Agentic AI was one of the most talked-about concepts in cybersecurity in 2025. It concerns AI systems that not only perform individual tasks but can also act independently by gathering information, making decisions, adapting to circumstances and executing complete sequences of actions. This ability creates great opportunities – but also a whole new generation of cyber threats.
Ahead of 2026, security experts at Barracuda have identified a number of trends that will shape the year.
They envision a future where:
- An agentic AI operator can carry out entire cyberattacks from start to finish, gather what is needed, create credible decoys, test different routes in and continuously adjust tactics according to how the defense reacts. Defenders can expect attack types that they have not seen before and which can be difficult to understand in retrospect.
- Agentic AI analyzes large amounts of data in real time to find vulnerabilities, which allows attackers to automate both the identification and exploitation of weaknesses.
- AI can conduct voice and text dialogues with humans at a level that makes it very difficult to determine that it is not a real person, which creates completely new opportunities for social manipulation.
- Cybersecurity leadership will be about leading both humans and AI agents, where managers need to integrate AI into their teams to strengthen productivity and decision-making.
Together, this points to a development where AI is not only used as support, but becomes an active player in both attacks and defense.
What does agentic AI mean for the development of the threat landscape in 2026 and beyond?
Yaz Bekkar, principal consulting architect XDR, EMEA:
During the next year, attacks not just ”using AI” – AI will function as an independent actor that makes its own choices to achieve its goal. AI can already automate parts of an attack, such as information gathering, phishing and simpler defense attempts. In 2026, systems are expected that plan their own steps, learn from the defense’s reactions and change attack methods in real time.
The agentic AI operator handles the entire process – gathering facts, crafting compelling bait, testing a way in, observing how defenses react, and adjusting tactics and timing until it succeeds. It will feel like a coherent attack pattern, with each step automatically adapting and blending into normal activity.
Defenders should be prepared for new types of attacks and an increase in attacks that exploit unknown vulnerabilities.
Eric Russo, director, SOC defensive security:
AI has advanced so rapidly that it can already conduct advanced conversations with humans, both via voice and text, in a way that makes it very difficult to determine whether it is a human or not. An everyday example is how Android users can let Google's AI answer unknown calls, ask questions, and assess whether the call is legitimate.
The technology is impressive, but in the wrong hands it could change the way social engineering is done. For example, an agentic AI could have a convincing conversation with a finance employee to try to obtain corporate banking details. Or it could be used in more complex scenarios, such as through deepfake-based voice or chat to trick a helpdesk into resetting multi-factor authentication, thereby opening the door to a larger breach.
Jesus Cordero-Guzman, director, solution architects for application, network security and XDR, EMEA:
Autonomous AI systems are already a reality, and as a threat they will evolve rapidly. They can analyze large amounts of data, identify vulnerabilities in real time, and automate how they are exploited. In 2025, platforms such as Xanthorox, an AI system designed for cybercrime, emerged. This was followed by HexStrike and the even more advanced Venice.AI.
Agentic AI can be used for automated phishing, continuous defense mapping, and even to bypass CAPTCHA solutions to gain unauthorized access.
How can organizations defend against agentic AI-based threats and protect their own AI systems?
Yaz Bekkar:
Many organizations will find it difficult to detect agentic AI attacks because they can blend into the normal environment. Defenses based on behavioral analysis and AI that is tailored to their own needs are required. the business, not generic tools with default settings.
An effective defense includes:
- a platform that provides visibility across identities, devices, SaaS services, cloud, email and networks
- behavioral analysis that learns what is normal and detects abnormalities without relying on signatures
- human expertise that continuously monitors, adjusts and improves protection
Jesus Cordero-Guzman:
Traditional defense methods will struggle to keep up with threats that can adapt in real time. Organizations need to invest in modern solutions where AI used to detect and respond to attacks, so that threats are met at the same level.

What should organizations do to protect their own agentic AI solutions?
Jesus Cordero-Guzman:
Cybersecurity leadership will increasingly be about leading AI agents as much as humans. The new generation of leaders will need to understand how AI agents can be integrated into teams and how to govern them to enhance productivity and decision-making. This will require increased expertise in technology, natural language processing, and data analysis, so that the AI agents are given the ”role” and function that suits the needs of the business.
This is not just an operational issue, but also an ethical one. Organizations must ensure that AI agents are used responsibly and that the decisions the systems make are in line with of the business values and societal norms. As AI continues to evolve, leadership responsibilities will also change, especially when it comes to navigating this new and rapidly changing cybersecurity landscape.
How can agentic AI strengthen security?
Eric Russo:
Agentic AI will become an important support for security operations centers (SOCs). It can relieve much of the routine, reactive work and free up time for more proactive tasks, such as threat analysis and development of new detection models.
Another possibility is more advanced machine learning-based detection systems. By establishing baselines of user behavior and network traffic and automatically identifying anomalies, the systems can find more advanced threats, while reducing the number of false positives and preventing analysts from being overwhelmed by false alerts.








