As the digital landscape continues to evolve, organizations are confronted with new security challenges. Entering 2026, a consensus has emerged on the priorities shaping security teams, with agentic AI risks leading the charge, according to recent polls.

The latest survey reflects insights shared in a previous videocast featuring cybersecurity experts who discussed key predictions for security operations in 2026. The poll focused on the top four concerns presented by industry professionals, highlighting the growing focus on agentic AI as a significant risk for cybercrime.

It is evident that agentic AI is becoming a primary target for cybercriminals, and confidence in resolving the ongoing password issues many organizations face remains low. Nearly half (48%) of respondents believe that agentic AI will be the top attack vector for cyber threats by the end of 2026. This expectation is grounded in the increasing adoption of agentic AI across various sectors, where it is employed for streamlining operations, predictive maintenance, and competitive advantages in software development.

Agentic AI as a Cyber Target

Experts warn that the rush to adopt agentic AI could compromise security. Rik Turner, a leading analyst in cybersecurity, emphasizes the concern over the expanded attack surface resulting from the combination of agents’ levels of access and autonomy. He highlights the risk of developers deploying insecure code amid pressure to meet project deadlines, which could lead to vulnerable infrastructures.

Additionally, the emergence of open-source AI agents and 'shadow AI'—tools adopted by employees without security oversight—further complicates the security landscape. The poll's findings align with Omdia's internal surveys, indicating that securing AI, particularly agentic AI, is a top concern for security teams aiming to facilitate organizational growth.

Melinda Marks, another cybersecurity expert, notes that AI raises the stakes for security by enabling attackers to conduct larger-scale attacks to exploit vulnerabilities. Organizations are simultaneously leveraging AI to enhance productivity, which can exponentially widen attack surfaces due to non-human access points.

Deepfakes as a Social Engineering Tool

In addition to agentic AI, the poll revealed that 29% of respondents anticipate deepfakes will become a primary method for cybercriminals targeting high-profile entities such as Fortune 500 companies and government officials. Turner points out that while deepfakes have been a topic of discussion since the introduction of AI systems like ChatGPT, they began to gain traction as a threat by 2025.

Deepfakes are increasingly utilized in sophisticated cyberattacks, including state-sponsored campaigns. Many organizations fail to invest adequately in defenses against this tactic. Marks emphasizes the importance of rapid response capabilities in mitigating the risks posed by deepfakes, as traditional prevention methods may not suffice.

Cyber-Risk Recognition at Board Level

Interestingly, only 13% of respondents believe that elevating cyber-risk to a Tier 1 operational priority for boards will succeed in 2026. While some experts express skepticism about this outcome, others argue that the growth of agentic AI could enhance the visibility of cybersecurity risks within enterprises.

Amy Worley, an expert in privacy and compliance, stresses the urgent need for boards to implement proactive measures against agentic AI threats, highlighting that these systems can operate autonomously with elevated privileges. The lack of human oversight increases the potential for small errors to escalate into significant security incidents.

Password Elimination and Passkey Adoption

Lastly, only 10% of respondents see password elimination and passkey adoption becoming the norm in 2026. While security teams continue to prioritize password protection, stronger authentication methods are not receiving the necessary attention. Adam Etherington notes that major software vendors are increasingly integrating agentic capabilities, making it essential for IT and security teams to adapt to emerging threats.

Citing findings from Omdia’s surveys, Etherington reveals that CISOs are least concerned about traditional security aspects like email security and staff training, which are critical to effective password policies. Despite these concerns, there is a positive trend towards adopting passkeys, driven by major tech companies’ endorsements, although the consensus remains that passwords are unlikely to be fully phased out in the near future.

Source: Dark Reading News