BeyondTrust’s annual cybersecurity forecast points to a year in which old defenses quietly fail and new attack vectors proliferate.
introduction
The next big breach isn’t a phished password. It is the result of massive unmanaged identity debt. This debt comes in many forms. Whether it’s the “ghost” identities in IAM from the 2015 breach, the proliferation of privileges with thousands of new AI agents expanding the attack surface, or automated account poisoning that exploits weak identity verification in the financial system. These vectors (physical, digital, new, old) all center around a single point of failure: identity.
Based on analysis by BeyondTrust’s cybersecurity experts, here are the three key identity-based threats that will define the coming year.
1. Agentic AI emerges as the ultimate attack vector
By 2026, agent AI will be connected to nearly every technology we operate, effectively becoming the new middleware for most organizations. The problem is that this consolidation is being driven by speed to market, with cybersecurity taking a backseat.
This rush is creating a massive new attack surface built on a classic vulnerability: the confused agent problem.
A “proxy” is a program that has legitimate authority. The “confused proxy problem” occurs when a lower-privileged entity, such as a user, account, or another application, gains higher privileges by tricking its delegate and abusing its privileges. The agent lacks the context to understand the malicious intent and executes commands or shares results beyond the original design or intent.
Now, let’s apply this to AI. Agent AI tools may be granted least privilege access to read your email, access your CI/CD pipeline, and query your production database. When an AI acting as a trusted agent is “confused” by a carefully crafted prompt from another resource, it can be manipulated to leak sensitive data, deploy malicious code, or escalate to higher privileges on behalf of the user. AI performs tasks for which it has privileges, but can escalate privileges based on attack vectors on behalf of unprivileged attackers.
Tips for defenders:
This threat requires treating the AI agent as a potentially privileged machine identity. Security teams should enforce strict least privilege and ensure that AI tools only have the absolute minimum privileges needed for a specific task. This includes implementing context-aware access controls, command filtering, and real-time auditing to prevent these trusted agents from becoming malicious actors by proxy.
2. Account Poisoning: The Next Evolution of Financial Fraud
Next year is expected to see a significant increase in “account poisoning,” where threat actors find new ways to insert fraudulent billers and payees into consumer and business financial accounts at scale.
This “poison” is caused by automation that allows you to create payees and billers, request funds, and link to other online payment processing sources. This attack vector is particularly dangerous because it exploits weaknesses in online financial systems, leverages poor secret management to attack in bulk, and uses automation to obfuscate transactions.
Tips for defenders:
Security teams should move beyond flagging individual account takeovers and focus on fast, automated changes to payee and biller information. The key is to implement stricter diligence and identity authenticity checks on automated processes that request changes to these financial fields.
3. The Ghost of IAM: Historic Identity Violations Catching Up
Many organizations are finally modernizing their identity and access management (IAM) programs and introducing new tools, such as graph-based analytics, to map complex identity landscapes. In 2026, these efforts will uncover the identities of the skeletons in the closet, the “ghosts” from past solutions and undetected breaches.
These “past breaches” reveal fraudulent accounts that have been active for several years. Because these breaches are older than most security logs, it may be impossible for teams to determine the full scope of the original breach.
Tips for defenders:
This prediction highlights a longstanding failure of the basic join-move-leave (JML) process. The challenge now is to prioritize identity governance and use modern identity graphing tools to find and remove these dormant, high-risk accounts before they are rediscovered by attackers.
Other trends on the radar
Death of VPN
For years, VPNs have been a mainstay of remote access, but in modern remote access, they have become a critical vulnerability waiting to be exploited. Threat actors have mastered VPN exploitation techniques by harvesting credentials and using compromised appliances to gain persistent access. Using traditional VPNs for privileged access poses risks that organizations can no longer tolerate.
The rise of AI veganism
In 2026, a cultural counterforce will emerge called “AI veganism,” in which employees and customers refrain from using artificial intelligence in principle. The move is driven by ethical concerns about data sourcing, algorithmic bias, and environmental costs, and challenges the assumption that AI adoption is inevitable. Companies will need to overcome this resistance by offering transparent governance, human-first alternatives, and clear opt-outs. However, when it comes to cybersecurity, opting out of AI-driven defenses is less of an option and may even shift responsibility to the user.
An identity-first security posture is non-negotiable
What these 2026 predictions have in common is identity. The new AI attack surface is an identity privilege issue, account poisoning is an identity verification issue, and past compromises are an identity lifecycle issue. As the perimeter expands, organizations must adopt an identity-first security posture by applying least privilege and zero trust principles to all human and non-human identities.
Want to know all about BeyondTrust’s cybersecurity predictions for 2026? Read the full report here.
Note: This article was written and contributed by Morey J. Haber, Chief Security Advisor. Christopher Hills, Chief Security Strategist. and James Maude, Field Chief Technology Officer, BeyondTrust.
Source link
