Forecasts - 2026

🟢 On Track (evidence supporting prediction)
🟡 Uncertain (mixed signals)
🔴 Off Track (evidence contradicting prediction)
⚫ Too Early (insufficient data)
✅ Resolved TRUE
❌ Resolved FALSE

Disclaimer: The views and forecasts expressed in this document are solely my own and do not represent the views or positions of any past, present, or future employer.

Status: 🟡 Uncertain
Initial Confidence: 65% (Probable)
Current Confidence - April 2026: 55% (-10)
Creation Date: Jan 2026

Forecast: Data exfiltration-only extortion will account for the majority of ransomware attacks, with attackers increasingly bypassing encryption entirely.

Q1 Evidence. Mandiant's 2025 retrospective, published March 2026, shows data theft accompanied 77% of ransomware intrusions, up from 57% in 2024. That is directional support. But Coveware's Q4 2025 analysis goes the other way: pure data-extortion payment rates have collapsed, average payments are rising because of isolated encryption settlements, and Coveware explicitly predicts a pivot back to encryption as the primary leverage mechanism. Chainalysis confirms payment rates fell to 28% in 2025 from 62.8% in 2024, suggesting the extortion-only model is struggling economically. Reynolds, Qilin, and Warlock are also investing heavily in BYOVD capabilities to re-enable encryption against modern EDR, not to abandon it.

Q1 Rationale. The forecast bet on extortion-only becoming dominant. The Q1 data shows something more interesting: the industry is bifurcating. Data theft accompanies almost everything now, but encryption is making a comeback as a leverage mechanism because victims stopped paying for pure extortion. Dropping confidence to 55%. The original framing - 'majority of ransomware attacks' without encryption - now looks unlikely to resolve true by year-end.

Resolution Criteria:

Why This Matters:

Status: 🟢 On Track
Initial Confidence: 70% (Likely)
Current Confidence - April 2026: 78% (+8)
Creation Date: Jan 2026

Forecast: Attacks against credentials will continue to gain traction and stolen credentials will become one of the key attack vectors. Full credential chains (e.g., VPN, Cloud access, API, etc.) will be sold for a premium on underground markets.

Q1 Evidence. Ontinue's 2H 2025 report positions stolen credentials as the foundational enabler for ransomware, nation-state, supply chain, and SaaS breaches. LummaC2 infostealer listings up 72%. IBM X-Force documents 300,000 ChatGPT credentials on dark web markets. The Salesloft/Drift OAuth campaign hit 700+ organisations through pre-chained access into Salesforce. New commercial infostealers - Storm ($900/month server-side session decryption), Omnistealer (blockchain C2 plus 60+ wallet extensions), Steaelite (productised double extortion starting at connection) - are specifically built to harvest complete credential and session chains, not individual passwords. LeakBase admin arrested in March 2026 after hosting hundreds of millions of stolen credentials and corporate data for 142,000 members.

Q1 Rationale. Not just on track, accelerating. Raising confidence to 78%. The infostealer-to-IAB pipeline has moved from a cottage industry to an industrialised market with tiered products. The Salesloft/Drift cascade is the archetype of what the forecast described. Watch for the first reported incident where a bank names pre-chained OAuth access as the initial vector in a regulatory filing - that will be the resolution event.

Resolution Criteria:

Why This Matters:

Status: 🟢 On Track
Initial Confidence: 90% (Almost Certain)
Current Confidence - April 2026: 92% (+2)
Creation Date: Jan 2026

Forecast: Nation state will continue to perform APT attacks against each other and against key industry. Industries such as AI, semiconductor, chip, quantum, etc. will be key target on top of the usual critical infrastructure targeting. The fast moving geopolitical dynamics will be a key driver. Most of the companies will not be targeted directly but might be as a side effect.

Q1 Evidence. UNC3886 breached all four Singapore telecoms via zero-day. A separate China-linked actor (not attributed to a known APT) has deployed kernel-level BPFDoor and TinyShell implants across global telecom backbones. Volt Typhoon remains embedded in US energy OT networks for future disruption per Dragos' 2025 OT report. APT31 is experimenting with agentic AI via Gemini plus Hexstrike MCP for reconnaissance planning. Three Supermicro-affiliated individuals were indicted in March 2026 for smuggling $2.5B in Nvidia AI servers to China. Chinese prosecutors separately announced a crackdown on domestic semiconductor IP theft, including a HiSilicon case involving former Huawei engineers. Iran-linked Pay2Key attacked a US healthcare org in late February for destruction, not ransom.

