SecurityWeek’s Cyber Insights 2026 examines skilled opinions on the anticipated evolution of greater than a dozen areas of cybersecurity curiosity over the subsequent 12 months. We spoke to tons of of particular person consultants to achieve their skilled opinions. Right here we discover AI-assisted social engineering assaults, with the aim of evaluating what is going on now and getting ready leaders for what lies forward in 2026 and past.
Essentially the most profitable breaches in 2026 are prone to exploit belief, not vulnerabilities. All courtesy of synthetic intelligence (AI).
We’re going to discover how AI-assisted social engineering assaults may evolve from 2026 onward, and the way cybersecurity may, and maybe ought to, adapt to fulfill the brand new problem. The risk is now not in opposition to people, nor even companies, however whole cultures.
Fundamental modifications launched by means of AI
We knew in the beginning of 2025 that social engineering would get AI wings. Now, in the beginning of 2026, we’re studying simply how excessive these wings can soar.
“What as soon as focused human error now leverages AI to automate deception at scale”, explains Bojan Simic, CEO at HYPR. “Deepfakes, artificial backstories and real-time voice or video manipulation are now not theoretical; they’re lively, subtle threats designed to bypass conventional defenses and exploit belief gaps… They’re taking place proper now, at scale and with devastating precision.”
There’s a sturdy perception that the fundamentals of social engineering is not going to change however merely enhance in high quality, improve in pace, and scale in amount. That is partly true, however in no less than two areas the change can be giant. Some consultants imagine adversaries will shift from mass phishing to hyper-personalized campaigns; however in actuality, it is going to be hyper-personalized campaigns at mass phishing scale. Spear-phishing can be delivered at spray and pray ranges.
The actual mover is the arrival of agentic AI. Commercial. Scroll to proceed studying.
“Subsequent yr, we might even see autonomous adversary agentic AI able to working whole phishing campaigns. They may independently analysis and profile potential targets, conduct reconnaissance, craft personalised lures and payloads, and even deploy and handle C2 infrastructure,” says Jan Michael Alcantara, senior risk analysis engineer at Netskope. “This development would additional decrease the technical obstacles for launching subtle assaults, permitting extra risk actors to take part.”
Roman Karachinsky, CPO at Incode Applied sciences, provides: “Agentic AI goes to create the identical productiveness enhancements for fraudsters because it does for authentic customers. Thousands and thousands of malicious brokers may repeatedly mine the web for faces, voices, and private information, working autonomous social engineering assaults in opposition to employers, members of the family, and repair suppliers.”
The essential parts of superior AI-assisted social engineering are already in place: close to excellent artificial face and video era, top quality voice copies, and sophisticated supporting documentation. For the second, these must be mixed manually; however this gained’t final.
“A brand new period of cyberattacks is dawning, powered by interconnected giant language fashions (LLMs) focusing on completely different phases of the assault chain,” explains Carl Froggett, CIO at Deep Intuition. “Whereas a single ‘grasp’ orchestrator doesn’t exist but, the constructing blocks are falling into place as LLMs designed for reconnaissance, social engineering, exploitation, and evasion are already working independently.”
There’s an extra change price contemplating. Social engineering has at all times been profitable as a result of people are neurologically programmed to belief others – it’s a part of the biology that helped our ancestors socialize and survive. These of us with sturdy social programming simply fall prey; these with much less sturdy programming can extra simply detect one thing suspicious. Fundamental psychology has been the set off to entry our inbuilt belief: urgency, reward, worry of lacking out, etcetera.
Eleanor Watson
Now AI supplies the likelihood for deeper psychological massaging. Eleanor Watson, IEEE member and a fellow in ethics within the AI school at Singularity College, explains: “AI transforms social engineering from crafted campaigns to dynamically optimized psychological operations. Present techniques already automate persona discovery and message optimization in real-time, shifting from producing ‘sticky content material’ to creating ‘sticky personas’ – dialogue brokers that type emotional bonds earlier than steering person conduct.”
This might develop by manipulating AI’s recognized tendency to be sycophantic. “The trajectory factors towards deepfake voice and video wrapped in constant, documentable backstories; scalable emotional manipulation; and A/B-tested sycophancy individually tuned to psychological profiles,” she continues. “We’re shifting from spear-phishing and vishing to relationship operations the place victims actively defend the brokers exploiting them.”
Previous-style social engineering was successfully ‘right here’s the lure, take it or go away it’. AI-assisted assaults may contain a number of approaches psychologically steering the goal into an much more trusting way of thinking. Clues on tips on how to obtain this could possibly be collected by AI brokers trawling and analyzing the goal’s social media.
