AI, regulation & quantum top Gartner cyber trends for 2026

Gartner has set out six cybersecurity trends it expects will shape organisational priorities in 2026, with artificial intelligence use, geopolitical tension and regulatory change pushing security teams towards new governance models and more formal resilience planning.

The research firm said the combination of rapid AI adoption and an intensifying threat landscape is testing established approaches to cyber risk management and resource allocation. It expects the implications to reach beyond technology teams and into board accountability, procurement and workforce planning.

"Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change," said Alex Michaels, Director Analyst, Gartner. "This demands new approaches to cyber risk management, resilience and resource allocation."

Agentic AI

One of the central themes is the spread of agentic AI, which describes AI systems that can take actions on behalf of users and other software. Gartner said employees and developers are already deploying these tools, and that adoption is widening as no-code and low-code products become more common.

That shift creates new attack surfaces and new governance questions. Unmanaged AI agents can introduce weak points in systems and workflows. They can also create compliance exposure if teams use them without approval or record-keeping.

"While AI agents and automation tools are becoming increasingly accessible and practical for organisations to adopt, strong governance remains essential," said Michaels. "Cybersecurity leaders must identify both sanctioned and unsanctioned AI agents, enforce robust controls for each and develop incident response playbooks to address potential risks."

Regulatory pressure

Gartner also pointed to regulatory volatility as a driver of cyber resilience programmes. It said shifting geopolitical conditions and changing national mandates are moving cybersecurity further into the category of business risk. It also expects more direct scrutiny of boards and executives, with a greater likelihood of penalties where compliance controls fail.

The firm advised organisations to tighten collaboration between security, legal, business and procurement functions. It also highlighted the need for clearer accountability for cyber risk decisions and better alignment with recognised control standards, particularly where data sovereignty issues complicate cross-border operations.

Post-quantum plans

Another trend focuses on post-quantum computing preparations. Gartner predicts that advances in quantum computing will make widely used asymmetric cryptography unsafe by 2030. That timeline has begun to influence near-term security roadmaps, particularly in sectors that retain sensitive data for long periods.

The firm warned of "harvest now, decrypt later" attacks, where adversaries collect encrypted data now with the expectation they can decrypt it in future. It said organisations should inventory cryptographic use, plan for replacement and improve cryptographic agility across systems and suppliers.

"Postquantum cryptography is reshaping cybersecurity strategies by prompting organisations to identify, manage and replace traditional encryption methods, while prioritising cryptographic agility," said Michaels. "By investing in these capabilities and prioritising migration now, assets will be secured when quantum threats become a reality."

Identity shifts

Gartner expects identity and access management to change as AI agents become more common users of systems. It said traditional identity models have gaps when applied to machine actors, particularly around registration, governance and automated credential use.

Policy-driven authorisation will become more complex as autonomous systems interact with internal applications and external services. Gartner said organisations that do not adjust their identity controls face a higher chance of access-related incidents as agents take on more tasks that once required human logins.

SOC disruption

The firm also described changing operating norms in security operations centres as AI-driven tools become more widely deployed. It said cost optimisation programmes and interest in AI are driving adoption, but that the shift introduces new complexity around staffing, skills and tool economics.

AI tools can change alert triage and investigation workflows. Gartner said that can reduce time spent on routine work, but it also creates new requirements for oversight, quality control and training. Many organisations will need to invest in upskilling, particularly where teams must evaluate AI outputs and manage exceptions.

"To realise the full potential of AI in security operations, cybersecurity leaders must prioritise people as much as technology," said Michaels. "Strengthening workforce capabilities, implementing human-in-the-loop frameworks into AI-supported processes and aligning adoption with clear strategic objectives will be critical to maintaining resilience as SOCs evolve."

Awareness rethink

Gartner's sixth trend addresses employee security awareness programmes, which it said are not reducing risk quickly enough as generative AI use spreads across workplaces. It cited a survey of 175 employees conducted between May and November 2025. The survey found that more than 57% used personal generative AI accounts for work purposes, and 33% admitted inputting sensitive information into unapproved tools.

The firm recommended a move away from broad awareness training and towards behavioural programmes that focus on day-to-day work patterns. It said training should include AI-specific tasks and be paired with governance controls and clear policies for authorised use, especially where privacy and intellectual property concerns are material.

Gartner analysts plan to discuss these themes at its Security & Risk Management Summit events, including a Sydney edition and a London conference later in the year.