News

Google Cloud Predicts AI-Driven Cyber Threat Surge in 2026

• By David Ramel
• 11/05/2025

Google Cloud has published its annual "Cybersecurity Forecast 2026," highlighting an accelerating arms race between attackers and defenders driven by artificial intelligence.

The forecast, produced by Google Cloud's security leaders and experts on the frontlines, outlines the trends they expect to define cybersecurity in the year ahead.

The report warns that adversaries are fully embracing AI, moving from experimental to routine use of the technology to "enhance the speed, scope, and effectiveness of operations." Google predicts that attackers will leverage AI across the entire lifecycle of cyber campaigns, scaling and automating attacks at unprecedented speed. Prompt injection attacks--where AI models are manipulated to execute hidden commands--are called out as a critical and growing threat. The report anticipates "a significant rise in targeted attacks on enterprise AI systems" as these vulnerabilities are exploited.

AI-enabled social engineering is also expected to intensify, including voice-based phishing that uses cloned voices to impersonate executives or IT staff. Google warns these AI-generated interactions will make phishing campaigns far harder to detect and defend against.

On the defensive side, the forecast envisions widespread adoption of AI agents that reshape security operations. It describes an emerging "Agentic SOC," where analysts direct AI systems that correlate data, summarize incidents, and draft threat intelligence. To keep pace, identity and access management models will need to evolve so that AI agents are treated as independent digital actors with their own managed identities.

Traditional cybercrime remains a major concern. Ransomware, data theft, and multifaceted extortion are expected to continue as the most financially disruptive categories, with attackers increasingly targeting third-party providers and exploiting zero-day vulnerabilities. The report also identifies new risks to virtualization infrastructure, calling it a "critical blind spot" where a single compromise could disable hundreds of systems in hours.

Nation-state cyber operations are projected to expand and diversify. Russia is expected to shift focus toward long-term strategic goals; China will continue high-volume, stealthy attacks on edge devices; Iran will blend espionage, disruption, and hacktivism; and North Korea will pursue financially motivated campaigns alongside espionage and IT-worker operations. Google urges organizations to prepare for these threats through proactive monitoring and AI-enhanced defenses.

The full "Cybersecurity Forecast 2026" report, along with regional analyses for EMEA and JAPAC, is available now on Google Cloud's Threat Intelligence site, along with information about an upcoming forecast-related webinar hosted by threat expert Andrew Kopcienski.