Q1 Rationale. Confidence nudged up to 92%. Everything in the forecast has happened, at scale, across multiple geographies and target sectors. The interesting wrinkle is that AI hardware export control now sits alongside traditional espionage as an attack surface - not an activity I called out specifically but fully consistent with the thesis. Keeping this as the highest-confidence prediction on the board.

Resolution Criteria:

Why This Matters:

Status: 🟢 On Track
Initial Confidence: 60% (Probable)
Current Confidence - April 2026: 70% (+10)
Creation Date: Jan 2026

Forecast: Deepfake voice cloning will successfully bypass major authentication systems (e.g., service desk, banking client, etc.) in multiple documented cases globally, forcing major financial institutions to deprecate voice biometrics for high-risk transactions.

Q1 Evidence. BioCatch survey (reported Q1) has 91% of US banks rethinking voice biometrics due to cloning risk. Signicat reports a 2,137% rise in deepfake fraud attempts over three years; Q1 2025 North America deepfake fraud losses over $200M. A Schwyz-canton Swiss entrepreneur lost several million CHF in January 2026 to a multi-week deepfake voice campaign impersonating a business partner. ATHR, a new AI-agent vishing platform, launched in April 2026 for fully automated voice attacks at scale. Scattered Lapsus$ Hunters is recruiting female voices for helpdesk vishing at $500-1,000 per successful call. Gartner predicts 30% of enterprises will abandon standalone identity verification in 2026 citing AI-synthetic media. Regulatory movement: FinCEN issued a deepfake alert; US Senators formally questioned major banks on voice-deepfake response.

Q1 Rationale. Raising confidence to 70%. The 'multiple documented cases globally' part has already happened in Q1. The 'major institutions deprecate voice biometrics for high-risk transactions' part is being actively discussed in bank boardrooms but has not yet shown up as a confirmed policy deprecation at a tier-1 bank. The resolution path now depends on whether one of them publicly pulls the plug. One caveat worth naming: the Swiss case is CEO-fraud vishing of an employee, not a bypass of the bank's own voice biometric. The forecast conflated these two threat models and that weakens the resolution criteria. Worth tightening.

Resolution Criteria:

Why This Matters:

Status: 🟢 On Track
Initial Confidence: 50% (Chances About Even)
Current Confidence - April 2026: 62% (+12)
Creation Date: Jan 2026

Forecast: A major enterprise will suffer a material data breach directly caused by unauthorized AI agent deployment by employees, with the agent autonomously accessing and exfiltrating sensitive data outside IT security visibility.

Q1 Evidence. Grip Security reports 100% of 23,000 SaaS environments now run AI-embedded apps, with an 'invisible AI supply chain' driving a 490% YoY spike in public SaaS attacks and 80% of incidents exposing PII. The Salesloft/Drift breach via UNC6395 is the anchor case: 700+ organisations compromised through shadow OAuth and embedded Drift agent tokens. Palo Alto Unit 42 demonstrated real privilege escalation paths in Google Vertex AI Agent Engine via default service agent permissions. McKinsey's internal Lilli chatbot was red-teamed by an autonomous agent to full read/write on 46.5M messages, 728K files, 57K accounts in two hours. Irregular's multi-agent lab showed emergent credential theft, Defender disabling, and DLP bypass without adversarial prompts. Krebs documented hundreds of misconfigured OpenClaw instances leaking credentials and conversation histories in the wild.

Q1 Rationale. Raising confidence to 62%. The adjacent shape of the prediction is fully validated: agentic AI is already the cause of material incidents and the blast radius is everything the forecast described. The strict form - 'unauthorised agent deployed by an employee, $10M+ impact' - is harder to confirm because most published incidents trace back to vendor-embedded agents (Salesloft, Drift) rather than an individual employee action. Risk: the resolution criteria may be too narrow for what is actually happening. The shadow problem is larger, but its precise form is via SaaS supply chain, not Bob-in-marketing installing LangChain. Worth considering a restated resolution criterion.

Resolution Criteria:

Why This Matters:

Status: 🟢 On Track
Initial Confidence: 75% (Likely)
Current Confidence - April 2026: 78% (+3)
Creation Date: Jan 2026

Forecast: MFA bypass techniques (fatigue attacks, session hijacking, AiTM phishing, SIM swap) will account for 40%+ of successful initial access in reported financial sector breaches (up from ~25% in 2025).

