Over the last month, you've been writing in with your predictions for 2026 — and the vast majority are about a little thing called AI.

• Here's what you're all watching this year:

🏃🏻‍♂️ Defenders' race to keep up

"What we've seen as isolated proof-of-concepts will evolve into coordinated, AI-orchestrated operations that can adapt in real time." —Nick Schneider, CEO at Arctic Wolf

"We expect adversaries to unleash AI in ad fraud and malvertising at an unprecedented speed and scale by generating obfuscation techniques to evade detection and impersonating popular tools to hide malicious behavior." —Lindsay Kaye, VP of threat intelligence at HUMAN Security

"In 2026, deepfake voice, video, and image attacks will become almost impossible to spot." —Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance

"2026 will mark the year predator AI bots start writing their own rules — a result of the rapid expansion of AI-driven platforms, multi-cloud architectures, APIs, and hyper-connected systems." —Tim Chang, global VP and general manager of application security at Thales

🗺️ Wider attack surface

"You will see more organizations get hacked because a portion of their site is vibe coded." —Rachel Tobac, CEO at SocialProof Security

"In 2026, AI browsers will... introduce new security risks, as malicious pages or hidden content can trick an AI browser into leaking data or performing unauthorized actions instantly." —Etay Maor, chief security strategist at Cato Networks

"By year-end 2026, identity attribution becomes a prerequisite for secure agentic AI deployment." —Paul Nguyen, co-founder and co-CEO of Permiso Security

"The speed of AI adoption is driving huge efficiency gains, but unless organizations slow down and assess these risks, they'll reopen exposures we've spent decades trying to close." —Tom Gorup, VP of security operations center operations at Sophos

"Without proper guardrails, [autonomous AI] systems will operate beyond their limits, which can lead to vulnerabilities that malicious insiders can exploit." —Marshall Heilman, CEO at DTEX Systems

👔 Boardrooms step up

"In 2026, security line items will begin shifting into company-wide AI programs — not just the CISO cost center — as organizations recognize that cyber readiness will be fundamental to AI-driven growth, customer trust, and operational efficiency." —Stephen Morrow, chief solution officer at AirMDR

"Boards and investors will start demanding quantifiable resilience metrics — not just uptime, but how fast the business can recover and adapt after disruption. Resilience will evolve from an aspiration to a tangible KPI." —Ha Hoang, CIO at Commvault

"With security budgets under strain and attack surfaces dramatically growing, buyers will no longer tolerate confusing, complicated pricing and tools that only offer visibility." —Chris Rouland, founder and CEO of Phosphorus

"Organizations will begin automating how they demonstrate trust — not as a reaction to regulation, but as an operational necessity." —Erez Tadmor, field CTO at Tufin

🥵 Automation's human cost

"There will be a wave of unintended data leaks... caused [not] by malicious actors, but rather by business users who lack the skills, training, or security guardrails to prevent these blunders from happening. This will be the beginning of the 'AI oopsie era.'" —David Scovetta, director of information security at FormAssembly

"We'll see more breaches not because AI makes attackers smarter, but because it makes organizations overconfident." —Selena Larson, staff threat researcher at Proofpoint

"Unless security leaders centralize how the work gets assigned, tracked, and completed, organizations will continue to drown in findings.... The next wave of innovation will focus on orchestrating remediation across teams, not just surfacing more information." —Daniel Bogomolny, principal product specialist at Seemplicity

Cyberattacks may have played a role in the U.S. operation that captured Venezuelan leader Nicolás Maduro.

Why it matters: Rarely do we hear about U.S.-led cyber operations against other governments — not because they don't happen, but because they're highly confidential.

What the president said: "The lights of Caracas were largely turned off due to a certain expertise that we have," President Trump said Saturday during a news conference announcing the operation.

• Gen. Dan Caine, chairman of the Joint Chiefs of Staff, said during the same news conference that U.S. Cyber Command and Space Command helped with "layering different effects" that paved the way for the on-the-ground operation.
• A spokesperson for Cyber Command referred Axios to the White House, which did not respond to a request for comment.

