Stealth AI, Defensive Agents & Quantum Resilience: The 2026 Cybersecurity Battle Lines are Drawn

As the cybersecurity industry looks ahead to 2026, the challenge is not a lack of predictions, but an overabundance of them—many detached from operational reality or focused on singular technologies in isolation. This blog takes a more grounded view, examining how advances in artificial intelligence, defensive AI automation, and cryptographic resilience intersect with geopolitical instability and long-standing threat behaviors. Rather than treating 2026 as a sharp inflection point, what follows outlines how existing trends are likely to compound, creating new asymmetries between attackers and defenders and reshaping priorities across security operations, governance, and national infrastructure protection.

Looking ahead, and to set the context for this blog, Richmond Advisory believes 2026 will be a combative year. While 2025 has seen the most physical conflict globally since the start of the 21st century, digital battlegrounds are increasingly reflecting this trend.

In Europe at least, cybersecurity is becoming a more of a national security concern, matching – or potentially exceeding - cyber criminals’ phishing and ransomware activities, as nation state actors infiltrate and compromise critical infrastructure.

How will this happen, and what can we expect during the next 12 months? All of us have been exposed to many predictions about 2026, from numerous sources. Our recent blog outlined why many predictions are poorly received, but also what we can do to make them relevant and valuable. This is our objective for the following predictions that outline what Richmond Advisory Group expects will happen in the cybersecurity market in 2026.

Prediction #1 – Stealth AI

We know that AI has taken the time and attention of security professionals in 2025 and is likely to overshadow 2026. However, our take is different: we see the focus on AI risks obscuring many of the ongoing, established, day-to-day threats that we all face. Ransomware has not taken a sabbatical, and the volume created and distributed is increasing via weaponized AI technology: AI itself is becoming a growing threat actor. Specifically, while the more public attacks using AI will of course keep growing, the unknown, unseen and therefore more worrisome attacks will proliferate. Never mind Shadow AI, this is Stealth AI – the bad actor’s M.O. in 2026.

There are two ways that Stealth AI will gain prominence in 2026:

1. Indirect Prompt Injection (IPI) attacks

Operating during the inference stage by hiding instructions within the data the LLM accesses, IPI attacks are not always detectable. The attacker does not need to gain access to the model itself to execute their plan. Attacks can occur via physical system hijacking: researchers demonstrated an IPI attack at Black Hat in 2025 by creating a poisoned Google calendar invitation containing invisible prompts. IPI attacks can also occur in software development tools. We saw that a remote prompt injection vulnerability related to IPI allowed an attacker to steal source code from private projects, manipulate code suggestions shown to other users and even exfiltrate confidential zero-day vulnerabilities. This type of attack is dangerous because it requires little-to-no technical knowledge from the attacker to perform malicious actions.

Many people we talked with during 2025 indicated that security professionals are still trying to catch-up with the threats posed by IPI, but that defensive and mitigation measures will emerge during 2026. For example, Google DeepMind has unveiled additional defense mechanisms against IPI attacks, strengthening security capabilities within the Gemini model itself. Other model providers will follow suit, but to counter the threat, we recommend that organizations set up guardrails and implement policies - that are identity and data-specific to their organization - to cordon off critical knowledge and thus reduce risk.

2. Autonomous attack capabilities, and self-governing malware

In August 2025, internet security solutions vendor ESET detected the first AI-powered ransomware - “PromptLock”. Using predefined text prompts, PromptLock can decide on its own whether to encrypt, destroy data, or exfiltrate the data. Although the new malware was considered a novel approach, it points to more sophisticated attacks in the coming year. Studies have shown exponential increases in code and API vulnerabilities, and at a model level, threat actors will exploit common behaviors such as “plan drift” covertly.

Autonomous attacks will be more common during 2026, as AI tools become more sophisticated in their ability to act on their own behalf. A report by Anthropic in early 2025 revealed that their AI model is sometimes willing to pursue what it called “extremely harmful actions” to self-preserve, such as attempting to blackmail an engineer who instructed it to remove itself.

Autonomy and self-governance are not inherently a bad thing unless they are uncontained and to the detriment of everything else. Nick Bostrom’s “paperclip problem” experiment in 2014 illustrated how the lack of alignment between humanity and AI’s goals can create existential risk. While not popular with those that believe legislation stifles innovation, in 2026 it is critical that we deploy stronger governance and policies around the use of AI.

Prediction #2 – Defensive Agents, Agentic AI… and more agents

If 2025 was the year of the AI Agent, 2026 will see a quagmire of Agentic AI capabilities used for defensive means to counter the less visible and potentially more worrisome attacks.