Q1 Evidence. Microsoft's disruption of Tycoon2FA in March 2026 revealed an AiTM phishing-as-a-service kit that was hitting 500,000+ organisations per month worldwide. Starkiller (Jinkusu), a Docker-and-headless-Chrome AiTM platform, launched in February with polished operator dashboards impersonating Apple, Facebook, Google, Microsoft. Storm infostealer replays Google refresh tokens via SOCKS5 to bypass MFA entirely. 1Phish kit now harvests 1Password OTP and recovery codes. Microsoft separately documented a campaign abusing OAuth 2.0 device authorisation flow against US financial institutions. Mandiant 2025 data puts VPN and firewall exploitation at one-third of ransomware initial access, but credential and session-based initial access (MFA bypass family) is consistently a top-three vector in all major incident response reports.

Q1 Rationale. Holding near 78%. The tooling has commoditised faster than I expected - Tycoon2FA alone, at half a million target orgs per month, demonstrates industrial scale. The 40%+ resolution threshold now looks achievable and possibly conservative for the 2025 DBIR figures when they publish. The caveat is methodology: DBIR and M-Trends categorise initial access differently, so the arithmetic of hitting exactly 40% may depend on whose taxonomy counts as the resolution source. Worth pre-registering Mandiant M-Trends 2027 as the primary source, with DBIR as secondary.

Resolution Criteria:

Why This Matters:

Status: 🟡 Uncertain
Initial Confidence: 75% (Likely)
Current Confidence - April 2026: 72% (-3)
Creation Date: Jan 2026

Forecast: CISOs will receive explicit mandate from CFO/CEO to reduce security tool count by at least 20% or more, driven by budget pressure and "alert fatigue doesn't justify spend" arguments.

Q1 Evidence. Info-Tech Research Group's Security Priorities 2026 report names vendor sprawl reduction as a core priority. Gartner predicts 50% of enterprises will have consolidated to three or fewer security platforms by 2028. StationX cross-references show average enterprises running 45-75 tools. Multiple industry commentary pieces in Q1 frame 2025 as 'the year of belt-tightening' followed by platform-led spend growth in 2026. But spending is actually rising: Gartner forecasts 15.1% growth in 2026 security spend; IDC 12.2%. The White House is cutting CISA by $707M - not a commercial signal but sets a tone.

Q1 Rationale. Dropping slightly to 72%. Consolidation is clearly happening but the specific shape predicted - an explicit CFO/CEO mandate to reduce tool count by 20%+ - is hard to confirm in public data. Surveys describe the outcome, not the mandate mechanism. Budgets are rising overall even as tool counts fall, which suggests the narrative is 'consolidate to platforms' rather than 'cut the security budget'. The resolution criteria need sharpening: a Gartner or Forrester CISO panel data point on 'have received explicit mandate from leadership' would be the cleanest proof. Without that, we get 'people are consolidating' without answering whether the mandate exists.

Resolution Criteria:

Why This Matters:

Status: 🟡 Uncertain
Initial Confidence: 60% (Probable)
Current Confidence - April 2026: 55% (-5)
Creation Date: Jan 2026

Forecast: Financial institutions will first create a dedicated "AI Risk Officer" or "AI Governance Lead" role separate from CISO organization, creating tension over ownership of AI security vs AI compliance. Other industries will follow.

Q1 Evidence. Q1 coverage shows the governance need being acknowledged everywhere - Google Cloud's CISO priorities piece, SecurityWeek commentary, Orchid Security's IVIP positioning, Team8 CISO survey (70% enterprises already run AI agents in production). But specific named 'AI Risk Officer' or 'AI Governance Lead' roles at banks are thin on the ground in public data. Most AI governance motion is being absorbed into either CISO orgs, Chief Data Officer orgs, or new Chief AI Officer roles - and those CAIO roles tend to be product/strategy, not risk. The Indian police commissioner call for AI agent ID cards is policy theatre, not org-structure evidence.

Q1 Rationale. Dropping to 55%. The prediction has not moved meaningfully in Q1. The noise around AI governance is high but the organisational split - specifically AI Risk Officer separate from CISO - has not materialised in the banks I can observe. If anything, the opposite signal is stronger: CISOs are absorbing AI governance responsibility because nobody else wants to own the identity and access piece.

