that vendors are also using AI to test the code for quality assurance issues, and are ultimately failing to identify security vulnerabilities.

These risks are surfacing at a time when companies are shrinking developer teams amid budget cuts but ramping up QA, causing bottlenecks and backlogs that allow vulnerability volumes to increase and go unmitigated.

Here’s What You Can Do:
Invest time, budget, or personnel into secure code review using a human-first approach. As AI-generated code proliferates, performing QA without AI will become essential to catch and manage vulnerabilities before they are unleashed into networks.

8. The Cybersecurity Talent Model is Shifting

In addition to massive budget cuts and funding challenges, the cybersecurity talent model has been undergoing a shift for some time as AI and automation are taking over entry-level technical roles. 

Instead, security testing, QA, and human oversight roles are expanding, and in 2026, I predict more companies will be outsourcing security work to MSSPs and MDR providers. 

Overall, this shift isn’t a negative. AI’s role in managing more repetitive and mundane tasks is allowing security professionals to focus instead on higher-level, more strategic challenges. 

Here’s What You Can Do:

• Join other forward-thinking organizations in placing greater value on security certifications, problem-solving abilities, and proven SIEM configuration skills over degrees when making hiring decisions; entry-level positions that previously performed more rote tasks are being replaced with AI. 
• Be open to creating new roles within your organization in line with where today’s cybersecurity jobs are going. These can include “Security Automation Engineer,” “AI Threat Intelligence Analyst,” or “Machine Learning Security Specialist,” which ensure you’ll get necessary security knowledge and data science skills.

Are We Reaching a Security “Breaking Point”?

Experts are discussing the potential for a security “breaking point” because of several factors that all point to a loss of control in the face of AI:

• AI is producing insecure code faster than defenders can test it or patch it.
• Threat actors are using AI to automate attacks faster than security tools or defenders can detect them. 
• Budget cuts and compliance delays are reducing the oversight needed to maintain cyber resilience and increasing strain on internal security teams.
• Workforce reductions are widening talent gaps and evolving how organizations decide to staff security positions and how they view cybersecurity skills when hiring.
• The volume of “bad code”, vulnerabilities, and automated threats is, as a whole, beginning to outpace human and tool-based capacity.

The narrative throughout this article is that we’re not facing new threats in 2026 – we’re facing a widening gap between offense and defense as AI and automation accelerates on both sides. 

There is no attempt here to sugar coat the challenging state of affairs we’re in with cybersecurity as a nation, and our government certainly has not made the path easier in the face of growing threats and evolving tactics. 

Preventing a major breach – whatever that looks like – comes down to organizations doing everything they can to take action and protect their networks and data.

What Organizations Should Prioritize for 2026

Here are 7 ways your organization can be more proactive, prepared, and positioned for a cyber attack in the new year:

1. Prioritize 24/7/365 monitoring and detection internally or via technology upgrades. 
2. Reinforce AI governance so you understand how it’s being used and who’s using it, and are able to apply controls and restrict plugins or browser capabilities. 
3. Double-down on fundamental security technologies like patching, segmentation, asset visibility, and replacing legacy equipment – all of which leave your organization vulnerable.
4. Increase your scrutiny of third-party vendor security and supply chain partners.
5. Invest in zero-trust approaches and network isolation tools where possible. 
6. Expand secure code review and QA functions.
7. Conduct annual or biannual penetration testing across your environment to uncover exploitable pathways, validate defensive controls, and identify where attackers could move laterally.
8. Perform targeted security assessments to validate architecture and configurations, ensuring your systems follow best practices and aren’t introducing hidden risks across IT, cloud, or OT environments.
9. Use an MSSP like DirectDefense to extend your monitoring and coverage, especially if you’re dealing with reduced security staff.
10. Leverage testing services from an expert provider like DirectDefense to get ahead of any vulnerabilities and identify improvements for a stronger security posture.

Whether you feel like your organization has a good handle on its security or you’re starting 2026 on unstable footing, keep in mind that the threats aren’t changing – the automation and speed of deployment has. 

Organizations that maintain strong core technologies and adopt proactive AI governance will be in the best position against these attacks in 2026; those with lagging protections should consider ramping up internal security efforts or outsourcing the work to a cybersecurity services provider like DirectDefense that can provide testing and managed services. 

With decades in the business and a personalized service delivery model tailored to your business’s needs, DirectDefense can put your organization on the right track for 2026 and beyond – because we know the attacks aren’t slowing down. 

Contact us today to get started.