AI cybersecurity 2026: your tools are now the attack surface
TL;DR
IBM's 2026 study shows cyberattacks on public-facing AI-enabled applications surged 44% year-over-year. Attackers are no longer breaking through firewalls, they interact with the AI agents you deployed, feed them crafted prompts, and extract sensitive data or trigger unauthorised commands. Anthropic itself was breached by AI-assisted hackers who scanned its source code for microscopic vulnerabilities that human engineers had missed. If you have not audited every AI agent in your organisation, you have an attack surface you cannot see, let alone defend.
Why is this different from every previous cybersecurity warning?
Every few years a new threat emerges and the advice is the same: update your defences, train your employees, patch your systems. This time is categorically different. The tools attackers are using are the exact tools you bought to run your business, and your AI agents have been given the authority to take real actions: send emails, access databases, make decisions.
James Mickens, a professor of computer science at Harvard, made the critical point: artificial intelligence allows attackers to manipulate your systems from entirely outside the data centre. They do not need to steal a password or trick an employee into clicking a link. They simply interact with your public-facing AI, and your AI does the rest.
What does the IBM data actually show?
According to IBM's 2026 study, cyberattacks aimed at public-facing software and applications, many of which now use AI, have surged 44% year-over-year. This is not a niche threat confined to defence contractors. It is a systemic escalation hitting everyday businesses across every sector.
Key data points:
- 44% year-over-year surge in attacks on AI-enabled public-facing applications (IBM, 2026)
- 86% of security leaders admit their AI agents are outpacing their guardrails (Rubrik Zero Labs)
- 88% of security leaders cannot roll back agent actions once taken (Rubrik Zero Labs)
- Nearly half of security leaders expect agentic AI to drive the majority of cyberattacks within two years (Rubrik Zero Labs)
- 40% of US data centres scheduled for 2026 completion are delayed by three months or more (SynMax)
- The global AI skills gap is estimated to cost businesses $5.5 trillion
How was Anthropic breached, and what does it mean for your business?
In November, Anthropic, one of the most advanced AI safety companies in the world, suffered a massive data breach. The attackers did not use traditional brute-force methods. They used their own AI models to systematically scan Anthropic's source code, identify microscopic vulnerabilities that human engineers had missed, and exploit them to publish the company's inner workings.
If one of the most advanced AI companies on the planet can be breached by AI-assisted hackers, a mid-sized accounting firm in Sydney or a logistics company in London has very little chance without a fundamentally different security posture.
Why are your employees no longer your first line of defence?
Robert Knake, the former deputy national cyber director at the White House, made a sobering observation: just a year ago, phishing emails were relatively easy to spot, misspellings, awkward phrasing, obvious red flags. That is completely gone. Generative AI now crafts phishing messages that are perfectly written, highly personalised, and virtually indistinguishable from genuine communications.
Your employees are no longer your first line of defence. They are your greatest vulnerability, and they are completely outgunned. Traditional security awareness training that teaches people to look for dodgy grammar and suspicious links is now entirely obsolete.
What has AI done to zero-day vulnerabilities?
A zero-day vulnerability is a flaw in software that the vendor does not yet know exists. Historically, discovering them required skilled researchers working for extended periods. AI has eliminated that constraint entirely.
Three previously undisclosed zero-day vulnerabilities in Windows, BlueHammer, RedSun, and UnDefend, are currently being actively exploited by threat actors. In another case, a security researcher used an AI assistant to find a high-severity vulnerability in Apache ActiveMQ that had sat unnoticed for 13 years. The AI found it in a fraction of the time a human team would have taken.
When AI can scan millions of lines of code and surface vulnerabilities hidden for over a decade, the concept of a secure perimeter ceases to exist.
See where AI fits in your business. Free.
A 45-minute audit. We map the highest-value automations and what they're worth in time and money. No pitch, no pressure.
What are the most senior voices in AI saying?
Yoshua Bengio, widely considered one of the "godfathers of AI" and a Turing Award winner, is urgently calling for international cooperation. His concern is focused heavily on Anthropic's Mythos model, which has demonstrated an unprecedented ability to identify thousands of previously unknown zero-day vulnerabilities. Anthropic has restricted access to Mythos to a small group of US-based tech firms, creating significant geopolitical and economic tension.
The Bank of England has been pressing Anthropic for access to Mythos so UK banks can understand their own vulnerabilities before attackers do. The issue completely dominated the recent IMF and World Bank spring meetings.
"It doesn't make sense that private individuals are deciding the fate of infrastructure for everyone else.", Yoshua Bengio
Bengio also warned that open-source AI models represent an even greater danger. Safety guardrails can be stripped out by anyone who downloads and modifies them. The decades-long assumption that open-source code is more secure because more human eyes review it is now a liability: AI can scan that same public code at scale, identifying weaknesses far faster than communities can patch them.
Is the physical infrastructure keeping up?
No. A geospatial analysis by SynMax using satellite imagery found that 40% of US data centres scheduled for completion in 2026 are delayed by three months or more, including critical projects for Microsoft and OpenAI. Regulatory hurdles, supply chain bottlenecks, and a severe shortage of skilled workers are crippling the expansion of the very infrastructure required to run both the AI you use for business and the AI you need for defence.
