Next year, artificial intelligence (AI) is expected to be fully used in cyberattacks and defenses, setting off a full-fledged "AI vs. AI" race. North Korean hackers' theft of virtual assets and defense technologies to earn foreign currency is also expected to increase.
Cybersecurity company SECUI stated accordingly on the 17th in "Major security threats and technology trends for 2026." SECUI selected five security trends: the full-fledged shift to AI, the growing sophistication of ransomware threats, software supply chain attacks disguised as updates, North Korean hackers' theft of virtual assets and defense technologies, and the platformization of integrated threat response.
SECUI analyzed that as AI permeates across industries and the AI-ization accelerates in security, both threats and responses are rapidly becoming more intelligent and automated. The company said, "The spread of Generative AI has rapidly raised the level of existing threats such as deepfakes, tailored malware, and sophisticated phishing," and noted, "Going forward, AI will evolve into an 'attack agent' with autonomous judgment and execution capabilities, and ultra-precise attacks in which the entire process—from reconnaissance to intrusion, propagation, and evasion—is automated are expected to increase further."
It added, "2026 is expected to be the year when cybersecurity shifts to a full-fledged 'AI vs. AI' competitive landscape," and emphasized, "As both offense and defense become more advanced with AI, response strategies using AI technology will become the core competitive edge in corporations' security."
SECUI said that in step with this trend, an "AI-based security platform" that allows AI to set goals and craft response strategies on its own and perform security tasks without human intervention will draw attention.
Ransomware attacks, which were rampant this year, are expected to continue next year.
Major ransomware groups are operating by publicly pressuring victim corporations, such as by posting stolen information on the dark web. Recently, even after the decryption expense is paid, they further extort by threatening to leak data and simultaneously conduct distributed denial-of-service (DDoS) attacks, with double and triple extortion tactics running rampant.
On top of that, AI-based autonomous ransomware and ransomware-as-a-service (RaaS) are adding to the mix, further advancing attack techniques. RaaS is a service that provides malware on a subscription basis so that ransomware can be executed without specialized hacking skills, significantly lowering the barrier to entry for hacking.
SECUI said, "With the emergence of 'autonomous ransomware' in which AI performs the entire process from target selection and intrusion to data encryption and ransom negotiation, the spread and scale of damage from ransomware attacks are expected to grow further," and noted, "AI-based attacks learn the detection patterns of defense systems and have the adaptability to evade them in real time, greatly increasing the difficulty of response."
Software supply chain attacks disguised as updates are also expected to increase.
This year, the government distributed guidelines for the National Network Security Framework (N2SF), eased network separation regulations, and is actively encouraging the use of AI and the cloud through the introduction of a multilayered security system (MLS). According to SECUI, as domestic corporations and institutions accelerate zero trust adoption and cloud migration in line with these policies, new supply chain attack risks are emerging.
The company said, "If the update servers of security solutions or essential software supplied to public and financial institutions are hacked, malware can be distributed on a large scale, which can cause a chain of damage extending beyond a single institution to multiple institutions," and diagnosed, "Also, security configuration errors or inadequate access controls that can occur during cloud migration are potential risk factors that can lead to internal information leaks."
North Korean hacking groups are expected to continue hacking virtual assets and stealing advanced technologies next year, aiming for financial gain, as they did this year. SECUI said, "With foreign currency conditions deteriorating, North Korea is presumed to have relied considerably in recent years on obtaining foreign currency through virtual asset hacking," and noted, "With the recent success of the Nuri rocket launch and the establishment of the Korea AeroSpace Administration, Korea's defense and space industries are growing rapidly, and cyberattacks targeting related core technologies are expected to expand further."
To counter more sophisticated threats, the security industry next year is expected to see a marked shift toward platformization, in which the entire process of threat detection, analysis, and response is handled in a single environment.
Jeong Sam-yong, CEO of SECUI, said, "As security threats expand in many directions, the perspective of threat response must also broaden," and added, "Corporations need to build a security framework that can manage threats in an integrated way."