Malicious hackers will get a big AI boost in 2026
Add Axios as your preferred source to
see more of our stories on Google.
SocialProof Security CEO Rachel Tobac. Photo illustration: Axios Visuals; Photo: Courtesy of Rachel Tobac
Malicious hackers will outpace defenders in their deployment of AI tools in the coming year, ethical hacker and SocialProof Security CEO Rachel Tobac told Axios.
Why it matters: It's not just businesses that will have to worry about hackers stealing intellectual property and customer data.
- Ordinary people will increasingly need to stay on guard for scammers impersonating them or their loved ones, Tobac warned.
The big picture: Malicious hackers have been experimenting with new generative AI tools just like the rest of us, and they face far fewer constraints on how they deploy them than corporate security teams do.
- Tobac knows this firsthand. She's often called on to demonstrate how easy it is to hack or impersonate someone, including on CNN and CBS' "60 Minutes."
- "I do think, sadly, that 2026 will bring more, newer attacker successes faster than it will bring defender successes using AI," she said.
Threat level: More companies are grappling with AI-enabled attacks this year than the public realizes, Tobac said.
- "It's uncommon for people to talk about them getting hacked with this type of attack because it's so scary and attribution is hard," she said.
Zoom in: These attacks will take two forms: Hackers targeting organizations and stealing data, and hackers targeting people and their identities, Tobac said.
- When it comes to corporate breaches, she expects more public disclosures like Anthropic's recent report detailing China-backed hackers using Claude Code to automate an espionage campaign.
- Attackers will also lean more heavily on deepfake video and audio tools to impersonate victims during their operations, she said.
Between the lines: Tobac's prediction for 2026 involves more headlines about companies and people falling victim to AI-enabled attacks.
- "This is absolutely happening in organizations," Tobac said. "They just don't know for sure, and they aren't comfortable talking to the media about it."
- Think of how the seal broke on companies talking about pervasive North Korean IT worker fraud this year: Fortune 500 firms had been dealing with the threat privately for years before many began speaking publicly.
Yes, but: Cybersecurity vendors are already rolling out their own AI-powered tools designed to detect and disrupt these attacks.
What to watch: Tobac believes the pendulum will eventually swing in favor of the defenders.
- "Those defender successes using AI, they will happen, but I think it's going to take some time to catch up," she said.
Go deeper: Cybersecurity industry preps for autonomous AI attacks
