SALT LAKE CITY, Utah – Netcraft, a global leader in brand protection tools and services, website takedowns and threat disruption, announced five predictions from some of its threat researchers for the coming year.
“In 2026, we’ll see continued growth in Chinese Phishing-as-a-Service operations, more convincing video deepfakes and increasingly coordinated multichannel scams,” said Robert Duncan, vice president of product strategy at Netcraft. “AI will introduce new risks, such as prompt injection, while enhancing the quality and scale of existing fraud. Defenders will need to adapt just as quickly, relying on earlier insight and faster disruption to stay ahead. At Netcraft, we’re concentrating on shortening that gap and surfacing threats earlier and minimizing the window in which they can cause harm.”
Here are Netcraft’s five predicted trends for 2026:
New AI Vulnerabilities Will Continue to Emerge
As AI systems evolve from chatbots to autonomous agents and agentic browsers, new security and data integrity risks are continuing to emerge. The growing complexity of these systems will likely result in data leakage, workflow manipulation and unintended access to sensitive information. Threat actors may leverage AI agents for reconnaissance, data exfiltration and even automation of some ransomware operations. At the same time, the possibility of manipulating AI agents themselves presents a lucrative opportunity for fraudsters if developers fail to bake in robust protections.
Phishing-as-a-Service Will Gain More Traction
Phishing-as-a-Service emerged as a defining shift in 2025, dramatically lowering the technical barrier for cybercriminals and enabling widespread, coordinated phishing campaigns across industries. The trend of “OAuth phishing” also gained traction, where attackers manipulate users into granting malicious third-party app access instead of stealing credentials outright. This represents a new layer of deception and signals a likely expansion to more online platforms in 2026.
Proactive Attack Surface Management Will Mitigate Impact of Persistent Vulnerabilities
Pervasive, high-severity vulnerabilities across web-facing services will continue to affect the software supply chain. 2025 has seen React2Shell and several vulnerabilities across network devices including FortiWeb and F5 BIG-IP. While some issues can be partially mitigated by web application firewalls, proactive attack surface management tools both at nation and enterprise level will increasingly become the buffer that mitigates, contains or delays large-scale exploitation.
Seasonal Events to Drive More Crime
Seasonal and event-driven attack patterns, including phishing waves aligned with tax deadlines, the 2026 Winter Olympics and the U.S. midterm elections, are all likely to be exploited for social engineering lures. Additionally, holiday travel and hospitality brands are expected to be impersonated in large-scale scams. The continued rise of scam call operations, fake investment platforms and cross-group collaboration among threat actors is another area of the threat landscape to see expansion. Growing partnerships between ransomware and hacktivist groups, such as DragonForce and Scattered Spider, highlight the ongoing convergence of ideological and profit-driven cybercrime, a trend that will likely intensify through 2026.
Industries with Downstream Impact Will Remain Most Attractive Targets
In 2026, industries with broad downstream impact, such as managed service providers, insurance and consulting, will remain prime targets for threat actors seeking access to other victims. Fintech, especially segments tied to under-regulated assets and crypto markets, will continue to struggle with maturing their security infrastructure. Meanwhile, logistics, shipping and retail sectors may see phishing lures tied to tariffs or shipping-related themes.