2026 has been an incredibly demanding year in incident response (phew). I’ve been on the front lines of several severe incidents lately, and a clear trend is locking into place: data-only extortion is surging. While double extortion still happens, attackers have realized it’s often much faster and easier to monetize a breach by simply weaponizing a company’s reputation (any CISO’s here who like legal calls?). With GDPR and compliance frameworks dominating the conversation over the last couple of years, threat actors know exactly how much leverage they hold, especially when PII is involved. More often than not, these breaches are exploiting broken or misconfigured APIs, cloud resources, and AI applications, though traditional vectors like phishing and others remain steady. I don’t actually see terabyte-sized ‘hostage’ situations that often. Usually, it’s the smaller breaches that end up being just as destructive, if not worse.
That said, I’m actually quite optimistic about the state of traditional enterprise security. The widespread adoption of EDR and XDR (among others) over the last few years has significantly hardened internal networks. However, there’s still a massive disparity in the industry. Smaller businesses (in the 50–100 employee range) are often stuck relying on early-2000s security models, mostly because they just don’t have enterprise budgets. But the most pressing issue right now is the technology gap – while traditional enterprise networks are becoming much harder targets, almost everyone is struggling to keep up with securing APIs, cloud environments, and AI applications.
This brings me to a threat that keeps me up at night, one the industry frequently overlooks: cyber terrorism and extremism.
We spend so much time analyzing financially motivated cybercriminals and state-sponsored APTs. But what happens when anarchist groups acquire the AI-driven capabilities to dismantle critical infrastructure without a shred of moral restraint.
Even the worst cybercriminals usually operate with a twisted sense of boundaries, many ransomware groups won’t touch hospitals, or if they do, it’s collateral damage rather than the main objective. Their goal is profit or espionage,human harm is a byproduct.
Extremists and anarchists don’t share those boundaries. To use an analogy: most arsonists ensure a building is empty before they set it on fire, but a few choose to burn it down specifically because people are inside. My deepest worry isn’t just that we’ll wake up to another major data leak. My fear is that AI will lower the barrier to entry enough for chaotic actors to trigger kinetic catastrophes – where we wake up not to a ransom note, but to black smoke and physical devastation and loss of life on a massive scale (no skynets needed).
A word about the “AI Job Market Paradox”
Right now, there is an immense amount of uncertainty in the tech sector. Companies are laying people off and rapidly pivoting to AI-driven automation. But in the cybersecurity world, I predict a massive counter-trend: an unprecedented spike in demand for security professionals who specialize in securing AI. As organizations rush to integrate AI into their core operations, they are expanding their attack surface at a terrifying rate. We are going to need a massive influx of experts who understand how to defend these specific, complex environments. AI might be replacing some roles, but it is actively creating the most critical security positions of the next decade.