Social engineering in 2026
“We’re already seeing the early variations of this play out,” feedback Ariel Parnes, COO at Mitiga and former IDF 8200 cyber unit colonel. “WPP’s CEO was impersonated utilizing a cloned voice, a pretend WhatsApp account, and YouTube footage: a coordinated try that mimicked a Groups assembly with GCHQ-style manipulation. What as soon as required a spear-phishing marketing campaign now takes minutes with generative AI.”
This 2024 assault failed, however a profitable video deepfake rip-off in opposition to the Hong Kong department of a multinational agency value the agency round $25 million. On the finish of September 2025, OpenAI launched SORA 2, a video era system that’s “extra bodily correct, life like, and extra controllable than prior techniques.”
Open AI added, “We’re in the beginning of this journey, however with the entire highly effective methods to create and remix content material with Sora 2, we see this as the start of a totally new period for co-creative experiences.” Simply change ‘co-creative experiences’ with ‘deepfake creations’.
That is vital. Via 2026 and past, the standard of deepfake social engineering will repeatedly enhance. Legal professionalism may also enhance. Contemplate SheByte, a brand new phishing-as-a-service (PhaaS) platform accessible on the felony underground (with subscriptions costing round $200).
“It’s a phishing package that comes with AI-generated templates to automate the creation and administration of phishing web sites at scale. These toolkits have gotten extra accessible, and we anticipate this development to accentuate all through 2026 as a result of felony operators are persevering with to refine and commercialize these platforms,” explains Kevin Gosschalk, founder and CEO at Arkose Labs.
He continues, “Past phishing websites, there are subtle toolkits designed particularly for fraud that may completely spoof voice and video. These aren’t client AI instruments like ChatGPT being misused; these are purpose-built felony merchandise engineered for deception.”
Jon Abbott, CEO and co-founder at ThreatAware, provides: “We’re seeing one thing significantly regarding: native English-speaking cybercriminals from the US, UK, and Canada partnering with Russian ransomware operations. The FBI has confirmed that teams like Scattered Spider (the Hacker Com a part of the decentralized English-speaking ‘Group’ of younger cybercriminals) are actually working with infamous Russian gangs like BlackCat.”
These partnerships mix Western social engineering experience with Russian technical sophistication and malware capabilities.
Alex Mosher, president and chief income officer at Armis, warns: “Synthetic intelligence will allow assaults that study and adapt in actual time. Utilizing giant language fashions and gen-AI algorithms, cybercriminals may deploy social engineering primarily based assaults similar to phishing emails, messages, and voice deepfakes that modify tone, language, and content material mid-interaction to govern victims extra successfully. Chains of AI brokers will independently establish vulnerabilities, generate exploits, and launch assaults with out human oversight, ushering in an period of self-directed cyber offense.”
Keith McCammon, co-founder and Chief Safety Officer at Crimson Canary (acquired by Zscaler), sees the browser overtaking electronic mail as phishing’s most exploited entry level in 2026. “With generative AI decreasing the price and complexity of deception, adversaries will use deepfakes, poisoned search outcomes, and pretend CAPTCHA [ClickFix] to trick customers into executing code straight from the browser. These lures can be virtually indistinguishable from authentic websites, turning the browser into the simplest place to win belief and break it.”
Keith McCammon, co-founder and Chief Safety Officer at Crimson Canary
He’s not alone on this concern over ClickFix assaults. Archana Manoharan, platform assist engineer at CyberProof, additionally sees an increase in ClickFix assaults. “Social engineering will turn into extra subtle, with attackers weaponizing authentic browser prompts to trick customers into executing dangerous instructions. These methods bypass conventional safety controls by shifting the ‘execution’ step to the person.”
Mark St. John, COO and co-founder at Neon Cyber, warns, “The ever-accelerating capability for AI to imitate manufacturers, purposes, human voice and video goes to take fraud in 2026 to new, dystopian ranges. What we’re witnessing with assaults just like the video-driven ClickFix phishing assaults, that are already wildly profitable, can be a blueprint for future assaults during which one thing that appears utterly regular, spurred with urgency, will idiot not simply the indiscriminate person but additionally the extra tech-savvy and conscious.”
