The rapid development of AI is reshaping the cybersecurity landscape in 2026 for individual users and for businesses. Large language models (LLMs) are influencing defensive capabilities while simultaneously expanding opportunities for threat actors, says cybersecurity company Kaspersky.

AI will become a cross-chain tool in cyberattacks and be used across most stages of the kill chain. Threat actors already employ LLMs to write code, build infrastructure and automate operational tasks.

Further advances will reinforce this trend, as AI will increasingly support multiple stages of an attack, from preparation and communication to assembling malicious components, probing for vulnerabilities and deploying tools.

Attackers will also work to hide signs of AI involvement, thereby making such operations harder to analyse.

“While AI tools are being used in cyberattacks, they are also becoming a more common tool in security analysis and influence how security operations centre teams work. Agent-based systems will be able to continuously scan infrastructure, identify vulnerabilities and gather contextual information for investigations, thereby reducing the amount of manual routine work.

“As a result, specialists will shift from manually searching for data to making decisions based on already-prepared context. In parallel, security tools will transition to natural-language interfaces, and enabling prompts instead of complex technical queries,” adds Kaspersky Research Development group manager Vladislav Tushkanov.

Further, deepfakes, generated by AI tools, are becoming a mainstream technology and awareness will continue to grow. Companies are increasingly discussing the risks of synthetic content and training employees to reduce the likelihood of falling victim to it.

Awareness is rising within organisations and among regular users, as end consumers encounter fake content more often and better understand the nature of such threats.

Deepfakes are becoming a stable element of the security agenda, which requires a systematic approach to training and internal policies.

Additionally, while the visual quality of deepfakes is already high, realistic audio remains the main area for future growth.

Content-generation tools are becoming easier to use, as non-experts can now create a mid-quality deepfake in a few clicks. As a result, the average quality continues to rise, creation becomes accessible to a far broader audience, and these capabilities will inevitably continue to be leveraged by cybercriminals, the cybersecurity company says.

Online deepfakes will continue to evolve, but remain tools for advanced users. Real-time face and voice swapping technologies are improving, but their setup still requires more advanced technical skills.

Further, wide adoption is unlikely, yet the risks in targeted scenarios will grow and increasing realism and the ability to manipulate video through virtual cameras will make such attacks more convincing.

Meanwhile, efforts to develop a reliable system for labelling AI-generated content will continue.

There are still no unified criteria for reliably identifying synthetic content and current labels are easy to bypass or remove, especially when working with open-source models. Therefore, new technical and regulatory initiatives aimed at addressing the problem are likely to emerge, Kaspersky adds.

Additionally, open-weight models will approach top closed-models in many cybersecurity-related tasks, which create more opportunities for misuse. Closed models still offer stricter control mechanisms and safeguards, limiting abuse.

However, open-source systems are rapidly catching up in functionality and circulate without comparable restrictions. This blurs the difference between proprietary models and open-source models, both of which can be used efficiently for undesired or malicious purposes.

The line between legitimate and fraudulent AI-generated content will become increasingly blurred. AI can already produce well-crafted scam emails, convincing visual identities and high-quality phishing pages.

Simultaneously, major brands are adopting synthetic materials in advertising, making AI-generated content look familiar and visually normal. Therefore, distinguishing real from fake will become even more challenging, both for users and for automated detection systems, the company notes.