In 2026, CISOs will move from buying AI tools to building custom, agentic AI to reduce operational burnout and keep pace with expanding attack surfaces.
Automatic remediation and cyber resilience will gain acceptance as downtime and recovery speed become core business risks. Here are some of the inputs on predictions from tenable.
Bob Huber, Chief Security Officer, Tenable
“We are moving past the novelty phase of Generative AI into the utility phase of Agentic AI. As a result, I anticipate seeing more and more CISOs shift their mindset from buying AI tools to building their own to fit their unique organisational needs. When implemented and designed with care, custom-made AI tools will transform security operations and alleviate pain points that lead to burnout. CISOs mindsets are shifting in 2026
Automatic remediation, mobilisation, and mitigation are no longer forbidden. For years, teams have been hesitant to automatically remediate, but I believe that to keep pace with the threat and expansion of the attack surface, teams will start to defy that long-held belief that automatic is forbidden. This is also a commonly held cybersecurity assumption or outdated practice.
Next year, resilience will bubble up as a critical business objective. Global-scale outages, such as those experienced by Cloudflare, Amazon, Microsoft, and CrowdStrike, have highlighted just how damaging downtime is to both the bottom line and brand reputation. As a result, the focus will expand beyond avoiding an outage to include ensuring operations can be restored before it goes viral on Twitter. This is also an overlooked issue that may bubble up next year and take over mindshare.”
Eric Doerr, Chief Product Officer, Tenable
“There will be no new attack vectors in 2026. AI is not a magic wand; it supercharges traditional attack methods. It will drive down the cost of attack generation and increase the volume, and it might even find a new zero day or two, but it’s not finding novel attack techniques. At the end of the day, cybersecurity is a numbers game and AI broadens the attackers’ canvas. Basic cyber hygiene remains the best defence.
The biggest threat to organisations is acceleration. Organisations that do not prioritise and accelerate their proactive security programs to counter the speed of AI-fueled attacks are at heightened risk. The who, what, how and why of an attack does not matter because AI-fueled attacks start and end before a ticket is even created. Proactive defense makes speed obsolete.”
Liat Hayun, SVP Product Management and Research, Tenable
“Cloud Security Posture Management (CSPM) will disappear as a standalone category in 2026. Under
pressure to cut tool sprawl and duplicated spend, CISOs will consolidate identity risk, posture, runtime,
and network context – a shift only unified exposure management platforms can deliver.
Non-Human Identities (NHIs), now outnumbering humans by 80:1, will decisively become the number
one cloud breach vector. The core problem is no longer misconfigurations or missing patches. It’ll be
billions of unseen, over-permissioned machine identities that attackers (or autonomous agentic AI) will
leverage for silent, undetectable lateral movement. CISOs will be forced to pivot massive spending
toward permissions governance and large-scale cleanup as machine-identity sprawl has rendered cloud
environments truly unmanageable.
The 2025 hype that runtime detection is the only thing that matters and could replace posture or
identity analysis will fade in 2026. Runtime-only tools miss most attack paths because identity abuse
and misconfigurations occur long before anything reaches runtime. Runtime will remain important, but
it won’t replace CNAPP or exposure management — it’ll be another data source inside a broader
prevention-first approach.
Despite the hype, agentic security tools won’t see meaningful adoption in 2026. Most organisations
won’t be ready to hand real security decisions over to AI given gaps in data quality, platform
consolidation, governance, and trust. 2026 will be a year of small pilots and controlled experiments,
laying the groundwork for a genuine breakout