The rise of AI agents is introducing new challenges to traditional identity and access management (IAM) strategies, especially in identity registration and governance, credential automation and policy-driven authorization for machine actors
The rapid rise of AI, escalating geopolitical tensions, regulatory uncertainty and an increasingly complex threat landscape are reshaping the cybersecurity trends for 2026, according to a new report from Gartner.
“Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change. This demands new approaches to cyber risk management, resilience and resource allocation,” said said Alex Michaels, Director Analyst at Gartner.
Gartner identifies six key trends that will have a broad impact across transforming governance, securing new frontiers and normalizing AI adoption:
Agentic AI is being adopted at speed by both employees and developers, opening up new attack surfaces. The rise of no-code and low-code tools, along with vibe coding, is accelerating this shift, fueling the spread of unmanaged AI agents, insecure code and heightened regulatory compliance risks.
“While AI agents and automation tools are becoming increasingly accessible and practical for organizations to adopt, strong governance remains essential. Cybersecurity leaders must identify both sanctioned and unsanctioned AI agents, enforce robust controls for each and develop incident response playbooks to address potential risks,” said Michaels.
Shifting geopolitical dynamics and evolving global regulations have elevated cybersecurity into a critical business risk, with direct consequences for organizational resilience. As regulators increasingly hold boards and executives accountable for compliance failures, inaction can lead to heavy fines, lost business opportunities and lasting reputational harm.
Gartner advised cybersecurity leaders to formalize collaboration across legal, business and procurement teams to establish clear accountability for cyber risk. Aligning control frameworks to recognized standards and addressing data sovereignty concerns will help reduce compliance gaps.
Gartner also predicts advances in quantum computing will render the asymmetric cryptography organizations rely on to secure data and systems unsafe by 2030. Postquantum cryptography alternatives must be adopted now to avoid potential data breaches, legal liability and financial loss from “harvest now, decrypt later” attacks targeting long-term sensitive data.
“Postquantum cryptography is reshaping cybersecurity strategies by prompting organizations to identify, manage and replace traditional encryption methods, while prioritizing cryptographic agility. By investing in these capabilities and prioritizing migration now, assets will be secured when quantum threats become a reality,” added Michaels.
The rise of AI agents is introducing new challenges to traditional identity and access management (IAM) strategies, especially in identity registration and governance, credential automation and policy-driven authorization for machine actors. Failure to address these issues will lead to a greater risk of access-related cybersecurity incidents as autonomous agents become more prevalent.
Gartner recommended taking a targeted, risk-based approach by investing where gaps and risks are greatest while leveraging automation where possible. This is essential for enabling innovation, ensuring compliance and securing critical assets in AI-centric environments.
Read: Abu Dhabi’s G42 inks $1 billion deal to develop sovereign AI capabilities and cloud infrastructure across Vietnam
Fueled by cost-optimization efforts and growing interest in AI, the rise of AI-enabled security operations centers (SOCs) is adding new layers of complexity. While these technologies improve alert triage and investigation workflows, they are also intensifying staffing pressures, driving the need for upskilling and reshaping cost structures around AI tools.
“To realize the full potential of AI in security operations, cybersecurity leaders must prioritize people as much as technology. Strengthening workforce capabilities, implementing human-in-the-loop frameworks into AI-supported processes and aligning adoption with clear strategic objectives will be critical to maintaining resilience as SOCs evolve,” said Michaels.
Existing security awareness efforts continue to fail to reduce cybersecurity risks as GenAI adoption accelerates. A Gartner survey of 175 employees conducted between May and November 2025 indicates that over 57 percent use personal GenAI accounts for work purposes and 33 percent admit to inputting sensitive information into unapproved tools.
Gartner recommended shifting from general awareness training to adaptive behavioral and training programs that include AI-specific tasks. Strengthening governance, embedding secure practices and establishing policies for authorized use will reduce exposure to privacy breaches and intellectual property loss.
Read more on Economy Middle East