Resolution Criteria:

Why This Matters:

Status: ⚫ Too Early
Initial Confidence: 50% (Likely)
Current Confidence - April 2026: 50% (no change)
Creation Date: Jan 2026

Forecast: Organizations that establish comprehensive "source of truth" systems for security records and decisions will deploy more successful AI use cases than those without. This pattern will extend beyond security and become enterprise-wide requirement.

Q1 Evidence. Q1 surfaced very little direct evidence. The theme appears in strategic commentary (Google Cloud CISO priorities, 'living context' approaches in CISO tooling) but not in measurable outcome data. The underlying intuition - that AI agents need single-source-of-truth context or they hallucinate at machine speed - is consistent with McKinsey's Lilli breach (writable system prompts in the same DB as data is the flipside: you need curated context, and you need to protect it).

Q1 Rationale. Holding at 50%. This is the prediction with the longest evidence cycle. Industry case studies showing AI deployment success correlated with knowledge architecture maturity are unlikely to arrive in measurable form before late 2026. The forecast may need to be held open into 2027 rather than resolved. Worth revisiting in the Q3 assessment to see if Gartner or Forrester start publishing on this specifically. Not a prediction to hurry.

Resolution Criteria:

Why This Matters:

Status: 🟢 On Track
Initial Confidence: 70% (Likely)
Current Confidence - April 2026: 72% (+2)
Creation Date: Jan 2026

Forecast: Identity and access management (IAM) will become the single largest security investment category for 40%+ of financial institutions, surpassing network security, endpoint protection, and SIEM/SOC for the first time.

Q1 Evidence. IBM X-Force's 'blast radius' framing is explicit: credentials are now the core enabler, identity is the control plane. Ontinue's report closes with organisations must treat identity as the core security control plane, monitoring authentication activity with the same rigour as endpoint behavior. Orchid Security's IVIP category, promoted by Gartner, claims 46% of enterprise identity activity is outside centralised IAM visibility - an argument for expanded identity investment. Market signals: Microsoft Entra, CyberArk, Okta all posting strong quarters.

Q1 Rationale. Nudging up to 72%. The narrative support is overwhelming but the hard resolution criterion - 40%+ of financial institutions naming IAM as their single largest spend category - will not crystallise until Gartner budget allocation surveys publish mid-year. The subjective CISO-panel signal at RSA and Gartner IAM events strongly supports this direction. The risk to the forecast is one of classification: if you bundle IAM into a platform spend (Microsoft E5, for example), it may not show up distinctly in the budget surveys even when the reality is that identity dominates the spend.

Resolution Criteria:

Why This Matters:

Status: 🟢 On Track
Initial Confidence: 65% (Probable)
Current Confidence - April 2026: 68% (+3)
Creation Date: Jan 2026

Forecast: By end of 2026, 50%+ of enterprise SOC job descriptions will emphasize "AI agent orchestration" and "strategic validation" over "alert triage" and "log analysis," reflecting shift to AI-native security operations.

Q1 Evidence. CrowdStrike published detailed content on the Charlotte AI / Falcon Complete human-in-the-loop model and on scaling SOC automation with Falcon Fusion SOAR in Q1. Microsoft documented threat actors including Coral Sleet using AI agents to manage attack infrastructure - the attacker-side version of the same trend. AI-driven automation language now dominates vendor SOC positioning. But the other side of the prediction - '50%+ of SOC job descriptions will emphasise AI agent orchestration and strategic validation' - is harder to verify from Q1 data. Job-title analysis (LinkedIn, Indeed) would need specific research, not industry commentary.

Q1 Rationale. Raising to 68%. The direction is correct and visible in every major vendor's product positioning. The role change is real inside major MDR providers already. The question is whether the labour market catches up in 2026 or whether the titles remain 'SOC Analyst' while the responsibilities quietly shift underneath. Useful next step: do a structured scan of LinkedIn SOC job postings at the mid-year mark to generate a hard data point. Without that, the prediction resolves on vendor marketing rather than actual hiring practice.

Resolution Criteria:

Why This Matters:

This document is a living document and will be continuously updated.

I came up with the idea of this forecast following my read of the book: Superforecasting: The Art and Science of Prediction by Philip Tetlock and Dan Gardner. The objective is to document more formally my predictions and see if any of those playout over time. Doing this in a public manner obviously has an objective of accountability and transparency.

Disclaimer: The views and forecasts expressed in this document are solely my own and do not represent the views or positions of any past, present, or future employer.