Dive Brief:
- The new year will bring more dangerous AI-powered cyberattacks and growing obstacles to regulatory harmonization, Moody’s said in a 2026 outlook report published on Thursday.
- The report also forecasts increased cryptocurrency thefts through cyberattacks on both transaction and storage platforms.
- Moody’s said recent cloud computing outages resulting from accidents highlighted “the potential for catastrophic impact if exploited by attackers.”
Dive Insight:
Moody’s cyber outlook report — part of a series of 2026 forecasts that business leaders are tracking closely — predicts that AI-related threats such as model poisoning will “become more prevalent and pronounced” as more companies adopt the technology without proper safeguards.
AI has already made it easier for attackers to personalize their attacks through phishing emails and deepfake media, Moody’s noted, but 2026 is likely to bring “adaptive malware” that is hard for defenders to spot, as well as AI agents that help hackers launch attacks more quickly. The research firm even predicted that the coming year would bring “early indications of autonomous attacks,” something that experts have grown increasingly worried about amid companies’ recent disclosures.
On the defense side, while Moody’s said companies that didn’t invest in “AI-driven defenses" would be “increasingly vulnerable,” the firm also predicted that agentic AI’s autonomous capabilities created the “potential for unpredictable behavior and error accumulation” that could complicate companies’ cyber incident response activities.
“AI-powered defense solutions are not a silver bullet; they introduce new risks and require strong governance,” Moody’s said. “In an era of AI-enabled cybercrime, however, firms that solely rely on manual processes will fall behind, increasing their exposure to costly breaches.”
Moody’s does not expect fully autonomous malware — the kind that can adapt in real-time to defenders’ tactics — to appear for another three to five years, according to the company’s report.
On the regulatory harmonization front, Moody’s highlighted the diverging paths of the European Union, the United States and countries in the Asia-Pacific region. The EU continues to pursue highly coordinated regulatory frameworks such as the Network and Information Security Directive, Moody’s noted, while in the U.S., the Trump administration is abandoning some of its predecessors’ regulatory efforts and delaying others.
“Regional harmonization may gain traction in 2026, yet achieving true global alignment will be difficult, given conflicting domestic priorities and legislative agendas,” Moody’s observed. “With attackers exploiting gaps faster than regulators can close them, the challenge will be to introduce harmonization that strengthens resilience, rather than diluting it.
