AI Cyber Risk: Key Threats & Security Trends

Parent Page Home
Parent Page Actualités et rapports
Parent Page Spotlight on Cyber Threats and Tech Advances 2026
Behind the Hype

Behind the hype

The risks, rewards and realities of agentic AI

AI adoption is accelerating at a speed that outpaces regulation, governance and security controls. Behind the industry buzz lies a complex truth: agentic AI brings value, but also risk. As businesses embrace automation and autonomy, they must navigate the good, the bad and the ugly sides of AI.

Agentic AI: Promise and pressure in equal measure

Agentic AI systems are already reshaping how organisations operate. They streamline workflows, increase productivity and solve challenges previously considered too complex or costly. But power comes with vulnerability:

AI-generated errors can spread through networks at speed
Bias can distort decisions and create regulatory exposure
Outputs are often unpredictable or opaque
Cyber extortion and targeted attacks become easier and cheaper for criminals

As cyber attackers rapidly adopt the same AI capabilities, the threat landscape is evolving faster than traditional controls can keep up.

AI adoption at record speed

According to Gartner, one-third of enterprise software will include agentic AI by 2028, and the technology is already making 15% of daily autonomous decisions¹¹. Global adoption is certain, which means businesses must actively manage the new risks that accompany these powerful tools.

The good

Faster decisions, smoother workflows, stronger defences

Agentic AI doesn’t just automate tasks; it accelerates decisions and connects processes that previously slowed businesses down.

Operational continuity and efficiency

With fewer pauses, handoffs and bottlenecks, organisations achieve a level of operational flow that previously felt out of reach. Teams can refocus on growth, strategy and revenue – instead of firefighting.

Machine-speed cyber defence

AI-driven detection models like MXDR identify threats before most staff start their day, spotting threats and helping firms by alerting them to vulnerabilities, enabling them to be patched before they escalate.
The rise of vibe coding¹²

Agentic AI can translate vague, unfinished ideas into working code – independently filling in the details. This shift is so significant that Collins Dictionary named ‘vibe coding’ its 2025 Word of the Year¹³.

Work that once took weeks now takes minutes, empowering teams to build, iterate and innovate without deep technical expertise.

AI as a structural management system

When deployed intentionally, AI agents become more than a tactical addon. They act as a foundational layer of organisational management and decision support, underpinning entire business operations.

“While AI is helping improve attackers’ capabilities, it also gives defenders the chance to get ahead. By automating risk discovery with agentic testing and investigation tools, we can identify, validate and contain threats before attackers exploit them.”

Francisco Donoso
Chief Product and Technology Officer, Beazley Security

The bad

Bias, black boxes and escalating systemic risks

As AI capability rises, so does exposure to errors, misinterpretations and misuse.

Built-in flaws

Agentic AI can:

Produce biased outputs
Invent false information
Misinterpret instructions
Hallucinate or provide misleading results
Operate as a ‘black box’ with limited transparency on decisions made

When highly connected systems make autonomous decisions, a single mistake can propagate across the business.

Natural-language prompts = hidden danger

The same behaviour that accelerates coding introduces significant risk:

AI produces outputs that look polished but can contain invisible flaws

Generic patterns become easy for attackers to exploit

A single hidden instruction in an email can redirect an AI agent’s actions

This makes prompt injection and manipulation a rising cyber threat.
Unintended consequences

Without strict guardrails, AI systems can:

Connect systems that were meant to stay separate

Leak sensitive data

Trigger unintended actions (e.g. deleting files, running code, granting permissions)

OWASP identifies this ‘excessive agency’ as a top emerging risk for 2025/ 26¹⁴.

Shadow AI

When control frameworks lag behind adoption, employees can turn to unapproved tools. Shadow AI is growing by up to 250%¹⁵ in some sectors, and more than half of UK workers use unapproved AI weekly¹⁶.

Growing attack surface

AI systems dramatically expand the number of entry points for cyber criminals.
The UK Government’s Code of Practice for the Cyber Security of AI¹⁷ warns that traditional security programmes often miss:

Data poisoning
Prompt injection
Model manipulation

“AI is accelerating attacker capability – from faster vulnerability discovery to more efficient targeting and exploitation. It’s a powerful vulnerability finder for defenders too, but it cuts both ways: the same techniques that surface hundreds of overlooked flaws in widely used open-source components can be used to prioritise and scale attacks.”

Melissa Carmichael
Head of Cyber Risks, USA, Beazley

Geopolitical and organisational fallout

Automation can reshape or destabilise entire teams. Rapid workforce transformation risks morale loss, resistance and operational fragility.

The ugly

AI now enables attackers to run complex, multi-layered scams with minimal cost.

Deepfake deception

Sophisticated AI imagery can:

Fake leadership teams

Impersonate staff

Fabricate screenshots for legal disputes

Mislead investors, customers and partners

Voice clone fraud

With just three seconds of audio, attackers can clone an executive’s voice with 85%+ accuracy. McAfee reports¹⁸:

1 in 4 people have encountered an AI voice scam

77% of victims lost money
Sextortion at scale

Criminal networks now share full playbooks for weaponising:

Coercion

Reputation damage

Family or partner targeting

Blackmail tied to business extortion

These tools allow criminals to combine cloned voices, fake video calls and persuasive emails into coordinated, devastating attacks.

The way forward

Governance first, automation second

Boards and policymakers must put governance, transparency and human oversight at the core of AI adoption.

“AI adoption is scaling fast, but governance is lagging behind. New tools and custom integrations appear overnight, yet compliance duties don’t slow down. The organisations that will win are the ones that: set clear boundaries for what systems can do, keep auditable decision-to-action trails, and build controls that scale with change.”

Craig Linton
Head of US Underwriting Management, Cyber, Beazley
Why core systems are at the highest risk

When AI agents operate in:

Finance

Procurement

Identity management

The consequences of a single misstep can include regulatory fines, reputational damage and broken partnerships.

AI for Defence

MXDR and continuous monitoring provides:

AI-powered automated threat discovery

Human-led investigation and containment

Full visibility across devices, cloud, networks and apps

This dual approach reduces blind spots and intercepts attacks earlier.

Autonomy with guardrails

Guardrails must ensure AI pauses and defer to humans at key decision points.

Bounded autonomy frameworks should include:

Explicit permissions – define exactly what the AI can and cannot do

Step-up approvals – require human signoff for any high-impact action (e.g., payments, file deletion)

Safe defaults – if the AI is uncertain, it must stop and request escalation - not guess

AI risk is not just technical; it’s about design, accountability and control.
Boundaries before breakthroughs

Agentic AI is becoming the operational engine of modern business.
Value increases in parallel with exposure, so success depends on how well organisations:

Govern autonomous systems

Maintain visibility

Keep humans accountable

Manage rapid change

Build resilient security architectures

To thrive, firms must control the systems that increasingly control their business.