Listen to this article
9 min · tap to play
An AI agent compromised 600 firewalls across 55 countries. No human operator. No manual commands. It identified vulnerabilities, adapted its strategy, and breached each system autonomously. That happened this year. And it is just the beginning.
If you run a business in 2026, you are operating in a fundamentally different threat landscape to even twelve months ago. AI has not just changed how we work — it has changed how we get attacked. The tools are smarter, faster, and more autonomous than anything we have seen before. And most businesses are not ready.
Here is what is happening, why it matters, and what you can do about it today.
89%
Increase in AI-powered
attacks year-on-year
attacks year-on-year
$4.7B
Deepfake-enabled
business losses in 2025
business losses in 2025
22 sec
New median dwell time
(down from 8 hours)
(down from 8 hours)
The Five Threats You Need to Understand
These are not theoretical risks from a think-tank whitepaper. These are documented, active threats that are hitting businesses right now. Let me walk you through each one.
1. Agentic Malware: Code That Thinks for Itself
Traditional malware follows a script. It is pre-programmed to exploit a specific vulnerability in a specific way. If the vulnerability is patched or the environment changes, the malware fails.
Agentic malware is different. It uses AI reasoning to make decisions during an attack. It can scan a network, identify the weakest point of entry, modify its approach based on what defences it encounters, and adapt its strategy in real time. No human attacker directing it. No pre-written playbook. It reasons its way through your defences.
Real-world example
600+ firewalls compromised across 55 countries — zero human involvement
Google Mandiant’s 2026 threat report documented an AI agent that autonomously compromised over 600 firewalls. The agent identified vulnerabilities, crafted exploits, and moved laterally through networks without a single human command. Median dwell time — the time between breach and detection — collapsed from eight hours to 22 seconds.
The speed is the real story here. When an attacker can breach your systems and begin extracting data in under 30 seconds, your incident response plan from last year is already obsolete.
2. Shadow AI: The Threat Inside Your Own Team
This is the one that does not make headlines, but it might be the most dangerous.
Shadow AI is when your employees use AI tools — ChatGPT, Copilot, image generators, coding assistants — without IT knowing about it. They are not being malicious. They are trying to be productive. But every time someone pastes a client contract into ChatGPT to “summarise it quickly,” that data has left your control.
The numbers
76% of organisations report shadow AI as a definite or probable challenge
IBM’s 2026 Cost of Data Breach Report found that shadow AI incidents increase the average cost of a breach by approximately £530,000. Eighty percent of IT workers have already witnessed unauthorised AI agent activity in their organisation. This is not a future risk. It is happening right now, in your business, probably today.
For law firms, this is particularly acute. If a solicitor pastes client-privileged information into a public AI tool, that is a potential SRA breach. If a financial adviser uses an unvetted AI to draft client recommendations, that is an FCA compliance issue. The tool does not care about your regulatory obligations. Your regulators do.
3. Deepfake Attacks: When You Cannot Trust Your Own Senses
Deepfake voice cloning technology surged 1,600% in deployment during 2025. That is not a misprint. Sixteen hundred percent.
Attackers can now clone a voice from as little as three seconds of audio — a voicemail, a conference recording, a social media clip. They use that cloned voice to call your accounts team, impersonate a director, and authorise a payment. The voice sounds exactly right. The caller ID is spoofed. The urgency is convincing.
The FBI reported $4.7 billion in losses from deepfake-enabled business email compromise in 2025. Analysts expect that figure to double this year. And it is not just voice. Video deepfakes are now indistinguishable from real footage in most business contexts. A Teams call from “your CEO” requesting an urgent transfer? It could be entirely synthetic.
“The attack surface has fundamentally changed. We are no longer just protecting systems. We are protecting the ability to trust what we see and hear.” — CrowdStrike 2026 Global Threat Report
4. Model Leaks and Data Poisoning: When the AI Itself Is the Target
In early 2026, a single model leak triggered a $14.5 billion market drop in one day. When AI models contain proprietary training data, trade secrets, or client information, the model itself becomes a high-value target.