McCammon continues, “Phishing will turn into a real-time, AI-driven numbers sport. Adversaries will goal hundreds of customers with adaptive, extremely personalised lures, needing only some victims to reap vital monetary reward. In contrast to Home windows or macOS, browsers act as a joker within the pack. They sit exterior the standard safety stack and subsequently lack the mature controls and visibility that shield working techniques and endpoints. Current warnings round ChatGPT’s AI-powered Atlas browser present how this blind spot may additionally widen as intelligence strikes into the browser itself.”
To remain forward subsequent yr, companies should begin treating browsers as essential infrastructure, he suggests. “Which means tightening entry and id controls, enhancing endpoint and cloud-level monitoring, and coaching customers to acknowledge the brand new era of assaults. Consciousness alone gained’t be sufficient – defenses depend on each person and system resilience working in live performance.”
But it surely’s not simply enterprise that must be involved about AI – the monetary trade could possibly be attacked. “The trade might want to put together for autonomous buying and selling bots and AI-driven deepfakes that manipulate inventory markets, commodities, and cryptocurrency ecosystems,” warns Nadir Izrael, CTO and co-founder at Armis.
He explains, “By impersonating regulators or firm executives, AI techniques may set off false earnings reviews, disseminate false company bulletins, falsify investor briefings, or simulate market crashes. The consequence: world monetary instability with seconds-scale losses that human operators can’t include.”
And full nations may be affected. Mosher once more: “Cyber operations will more and more goal public belief itself. Throughout election cycles or geopolitical flashpoints, coordinated campaigns utilizing AI-generated content material, fabricated information, and deepfakes will purpose to govern sentiment, divide societies, and destabilize establishments. These assaults is not going to search monetary achieve however relatively to erode confidence in governments, companies, and democratic techniques, turning data itself right into a weapon of affect.”
Detecting social engineering assaults
The primary requirement in stopping any cyberattack is detection. So, the query going ahead is can we detect future AI-enhanced deepfake-rooted social engineering? Traditionally, social engineering has been profitable in opposition to people, however much less profitable in opposition to pc instruments designed to acknowledge the method. It goes with out saying that with out enhanced detection instruments, AI-enhanced social engineering can be undetectable.
That leaves simply two prospects: improved deepfake detection instruments and superior folks processes – or an enormous uptick in social engineering success charges.
The safety trade is assured that present deepfake detection instruments can distinguish between pretend and true. Leaving apart that trade should say that (and it’s in all probability at the moment true), that’s for now. However we all know that AI continuously improves.
We’re coming into the whack-a-mole interval: attackers assault in new locations with new approaches; defenders study of the assault, perceive the assault, and whack it. However there may be at all times a interval after the mole pops up earlier than it will get whacked.
Mick Baccio, world safety advisor at Cisco Basis AI, feedback, “The perfect techniques might want to mix sign evaluation with behavioral context, cross-checking metadata, timing, and narrative consistency. Nonetheless, defenses will lag behind the offensive curve.”
Paul Nguyen, co-founder and co-CEO at Permiso, provides: “Detection methods proceed evolving however won’t ever preserve tempo with era high quality. By 2026, deepfake video and audio can be undetectable by means of technical evaluation. Spectrograms will present no artifacts. Video body evaluation will reveal no rendering flaws. The one dependable protection is refusing to authenticate by means of channels that may be spoofed.”
The insider risk – which has at all times been tough to detect, is prone to worsen in 2026. Matthieu Chan Tsin, SVP of resiliency companies at Cowbell, feedback, “Insider threats are a severe cyber risk as a result of they originate from people inside a company who have already got approved entry, making them tough to detect… Insiders can exploit their privileged positions to steal information, disrupt techniques, or facilitate exterior assaults, resulting in monetary losses, authorized points, and breaches of delicate data.”
Sumedh Barde, CPO at Simbian, provides: “Deepfakes have been a typical drawback on the web pre-2025. In 2025, they entered the office, with many incidents of fraud involving adversaries posing as interview candidates or a enterprise accomplice in a video name.”
He aligns this concern with the insider risk: ‘rogue insiders, workers who harm their organizations from inside’. “Generally they do that on behalf of an exterior adversary in return for cash, whereas others are lone wolves.”
His concern, nonetheless, is: “In 2026 these two will converge, with rogue insiders leveraging AI and deepfakes. Workers who’ve the proclivity to cheat however had been afraid can be inspired to cheat with AI making it straightforward and deepfakes offering believable deniability. Any insider has all of the enterprise context to customise deepfake assaults to appear way more actual than something we’ve seen in 2025.”
Let’s not neglect that overseas states may assist place their very own folks in delicate industries with the assistance of AI-fabricated backgrounds. In instances of geopolitical unrest, this could possibly be described as a sleeper risk, the place there could be nothing to detect till it’s too late.