Security Operations Center (SOC) Agents

The tip of the defensive spear starts with agents directly supporting the work of SOC analysts. Beyond automated and/or repetitive tasks, SOC Agents are evolving into the “right hand” for analysts, and will become increasingly able to adapt, problem-solve and operate without human intervention for extended periods. IBM’s Autonomous Threat Operations Machine (or A.T.O.M.), announced at RSAC in May 2025 is a good example of where such agentic support is headed. Alert investigation, triage, and proactive investigation will feature heavily in 2026.

Threat Intel / Proactive Threat Hunting Agents

More specialized agents are emerging to help analysts take a more aggressive defensive posture. Analysts will require additional proactive threat intelligence and threat hunting duties to be carried out by agents – over and above investigation and triage. Security vendors such as Deepwatch added such agentic capabilities to their NEXA platform during the year. Their Active Response Agent recommends and tracks containment actions collaboratively with security teams. We can expect more vendors to develop such functionality during 2026.

Autonomous Investigation Agents

While many of the emerging types of defensive AI agents are designed to reduce the volume of analysts’ workloads by triaging and investigating known (or partially known) threats, new threats are constantly emerging. In June 2025, Microsoft focused-MXDR provider Ontinue added an “autonomous investigator agent” to its ION SecOps platform. In conjunction with other agents, the investigator agent aggregates telemetry, forms and tests hypotheses, and can conduct investigations – reducing time and resource intensity. Ontinue says that the agent can do work that would typically require a Tier 2 or Tier 3 analyst.  Agents that demonstrate more advanced reasoning abilities will be more prevalent in 2026.

Vulnerability Management Agents

Some of the most common agents currently in use are those offering vulnerability management. Operating at endpoints (servers, laptops etc.), they offer automation of some of those basic hygiene tasks that humans traditionally haven't liked or wanted to do, such as vulnerability discovery, assessment and prioritization. In conjunction with scanners, vulnerability management agents are particularly useful for mobile devices – some of the most vulnerable endpoints. Hyperscale service providers – including Microsoft and Google – include some form of vulnerability management “under the hood”, but in 2026 we can expect to see greater variety. Firms such as ManageEngine, Fortra, Maze and others will drive greater functionality in AI agent deployment, moving from relatively simple monitoring and scanning capabilities to providing robust, autonomous response.

Auto-Remediation Agents

Perhaps the most advanced and controversial AI agents will be those with auto-remediation capabilities. Put simply, these are autonomous agents that press the “fix” button themselves without asking. Like other agents they operate using predefined rules and workflows, but their advantage is the speed and scale by which they can identify, diagnose and support resolution of security incidents with moderate human intervention today. While their autonomous remediation capabilities are potentially vast, so are the potential future risks when they might respond entirely on their own. Cybersecurity vendors and service providers such as Wiz (now part of Google), Algomox, Apiiro, Torq and others offer various types of auto-remediation agents (for security of code development, cloud infrastructure “healing” etc.).

Recognizing the potential for autonomous chaos, the best solutions will use agents that monitor each other, and this “who watches the watchers” approach will be a key strategy for 2026.

In 2026, AI agents will not just be monitoring, they will be increasingly fixing. The challenge is that while a much larger volume of fixes is being addressed, the volume of potential vulnerabilities is increasing at the same time - whether in the code or in an operation or process. An arms race is a strong possibility.

At the same time, the above assumes a continued exponential pace of development and adoption that we’ve seen during 2025. The likelihood increases that, during 2026, we could see a significant security incident involving a major AI model. This may or may not happen, but we are heading for increased regulatory friction. In 2026 it is likely we will see a more bifurcated adoption, with highly regulated industries moving cautiously while less-regulated sectors embrace the technology more rapidly, creating a patchwork of risk exposure.

Prediction #3 – Quantum Resistance & Agility

A key question that we are asked is: “Should we expect quantum computers to break all encryption in 2026?”. Our prediction? No, not in 2026 - and not even close. A black swan event may of course happen, but given what we know today, the likelihood is extremely low. Engineering limits, qubit instability, astronomical error correction overhead, and current decoherence rates mean that we are not hitting widespread, practical, fault-tolerant quantum systems capable of decryption at scale in 2026.

So why are we including this in our list of predictions?

During 2025 we saw how preparations for the above scenario are accelerating. CISOs are debating whether to adopt Post-Quantum Cryptography (PQC) standards and/or tools now or continue with a wait-and-see approach. Vendors are talking more openly about integration with AI tools/agents and firmer technology roadmaps. While many

will simply slap a “quantum-resistant” sticker on their solution, there will also be a huge uptick in crypto-agility initiatives. Going into 2026, the mood music is that PQC is a defensive necessity, and while we won’t see our cryptography crumble quite yet, this is also potentially a unique opportunity to improve our crypto infrastructure overall.