Data poisoning is the subtler cousin. Instead of stealing a model, attackers contaminate the data it learns from — injecting biases, backdoors, or false patterns that only activate under specific conditions. Your AI looks fine in testing. It performs well in production. Until it encounters the trigger the attacker planted, and suddenly it is making decisions that serve their interests, not yours.
This is especially dangerous for businesses using AI in decision-making: credit scoring, legal research, medical diagnostics, recruitment screening. If the underlying model has been compromised, every decision it makes is compromised too — and you may never know.
5. The AI Arms Race: Attackers Are Outspending Defenders
CrowdStrike documented a 340% increase in AI-assisted intrusion attempts compared to 2024. Meanwhile, only 29% of enterprises report significant ROI from their AI investments, and 79% face challenges in AI adoption. The asymmetry is stark: attackers are deploying AI faster and more effectively than most businesses are deploying defences.
The economics are brutal. Building AI-powered defences requires significant investment in talent, infrastructure, and governance. Building AI-powered attacks requires a laptop and an open-source model. The barrier to entry for offence has collapsed while the cost of defence continues to rise.
What You Should Do About It
This is not about fear. It is about preparation. Every threat listed above has a practical defence. Here is what smart businesses are doing right now.
1. Get Cyber Essentials certified (if you have not already)
This is the baseline. Cyber Essentials Plus covers the fundamentals — firewalls, access controls, patch management, malware protection. It will not stop an autonomous AI agent on its own. But 80% of attacks still exploit the basics. Get the foundations right first.
2. Create an AI acceptable use policy
Your team is using AI tools whether you have a policy or not. The question is whether you know which tools, with what data, under what rules. A clear AI acceptable use policy should define: which AI tools are approved, what data can and cannot be shared with them, who is accountable for AI-assisted decisions, and how to report concerns.
3. Audit your AI exposure
You cannot secure what you do not know about. Map every AI tool in use across your organisation — authorised and unauthorised. Identify where client data touches AI systems. Assess which AI decisions could have regulatory or legal consequences if they went wrong.
4. Train your people on AI social engineering
Your team needs to know that a phone call from the CEO might not be the CEO. Establish verification protocols for any financial instruction received by phone, video, or email. Use callback procedures on separate channels. Make it culturally acceptable to challenge authority when something feels off.
5. Consider air-gapped AI for sensitive work
If your business handles client-privileged information — legal, financial, medical — the safest approach is to run AI tools that never touch the public internet. Air-gapped AI systems process data locally, within your own infrastructure. No data leaves. No external model sees your clients’ information. This is not theoretical — it is available now, and for regulated businesses, it may soon be expected.
The Governance Gap Is the Real Danger
Here is the uncomfortable truth: the biggest AI security risk for most businesses is not a sophisticated autonomous attack. It is the gap between how fast AI is being adopted and how slowly governance is catching up.
Fifty-four percent of C-suite executives in Deloitte’s 2026 survey admitted that AI adoption is “tearing their company apart.” Not because the technology does not work, but because the organisation was not ready for it. No clear ownership. No governance framework. No incident response plan for AI-specific scenarios.
The EU AI Act’s major provisions take full effect on 2 August 2026 — less than four months from now. The UK’s AI Security Institute is actively investigating AI risks in regulated sectors. The SRA has made clear that law firms using AI must demonstrate appropriate governance. The FCA expects firms to explain and defend AI-assisted decisions under existing SM&CR rules.
If your business uses AI in any client-facing or decision-making capacity, you need a governance framework. Not next quarter. Now.
The Bottom Line
AI security in 2026 is not about building higher walls. The threats are faster, smarter, and more adaptable than any static defence. It is about building organisations that are resilient: that know where their data goes, that govern how AI is used, that can detect and respond to threats at machine speed, and that can explain their AI decisions to regulators, clients, and courts.
The businesses that take this seriously now will not just survive — they will win trust in a market where trust is becoming the scarcest resource of all.
The ones that do not? They will learn these lessons the expensive way.