Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania, and CIS, shares insights on 2025 lessons and 2026 cybersecurity trends.
The past year was defined by acceleration. AI moved from experimentation into production; attackers shortened their timelines and security teams were forced to adapt in real time. Rather than a clean break between old and new threats, 2025 showed how emerging risks are compounding existing ones. The lessons from the past year set a clear direction for what cybersecurity must become in 2026.
AI becomes operational in cyber defense
In 2025, AI stopped being a theoretical advantage in cybersecurity and became operational. Security teams increasingly relied on AI to triage alerts, investigate incidents and make sense of vast amounts of telemetry across networks, clouds and endpoints.
Cisco’s introduction of capabilities such as Cisco AI Assistant for Firewall, Triage Agent in Splunk and Instant Attack Verification in XDR reflected this shift. These tools demonstrated how AI could support analysts by simplifying policy management, accelerating investigation workflows and enabling security teams to interact with complex environments more intuitively. The emphasis was not on replacing human expertise, but on amplifying it – allowing teams to move faster and focus on higher-value decisions.
This marked a broader transition away from purely reactive security toward more proactive and predictive models, as AI began to surface patterns and anomalies that would otherwise be missed.
Awareness of AI risk grows faster than preparedness
As organizations deployed AI more broadly in 2025, concern about AI-specific security risks grew sharply. This shift is also driving greater emphasis on open, industry-led efforts such as Cisco’s Foundation AI initiative, which aims to establish shared guardrails and security standards for AI systems as they scale.
Enterprises increasingly recognized threats such as prompt injection, data poisoning, model manipulation and unintended data leakage. However, recognition consistently outpaced preparedness. Cisco’s AI Readiness research showed that fewer than four in ten organizations fully understood the cyber risks introduced by AI, and only around 29% felt equipped to detect or prevent AI-specific threats. Even fewer felt prepared to protect AI agents operating autonomously.
By the end of 2025, many organizations found themselves using AI in business-critical workflows without the governance, testing or runtime protections needed to secure those systems effectively, exposing a growing gap between AI ambition and security maturity.
Public-facing applications re-emerge as the weakest link
One of the clearest threat patterns in 2025 was the dramatic rise in attacks targeting public-facing applications. Cisco Talos incident data from Q3 2025 showed that over 60% of Talos Incident Response engagements began with exploitation of internet-exposed systems, driven largely by rapid weaponization of newly disclosed vulnerabilities.
Attackers demonstrated how quickly they could move from disclosure to exploitation, often within days. The trend reinforced a long-standing reality: expanding digital services without equally strong patching, segmentation and visibility creates systemic risk.
Ransomware adapts rather than retreats
Although ransomware’s share of incidents fluctuated during 2025, it remained one of the most persistent and disruptive threats. Talos data showed ransomware accounted for roughly 20% of Talos IR engagements in Q3 2025, down from earlier quarters but far from eliminated.
What stood out was not volume, but evolution. Attackers moved faster, deployed ransomware shortly after initial compromise and increasingly blended living-off-the-land techniques with legitimate tools. Ransomware in 2025 became leaner, more targeted and more operationally focused.
Identity controls strain under modern attack techniques
Deepfakes, transparency gaps, bias and accountability issues have made trust a prerequisite for AI adoption. With 83% of organizations worldwide planning to deploy AI agents (Cisco AI Readiness Index 2025), identity management will become a defining trend. With AI agents shifting roles instantly, traditional identity systems won’t cut it, raising the need for purpose-built identity frameworks to authenticate and trust an AI agent
Identity remained central to security in 2025, but it was also increasingly abused. Nearly one-third of incidents in Q3 involved attackers bypassing or manipulating multi-factor authentication, often through MFA fatigue or misconfigurations.
Many realized that enabling MFA alone is no longer enough and overdoing it can actually lead to more risks. As environments became more distributed and cloud-heavy, identity systems designed for static users struggled to keep up with dynamic access patterns, automated processes and increasingly sophisticated social engineering.
What does 2026 hold for cybersecurity?
The trends of 2025 point clearly toward what 2026 will require. First, AI will become foundational to cybersecurity operations. Organizations will no longer ask whether to use AI in security, but how deeply it is embedded across detection, response and policy enforcement.
Second, cybersecurity for AI will move from niche concern to enterprise mandate. As AI agents become more autonomous and widely deployed; critical systems – physical, digital and everything in between – need protections that scale with distributed workloads and a blended human–digital workforce. One path forward is embedding security and observability directly into the network, creating a safety layer that continuously monitors AI models and agents.
Third, speed will become the defining factor in cyber resilience. In 2026, the gap between vulnerability disclosure and exploitation will continue to shrink as more bad actors use AI, forcing organizations to rely more heavily on automation, segmentation, and architectural resilience rather than manual intervention.
Finally, identity will evolve into the primary control plane for security. With AI agents, applications and humans all interacting dynamically, security strategies will shift toward continuous verification, focusing on behavior, context and intent, not just credentials.
By 2026, cybersecurity will no longer be about defending static systems. It will be about securing intelligence itself, at the speed, scale and autonomy that modern digital environments demand.