Crypto agility involves moving from static cryptography to a continuous posture management approach to ensure systems can adapt as encryption standards evolve. NIST has released standards for post-quantum algorithms, such as FIPS 203, 204, and 205, which cover both encryption and digital signatures. Software development also plays a critical role, as applications that handle these cryptographic objects must be made quantum safe. In the case of hardware, some vendors are already addressing these challenges. HP Inc is now shipping quantum resistant devices with the new NIST signatures built into the silicon.

The challenge: should a significant flaw be discovered in one of the primary NIST-selected algorithms, it could delay standardization efforts and push back migration timelines. A similar bifurcation could also emerge: the cost and complexity of a full cryptographic migration may also lead many organizations - particularly small and medium-sized businesses - to delay action, creating a future scenario where a significant portion of digital infrastructure remains vulnerable long after PQC solutions are widely available.

It is possible that PQC will accelerate the long-term consolidation of compute into centralized, cloud-managed environments. If cryptographic agility becomes a supply-chain problem rather than a software problem, enterprises are highly likely to favor architectures where crypto failures can be remediated upstream — i.e. in SaaS control planes, service meshes, and cloud workloads — rather than at the endpoint.

There will for sure be large, enterprise level, in-house initiatives (there always is!), and there will be fully managed, Virtual Desktop Infrastructure (VDI) services, but for most companies, the future probably is not pure VDI, but more VDI-influenced, zero-trust computing: thin clients, ephemeral sessions, browser isolation, and SaaS-first consumption. Endpoint crypto hardening will continue, but the risk asymmetry will push organizations to minimize the amount of novel cryptography running on distributed devices.

Prediction #4 – External Factors & the Hierarchy of Seriousness

It would be naïve to think that the cybersecurity market in 2026 will not be affected by external factors. Over the coming 12 months, geopolitics – not AI - will be the biggest disruptor. The largest economy in the world – the United States – has become increasingly transactional in nature, taking an “America First” approach to trade, and pulling back from post-cold-war multilateralist policies.  Tom Standage, Deputy Editor, The Economist and Editor of “The World Ahead 2026” predicts that “the old global rules-based order will drift and decay further”. European re-armament and threats to its sovereignty, increasing cyberattacks at a nation-state level, and a re-drawing of intercontinental alliances creates a potential fortress mentality based on unilateralist objectives. Countries, trading blocs, and even States will struggle to find buy-in for legislative protections beyond their borders. None of which helps enhance global cybersecurity measures if an isolationist approach is inevitable.

Against this backdrop, cyber criminals are increasingly organized and collaborative. Many are linked to nation state actors. In December 2025, Amazon Threat Intelligence published an update regarding a years-long Russian state-sponsored campaign that they described as a “significant evolution in critical infrastructure targeting”. Groups associated with Russia’s Main Intelligence Directorate (GRU) exploited misconfigured customer network edge devices for over five years to harvest credentials and move laterally into victims’ online operations. Other nation state threat actors have been just as active, using LLMs as part of their AI-assisted attacks. Chris Hosking, AI & Security Evangelist at SentinelOne gave a webinar in July 2025 outlining the increasing threats: Forest Blizzard (a Russian GRU unit); Emerald Sleet (aka. Kimsuky) a North Korean state-sponsored unit; Crimson Sandstorm, an Iranian threat actor connected to the Revolutionary Guard, and; Charcoal & Salmon Typhoon, Chinese backed actors.

In 2026 we will see a gradual shift in what cyber defenders would call the “hierarchy of seriousness”. Cyber criminals will continue to phish and extort, but the frequency of attacks on critical infrastructure will become the most serious threat. That the public is learning more about the vulnerabilities of our nation states from cyber-attacks points to the wider societal threat – cybersecurity will be increasingly concerned with national security and have less to do with science and technology. Societal resiliency – highly-dependent on cyber resiliency - will be the objective, with preparedness being the watchword.

Readers based in the US and elsewhere may think that the above sentiment is alarmist or only applicable to fringe theorists, but many European governments – including Norway, Sweden, Finland, the UK and others – issue emergency preparedness guides for the civilian population that highlight “digital threats”, “disinformation” and specific “cyber-attacks”. Critical infrastructure is the anticipated target, and the threat is considered as serious as adverse weather events, terrorist attacks and armed conflict.

If not already, in 2026 we should expect to be living in interesting times….

Taken together, these dynamics suggest that 2026 will be defined less by breakthrough moments than by sustained pressure across multiple fronts. Against a new “normal” geopolitical environment, stealth AI techniques, proliferating defensive agents, and accelerating preparation for post-quantum cryptography all point to a security environment that is more automated, more fragmented, and more tightly coupled to national and societal resilience.

Against an increasingly volatile geopolitical backdrop, cybersecurity’s center of gravity continues to shift away from isolated technical controls toward preparedness, adaptability, and coordination at scale. The practical task for organizations is not to anticipate a single dominant threat, but to operate under the assumption that complexity itself has become the enduring condition.