You are caught in a perfect storm: attackers are using AI to find vulnerabilities faster than vendors can patch them, the infrastructure required to run defensive AI is delayed, and the regulatory environment is fragmented and reactive.
What regulatory exposure are you carrying right now?
The EU AI Act is approaching its high-risk enforcement deadline in August this year. Fines reach up to 35 million euros or 7% of global annual revenue. Whether you operate in Europe or not, the direction is clear: governments will hold businesses accountable for the AI systems they deploy. If your AI is compromised and you cannot demonstrate adequate governance and security, the consequences will be severe.
Singapore's Monetary Authority has released its Phase 2 AI Risk Management Toolkit, developed in collaboration with 24 financial institutions, one of the most comprehensive frameworks in the world for managing AI risk in regulated industries. Australia has signed a memorandum of understanding with Anthropic on AI safety research. The UK has announced its £500 million Sovereign AI fund, though critics have rightly noted this is roughly 0.08% of OpenAI's market cap.
Governments are moving. The question is whether your business is moving faster than the threat.
What to do this week
1. Audit every AI agent you have deployed. What data does each agent access? What actions is it authorised to take? Is it connected to public-facing systems? If you cannot answer these questions clearly, that is your first problem.
2. Implement zero-trust architecture for all AI agents. Every agent should operate with minimum permissions. No broad access by default. Principle of least privilege, applied strictly to every deployed model.
3. Deploy AI-driven defensive monitoring. As Robert Knake put it, you need "agentic AI essentially sitting over your shoulder... looking at everything you're doing and saying this certainly looks like it's a kill chain for a fraudulent scheme." Human analysts alone cannot respond at machine speed.
4. Build an AI-specific incident response plan. How will you isolate a compromised agent? How will you communicate with stakeholders if your AI is used to exfiltrate data? Rehearse this scenario before you need it, not during a crisis.
5. Overhaul your security awareness training. Teaching employees to spot dodgy grammar is obsolete. Train your team to recognise AI-crafted attacks, verify requests through secondary channels, and treat every polished unsolicited communication with scepticism regardless of how legitimate it appears.
6. Close the agent sprawl gap before August. Rubrik Zero Labs found 86% of security leaders admit their AI agents are outpacing their guardrails, and 88% cannot roll back agent actions once taken. Centralise visibility across every AI agent in your organisation before the EU AI Act enforcement deadline turns that gap into a legal liability.
Where to from here
Book a free 60-minute AI audit, we'll explore exactly what workflows are worth augmenting with AI.
Live with passion & AI,
Brett
Host a podcast? Have Brett on as a guest.
Straight talk on implementing AI in real SMEs, no jargon, plenty of receipts from the businesses we run.
Frequently asked questions
How much have AI-targeted cyberattacks increased in 2026?
+
According to IBM's 2026 study, cyberattacks on public-facing software and applications, many of which now use AI, have surged 44% year-over-year. This is a systemic escalation hitting everyday businesses across all industries, not isolated incidents.
How was Anthropic breached?
+
In November, attackers used their own AI models to systematically scan Anthropic's source code, identify microscopic vulnerabilities that human engineers had missed, and exploit them to publish the company's inner workings. They did not use traditional brute-force methods.
What is Anthropic's Mythos model and why is it controversial?
+
Mythos is an Anthropic model that has demonstrated an unprecedented ability to identify thousands of previously unknown zero-day vulnerabilities. Anthropic has restricted access to a small group of US-based tech firms. The Bank of England has been pressing for access so UK banks can audit their own systems before attackers do, and the issue dominated the recent IMF and World Bank spring meetings.
Why are phishing attacks so much harder to detect now?
+
Robert Knake, former deputy national cyber director at the White House, noted that generative AI has eliminated all the tell-tale signs, misspellings, awkward phrasing, that once made phishing detectable. AI-generated phishing emails are now perfectly written, highly personalised, and virtually indistinguishable from genuine communications.
What does Rubrik Zero Labs research reveal about AI agent security?
+
Rubrik Zero Labs found that 86% of security leaders admit their AI agents are outpacing their guardrails, 88% cannot roll back agent actions once taken, and nearly half expect agentic AI to drive the majority of cyberattacks within two years.
What are the EU AI Act penalties for inadequate AI governance?
+
The EU AI Act's high-risk enforcement deadline arrives in August this year. Fines reach up to 35 million euros or 7% of global annual revenue. Businesses that cannot demonstrate adequate AI governance and security face severe consequences if their systems are compromised.
Which zero-day vulnerabilities are currently being actively exploited?
+
Threat actors are actively exploiting three previously undisclosed zero-day vulnerabilities in Windows known as BlueHammer, RedSun, and UnDefend. Separately, a security researcher used an AI assistant to discover a high-severity vulnerability in Apache ActiveMQ that had gone unnoticed for 13 years.
Brett is a four-time founder (Darra Tyres, Gladfish, EzyTrac, Anaboo) and the operator behind AIOS, Anaboo's AI Operating System. He writes from inside the build, installing AI in his own businesses first and reporting back what actually moves the numbers. Based between Singapore, the UK and Australia.
