AI is fast becoming hackers’ weapon of choice. A new global survey finds that cybersecurity professionals see AI-driven attacks as the top threat heading into 2026, eclipsing even ransomware and insider breaches.
According to ISACA’s 2026 Tech Trends & Priorities Pulse Poll, nearly six in ten digital trust professionals said AI-powered cyber threats will “keep them up at night” next year. The survey gathered responses from almost 3,000 experts in cybersecurity, audit, risk, and compliance across industries worldwide.
The threat that never sleeps
ISACA’s latest findings reveal a threat that never powers down. Fifty-nine percent of digital trust professionals cite AI-driven cyber threats and deepfakes as their biggest worry, the highest response in the poll.
When asked what keeps them on alert, respondents ranked traditional dangers far lower:
- 36% pointed to failure to detect or respond to a breach, causing major harm
- 35% cited insider threats and human error
- 33% warned of cloud misconfigurations and shadow IT
Other worries — from regulatory complexity and supply chain risks to talent shortages — trailed even further behind, underscoring just how dominant AI has become in the threat landscape.
The pattern shows how defenders are moving from fighting familiar foes to confronting an intelligent, adaptive enemy. Once the engine of innovation, AI is now viewed as a weapon in the wrong hands.
AI lifts social engineering to dangerous new heights
The data found that 63% of professionals rank AI-driven social engineering as the most serious cyber threat they’ll face, outpacing ransomware and insider risks by a wide margin. The surge marks a new phase of manipulation where algorithms, not humans, are writing the scripts.
By comparison, 54% pointed to ransomware and extortion attacks, while 35% flagged insider threats as their top concern. It’s no surprise, as cybercriminals are now using automation and large language models to generate convincing phishing messages, mimic executives, and even clone voices or faces at scale.
AI tools can now strip away the limits of time and skill that once constrained attackers, allowing cybercriminals to personalize deception with unprecedented precision, turning social engineering into a fully industrialized threat.
Amid that escalation, 48% of digital trust professionals say managing AI-related risk is “very important,” placing it alongside regulatory compliance at 66% and cloud security at 47% as enterprise priorities. Increasingly, boards are folding AI governance into the same frameworks that safeguard trust and stability.
Defenses lag as teams feel the strain
Alarmingly, only 13% of respondents say their organizations are “very prepared” to manage the risks tied to generative AI, while another 30% admit they’re not very, or not at all, prepared. The gap highlights how fast AI adoption is outrunning the guardrails meant to contain it.
That shortfall is taking a toll on people, too. Forty-one percent of professionals say keeping up with the pace of AI-driven change is their biggest concern, followed by rising threat complexity at 27%, hiring challenges at 23%, and burnout at 14%.
The pressure is shifting from systems to staff, exposing the human layer as cybersecurity’s next critical vulnerability.
AI won’t wait — neither can defenders
ISACA’s data leaves little doubt: AI has changed the tempo of cybersecurity. The threats are faster, the stakes higher, and the response windows shorter. In the age of intelligent attacks, defenders must learn to move with the same precision and speed as the systems they’re fighting.
Open source code is also under siege, with recent data pointing to a sharp rise in malicious packages across major software registries.