Mar 27 2026
Security

RSAC 2026: AI-Fueled Cyberattacks Define the 2026 Security Landscape

From industrialized zero-day exploits to artificial intelligence-driven operations in critical infrastructure, cybersecurity leaders warn that defenders must fundamentally rethink speed, visibility and trust
Joe Kuehne
by

Joe Kuehne is an Associate Editorial Director at BizTech magazine. 

The cybersecurity threat landscape in 2026 is undergoing a profound transformation driven by artificial intelligence, software supply chain complexity and the convergence of IT and operational technology.

Insights from this week’s RSA 2026 Conference — particularly the SANS Institute’s “Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders” panel — underscore a stark reality: Attackers are moving faster, scaling more effectively and exploiting systemic weaknesses that defenders are not yet equipped to manage.

The panel, moderated by Ed Skoudis, president of SANS Technology Institute, is one of RSAC’s most popular sessions each year. This year’s panel featured Joshua Wright, faculty fellow at the SANS Institute and technical director at Counter Hack Challenges; Robert M. Lee, faculty fellow at the SANS Institute and founder and CEO of Dragos; Heather Barnhart, dean of faculty at SANS Institute and senior digital forensics expert at Cellebrite; and Rob T. Lee, chief of research and chief artificial intelligence (AI) officer at the SANS Institute.

Click the banner below for deeper insight into modern cyber resilience.

x-cyberattack-static-2024-clickhere-desktop.jpg x-cyberresillience1-static-2024-na-mobile.jpg

The Rise of AI-Generated Zero-Day Exploits

According to Wright, AI is fundamentally changing the economics of zero-day exploits. “Instead of measuring exploits in dollars, we need to start measuring exploits in how many tokens it requires for an AI model to find a previously unknown vulnerability,” he explained.

Historically, zero-days were rare and expensive, limiting their widespread use. That scarcity is disappearing. Researchers now warn that AI systems can identify vulnerabilities and generate exploits at scale, potentially producing “hundreds of zero-day exploits every week,” Wright said.

This shift creates an asymmetry that favors attackers, particularly as most organizations still patch on timelines measured in weeks or months rather than hours. As Wright noted, current patching practices are “not a tenable opportunity for us to continue managing” in an environment of continuous vulnerability discovery.

WATCH: Check out the cybersecurity trends to watch in 2026.

Supply Chain Attacks Move to Center Stage

At the same time, supply chain attacks have become both more common and more complex. Modern software ecosystems are deeply interdependent, with even simple applications relying on hundreds of underlying components. Wright illustrated this by dissecting a widely used utility: “Not only is 7-Zip really complex software in a minimal installer, but it has 300 unique dependencies.”

Each dependency represents a potential attack vector, dramatically expanding the threat surface. Recent data suggests the scale of the issue is already significant, with a majority of organizations experiencing supply chain compromises. “The problem of supply chain threats is not the software we choose. It’s the vendor’s software and their vendors’ software,” Wright explained.

Experts increasingly recommend that organizations assume supplier compromise as a baseline condition, adopt zero-trust principles and implement stronger vendor attestation processes. Limiting the blast radius of any breach has become just as important as preventing one.

Heather Barnhart headshot
There's a lot of room for AI to be integrated. You just have to do it responsibly.”

Heather Barnhart Dean of Faculty, SANS Institute

Critical Infrastructure Faces Scalable Cyber-Physical Threats

The convergence of IT, cloud and industrial systems is amplifying risk in critical infrastructure. Robert M. Lee warned that modern environments are becoming more homogeneous and interconnected, enabling attacks to scale in ways that were previously impossible. “We lived in a world of low frequency, high consequence,” he said.

“We went to a very homogenous world. We had vendors buying up other vendors. We had common frameworks, common software stacks, common network networking protocols, but with a lot of commonalities shoved into our systems that made them more profitable — in many ways, more safe, more resilient. But, unfortunately, that allows the scalability of those attacks.”

In these environments, cyber incidents can have physical consequences. Power outages, manufacturing disruptions and even explosions are no longer theoretical risks. In some cases, organizations cannot determine whether incidents were caused by cyberattacks or operational failures. “We cannot actually determine if it was a cyberattack that took down a major portion of a power system or caused a disruption to a manufacturing facility or caused an explosion at an oil and gas facility,” Robert M. Lee noted.

One particularly troubling trend is the use of “misoperation” techniques, where attackers manipulate systems without deploying traditional malware. By altering settings or control logic, adversaries can cause damage while evading conventional detection methods.

DIVE DEEPER: Find out how to manage the convergence of IT and operational technology securely.

AI is a Double-Edged Sword for Defenders

AI is not only fueling attacks, it is also reshaping defense. Yet its rapid adoption introduces new risks. Barnhart cautioned against blind reliance on AI-generated outputs, particularly in digital forensics and incident response. “We take it and we just trust it because AI told us so. It’s a hugely irresponsible thing that we are all doing,” she said.

This automation bias can undermine investigations and lead to incorrect conclusions. In high-stakes scenarios, human oversight remains essential. Barnhart emphasized that “AI does not get to decide — a human must” when outcomes affect safety or legal responsibility.

At the same time, AI offers powerful capabilities for defenders. Emerging tools can analyze incidents in minutes rather than days, helping close the speed gap with attackers. “There’s a lot of room for AI to be integrated. You just have to do it responsibly,” Barnhart suggested.

WATCH: Learn how to secure agentic artificial intelligence.

Rethinking Cyber Defense for an AI-Driven Era

The convergence of these trends signals a fundamental shift in cybersecurity strategy. Organizations must rethink core practices, from patch management and incident response to supply chain risk and system visibility. Automation, AI integration and continuous validation are becoming essential components of modern defense.

Equally important is collaboration. While attackers benefit from automation, defenders have strength in numbers. Community-driven initiatives, shared intelligence and open security tools are emerging as critical advantages in the fight against increasingly sophisticated adversaries.

The message from RSAC 2026 is clear: AI is now embedded in every aspect of the threat landscape. The organizations that adapt by accelerating defenses, improving visibility and embracing responsible AI use will be best positioned to navigate the next wave of cyber risk.

Photography by Joe Kuehne

More On

Related Articles

Close

New Workspace Modernization Research from CDW

See how IT leaders are tackling workspace modernization opportunities and challenges.

Click Here to Read the Report