ESTsecurity said on the 26th that, based on its analysis of security threat outlooks for 2026, artificial intelligence (AI) will be used at every stage of cyberattacks, accelerating the full-scale automation and sophistication of attacks.
ESTsecurity analyzed that after 2026, AI will be used across the entire attack process—reconnaissance, vulnerability analysis, intrusion, lateral movement, data exfiltration, and negotiation—speeding up the full automation of the attack chain. As the spread of AI technology lowers the entry barrier for carrying out advanced attacks, techniques once used only by some advanced persistent threat (APT) groups could spread to ordinary attackers.
The convergence of APT (advanced persistent threat) groups and ransomware attacks was also cited as a major threat. The analysis said state-linked APT groups are expanding hybrid attacks that combine data encryption and extortion with information-gathering operations, and ransomware is increasingly likely to be used as a tool of political and strategic pressure beyond monetary goals.
A broader cyberwar driven by intensifying conflicts between countries was also forecast. Cyberattack tactics proven in actual conflict zones are spreading to other areas of tension, and destructive attacks targeting key national infrastructure—finance, telecommunications, energy—could increase. There was also mention of the possibility that destructive malware, information warfare, and attacks that sow social chaos will unfold in combination.
Along with this, the deepening of supply chain attacks targeting the open-source ecosystem and an increase in state-level composite attacks aimed at IoT- and OT-based industrial infrastructure were presented as major threats. In particular, it said the structural vulnerabilities of OT environments, where patches and updates are difficult, are likely to be exploited, leading to actual operational shutdowns or physical damage.
ESTsecurity also highlighted as 2025 security issues the expanded use of ransomware by APT groups, the materialization of AI-based cyberattacks, an increase in attacks targeting large service corporations, the persistence of supply chain attacks, and the expansion of OT security threats.
An ESTsecurity official said, "With the spread of AI, global conflicts, and growing supply chain complexity, the cyber threat environment in 2026 is highly likely to intensify further," adding, "Strengthening proactive response systems for new attack surfaces—such as AI, supply chains, and OT environments—is more important than anything else."