Threat Vector 2026

On the frontier of cyber defense.

How AI-augmented attackers are reshaping identity attacks, code supply chains, and the economics of detection — drawn from Basalt engagements across four regions.

Three shifts to plan for in 2026

01 · Identity is the new perimeter — and it is AI-tested

Phishing kits with LLM-driven voice, real-time MFA fatigue orchestration, and OAuth abuse have collapsed the gap between "credential stolen" and "tenant compromised". ITDR coverage is no longer optional.

02 · AI features ship faster than AI red teams

Most LLM features in production today were never adversarially tested. Prompt injection chained with tool use is the new RCE — and it routes around the WAF.

03 · Detection engineering has compounding returns

Static rules are now decisively outpaced. Programs that invest in behavioural detection see MTTD fall by an order of magnitude within two quarters.

2026 thesis: the cost of attack is collapsing. The cost of defence has not. Adaptive defense is the only path that compounds.

Get the full reportBriefing for your board on request

Request