Home Insights PodcastsEpisode 194: 2026 Cybersecurity Predictions Mid-Year Review

Episode 194: 2026 Cybersecurity Predictions Mid-Year Review

In episode 194 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Ed Skoudis, President of SANS Technology Institute. Together, they conduct a mid-year review of 2026 cybersecurity predictions from seven Center for Internet Security^® (CIS^®) experts, as shared on the CIS website.

Here are some highlights from our episode:

01:50. Ongoing conversations about improving defense with artificial intelligence (AI)
05:19. A trap to avoid: Automating things with AI because we can regardless of utility
06:54. Ed's prediction about a near-term transition for AI-enabled vulnerability discovery
09:27. How AI agents change the economics around conducting a penetration test
11:26. Adversary emulation: A blurry proposition when threat actors use AI to look like anybody
14:02. Ed's prediction about threat actors shifting APT profiles within a single attack campaign
17:00. The need to systematically rethink cyber defense to support state and local cybersecurity
23:34. How adversaries are pivoting to the "authorization sprawl" in light of zero trust efforts
29:20. Industry-specific threat intelligence as a way to keep organizations informed
32:10. Why a policy isn't the same as security control for operational technology (OT)
33:55. Social expectations and public policy objectives around holistic OT security
39:52. Compliance as a floor, not a ceiling, that results as a byproduct of continuous security
43:43. The need for oversight and confidence in technology as distinct from the "Fog of More"

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

Subscribe to Our Podcast

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.