“Due to the success seen by North Korean risk actors (and others), we are able to anticipate this development to proceed and speed up in 2026,” suggests Ryan LaSalle, CEO at Nisos.
Brian Lengthy, CEO and co-founder at Adaptive Safety, provides, “We’ve seen this play out in real-world campaigns: North Korean IT employees, posing as authentic distant builders, have infiltrated world tech firms by constructing convincing on-line personas and LinkedIn histories. These aren’t ‘hacks’ within the technical sense – they’re manipulations of human belief.”
Prevention
Eran Barak, co-founder and CEO of MIND, says, “Irrespective of how superior our defenses turn into, people will proceed to be the primary click on in a breach. As social engineering turns into extra subtle, particularly with AI-generated phishing and deepfake impersonation, the one sustainable technique that a company can actually management is context-aware information management. The following era of safety isn’t about catching dangerous actors. It’s about eliminating the chance.”
Prevention is healthier than remedy; and if the sickness is incurable (as AI-enhanced social engineering is prone to turn into) eliminating the chance is important. It will largely require improved human processes.
“Processes are our greatest weapon in opposition to deepfakes,” suggests Jake Williams, school at IANS Analysis and VP of R&D at Hunter Technique. “If our processes enable verification of id primarily based on likeness (for instance, recognizing somebody by their voice or picture), then we’re going to be exploited by deepfakes. Conversely, if we implement processes that forbid id verification primarily based on somebody’s likeness, then deepfakes aren’t a risk.”
Patrick Sayler, Director of Social Engineering, NetSPI, agrees with the concept. “Don’t inform salespeople I stated this, however a go-to protection in opposition to voice cloning is simply don’t reply your cellphone. You possibly can’t be socially engineered when you don’t give the attacker a dwell viewers.”
In follow, prevention will depend upon two issues: we should change customers’ mindset from naturally trusting to naturally distrusting, and we should adapt our workflows to exclude the potential for social engineering.
The previous could possibly be promoted by making use of the ideas of purple teaming and nil belief to people in a brand new type of consciousness coaching. Workers coaching may embrace deepfake assaults to display how simply they could possibly be fooled. There are risks, after all, since workers who aren’t fooled may emerge with a false sense of superiority; however the objective is to instill zero belief ideas into folks. By no means belief, at all times confirm.
But it surely’s not conventional zero belief id verification. “Conventional consciousness coaching gained’t cease it. Defensive focus will transfer from verifying id to verifying intent,” suggests Mitiga’s Parnes.
The latter, tailored workflows, can be equally vital.
“Workflows may be redesigned to encourage detection of deepfake assaults,” says Joe Jones, CEO and co-founder of Pistachio. “For instance, companies ought to require a number of workers to approve cash transfers or information entry requests, thus enhancing the probabilities that an remoted incident of deception is picked up.
“As threats evolve,” he continues, “it’s doubtless we’ll see companies undertake extremely particular inner protocols for communication. As an illustration, by solely utilizing particular platforms for inner communication, creating government passcodes, or a ‘pause and confirm’ tradition (during which, for instance, if calls come from unknown numbers, workers should confirm identities by way of one other technique of communication earlier than continuing).”
Abstract
We’re coming into a brand new period of mistrust. Whereas a neurological pure inclination to belief is a part of early human survival processes, it should be changed by mistrust if we want to proceed to outlive. AI-enhanced social engineering, with undetectable deepfakes and compelling AI-developed backstories, has superior from attacking people, firms and industries for cybercriminals to whole cultures for adversarial nation states.
After all, every thing written right here could possibly be false. “The perfect protection in opposition to deepfakes isn’t simply higher detection expertise, however constructing a tradition the place skepticism is normal and fast reactions give strategy to cautious verification,” warns Audra Streetman, senior risk Intelligence analyst at Splunk. “Cybersecurity analysts and journalists alike will want strict vetting requirements to verify the supply of on-line materials earlier than trusting it of their work.”
Do you actually know what I’m? As Ariel Parnes says: “Essentially the most profitable breaches in 2026 will exploit belief, not vulnerabilities.”
Associated: Going Into the Deep Finish: Social Engineering and the AI Flood
Associated: How Social Engineering Sparked a Billion-Greenback Provide Chain Crypto Heist
Associated: How Agentic AI can be Weaponized for Social Engineering Assaults
Associated: GitHub Warns of North Korean Social Engineering Assaults