Between the lines: It's safe to assume Trump was discussing a U.S. cyber operation that turned off the power in Venezuela's capital city, experts said over the weekend.

• "Time will tell but the claim is perfectly reasonable," Robert M. Lee, CEO at Dragos and a former NSA hacker, said on LinkedIn.
• Former officials told Politico that a cyberattack on Venezuela's oil and gas infrastructure last month had the telltale signs of a U.S. operation.

Flashback: Reports of U.S.-led cyber operations against foreign governments are few and far between, but not unheard of.

• The U.S. and Israel are widely believed to have built the Stuxnet malware that sabotaged Iranian nuclear enrichment facilities in the late 2000s.
• The Chinese government has also accused U.S. intelligence operatives of launching attacks against the country's infrastructure, including its National Time Service Center and last February's Asian Winter Games.

What to watch: Venezuela isn't known for its cyber prowess, but many of its allies — including China and Russia — are formidable U.S. adversaries.

🗓️ 2026 kicks off a crowded cyber policy calendar packed with deadlines and high-stakes nominations for Congress.

Why it matters: Whether — and how — lawmakers meet those deadlines will shape the future of U.S. cyber operations, surveillance and information-sharing authorities.

👥 Nominations galore: After the Senate failed to act on Sean Plankey's nomination to lead the Cybersecurity and Infrastructure Security Agency, the White House must now decide whether to resubmit him or start over with a new pick.

• Meanwhile, just before year's end, Trump appears to have nominated Army Lt. Gen. Joshua Rudd to lead the NSA and U.S. Cyber Command, teeing up another major confirmation frontline.

🛡️ Reauthorizing threat intel sharing... again: Congress extended the Cybersecurity Information Sharing Act of 2015 only through the end of January in the latest funding deal.

• The law shields U.S. organizations from liability when they share data on malware, botnets, adversaries and other cyber threats.
• It briefly lapsed in the fall after lawmakers missed its Sept. 30 deadline, and competing proposals have been circulating for a longer-term fix.

🕵 A surveillance showdown returns: Section 702 of the Foreign Intelligence Surveillance Act is set to expire in April, reviving a debate Congress punted in 2024.

• The authority allows warrantless collection of communications from non-U.S. citizens overseas.
• But privacy advocates argue the program sweeps in Americans' communications as well, fueling calls for tighter limits.

@ D.C.

👀 The lead staffer behind CISA's pre-ransomware notification service left the agency last month. (Cybersecurity Dive)

🛡️ The Trump administration's plan to lean more on private companies and state governments to help fend off nation-state hackers may be a tough sell. (Wall Street Journal)

🪐 CACI International was awarded a new contract to upgrade the U.S. Space Force's computer networks against evolving security threats. (SpaceNews)

@ Industry

💰 Palo Alto Networks is in talks to acquire Israeli cybersecurity startup Koi for an estimated $400 million. (CTech)

⚠️ Elon Musk's Grok AI model allowed users to create sexually explicit images of children. (Axios)

✍🏻 Microsoft CEO Satya Nadella wants the tech industry to stop saying AI slop and better account for a world where AI is a "cognitive amplifier" for human work. (The Verge)

@ Hackers and hacks

🚔 Two U.S.-based former cyber incident responders pleaded guilty to helping the BlackCat ransomware gang target American companies. (BleepingComputer)

📈 The Taiwanese government said the number of China-backed cyberattacks targeting Taiwan's infrastructure, including hospitals and banks, rose 6% last year to an average of 2.63 million attacks a day. (Reuters)

📺 The Kimwolf botnet is on the rise, infecting more than 2 million devices worldwide, including unofficial Android TV boxes sold on popular e-commerce sites. (KrebsOnSecurity)

🌉 This one is for the Bay Area readers: I have a resolution to go to at least 10 new-to-me local restaurants this year.

• 🍝 Hit reply with whatever suggestions you have!