Crystal Ball 2026: AI-driven cyberattacks are coming. Here’s how to prepare now

While manufacturing’s roots are in physical equipment, digital infrastructure is just as important to today’s operations.

As such, manufacturers are responsible for safeguarding digital endpoints such as laptops, production servers, engineer workstations, connected sensors, and IoT/OT devices, as well as their physical endpoints in machine production equipment.

Transitioning the “safety” mindset from physical to digital security is not necessarily a new concept for manufacturers, but it ‘s evolving.

See also: Roadmap to physically intelligent industrial operations

Across the board, manufacturing infrastructure varies drastically. On one end of the spectrum, manufacturers are leveraging AI to produce advanced microchips; on the other end, some in rural locations are struggling to maintain Wi-Fi connections.

Heading into 2026, manufacturers must prepare for the acceleration of attacks spawned by AI and understand that the volume is more than human defenders can handle alone.

Legacy vulnerabilities become AI-weaponized entry points

One of the most pressing security concerns for manufacturers is the threat posed by unpatched vulnerabilities. Firstly, patching cycles within manufacturing organizations sometimes fall into a cyclical pattern—every few months, biannually, or even annually.

Regardless, ad hoc patching is not the norm, and given that attackers are leveraging AI to scan for and exploit older, unpatched vulnerabilities, the norm of not patching lower-risk vulnerabilities until the next cycle is catching up with manufacturers.

See also: Industries need cyber insurance more than ever, but the rules are tightening

For example, older vulnerabilities in Windows or Linux systems that were previously rated only “medium” in severity are now reclassified as high-risk. In manufacturing, we see attackers targeting outdated PLC engineering workstations, unpatched supervisory PCs, older HMI machines, and unsupported OS versions.

In 2026, manufacturers should leverage automation to their advantage to help close lower priority security gaps, preventing them from becoming severe in the future, while freeing up IT and security team bandwidth to investigate pressing, high-severity vulnerabilities.

Expanded attack surfaces: IoT, shadow devices and unmapped endpoints

Advances in connected sensors and smart equipment drive part of manufacturing’s transition away from physical device security. While these devices help boost efficiency, they also introduce risks.

We commonly see IoT devices that don’t run full operating systems, which lack the level of security required in today’s environment. As such, when a plant manager plugs in a new sensor without considering security risks or IT approval, this form of shadow IoT expands the attack surface.

See also: Protecting modern manufacturing systems from socially engineered cyber fraud

Default passwords remain a significant attack vector for manufacturers. To ensure password strength meets security requirements across the network and that firmware updates happen in real time, manufacturers should conduct network-wide discovery audits to identify unmanaged or forgotten devices that may contain security gaps.

Addressing cultural gaps: Cybersecurity isn't just IT’s job

Within manufacturing organizations, when cybersecurity responsibility falls solely on the IT or security team, it is likely to fail.

Siloed workflows, especially when heavily manual, create bottlenecks that stifle the ability to defend against today’s AI-powered threat landscape, such as collecting vulnerability data insights and turning them into action that plugs gaps before attackers penetrate the network.

See also: What manufacturers risk when they try to patch everything

Often, delays in patching stem from differing priorities between stakeholders within the organization, whether it's engineering, operations, or corporate leadership.

According to research, 55% of enterprises experience delays in deploying patches due to stakeholder approvals. Just as collaboration, especially across different organizational functions, is paramount for success in digital transformation, the same is also true for cybersecurity.

To promote stronger collaboration in 2026, manufacturers can make a few adjustments.

See also: With MFT use growing among manufacturers, new findings see critical cybersecurity gaps

Firstly, consider sharing risk visibility across leadership, IT, engineering and more departments within the organization. A shared understanding can help improve buy-in when the time comes.

Next, standardizing the chain of command for approvals of downtime windows or incident communications plans can strengthen collaboration. Finally, enabling IT and OT teams to access executive dashboards can also help break down communication silos.

Why manual processes will fail in 2026

Humans simply cannot keep up with manual patching. Case in point: More than 40,000 new vulnerabilities were reported in 2024 alone, not to mention the vulnerabilities already sitting in teams’ backlogs.

On top of that, our research shows threats will continue to move faster and at greater volume in 2026. The reality is that manual patching processes will never be able to keep pace.

See also: Patchwork of tech, siloed staff plantwide can make for cybersecurity nightmares

Further underscoring the challenge, more than one quarter of enterprises take a week or longer to deploy patches, a timeline that can stretch even further in certain OT environments, particularly those without reliable Wi-Fi connectivity.

Just as AI-generated exploit code is speeding up hackers' ability to deploy within hours of vulnerability disclosure, automated tools are helping enterprises deploy patches faster.

See also: How agentic AI can be a 'force multiplier' in IT and OT cybersecurity

According to research, organizations that significantly leverage automation in their patching process deploy patches 50% faster within the critical one to three-day window than those using limited automation.

Automation is helping manufacturers shift from a “we’ll patch it later” mentality into a proactive security mindset that builds resilience.

What manufacturers should do over the next few months

As the year winds down and we head into 2026, manufacturers can take a few measures to create a more modern and resilient security posture:

1. Clear legacy vulnerabilities now: Review all endpoints and pay special attention to aging systems by running vulnerability scans. Then, reclassify vulnerabilities and apply the necessary patches accordingly.
2. Map all endpoints and IoT devices: By running a full asset discovery audit, manufacturers can then enforce necessary password updates and disable default credentials on connected devices. Moving forward, updating protocols to require approval before connecting new devices can streamline future audits.
3. Build cross-department cyber alignment: Manufacturers can build collaboration by implementing role-based dashboards accessible to executive, IT, and operations teams, as well as by conducting tabletop exercises to test rapid response speed and communication across departments.
4. Integrate detection, patch orchestration and asset management: Remember that vulnerability detection tools are only practical when the IT team applies the necessary fixes. As such, continuing to integrate systems, such as vulnerability detection, with remediation tools like patching software can reduce manual workloads and foster digital transformation.
5. Accelerate automation efforts: Automated patching helps match the speed of today’s threat landscape, but not without human oversight to pause or rollback patches if necessary. Manufacturers should automate all processes that can be, while maintaining manual oversight to set rules and update processes accordingly.
6. Utilize patching tools that leverage peer-to-peer (P2P) distribution and bandwidth-aware delivery: These approaches reduce reliance on centralized downloads, accelerate patch deployment across sites, and minimize network congestion, enabling faster remediation without disrupting production or critical OT operations.

Looking ahead, it's not all doom and gloom. While risks will continue to become more relentless and persistent, manufacturers who are increasing their readiness are on the right path to continued success.

See also: Zero-trust cybersecurity for increasingly interconnected OT

While “smart factories” are proliferating, they are not the only players, and as such, modernizing cybersecurity applies to all manufacturers.

By modernizing patching, visibility, culture, and automation, manufacturers can reduce exposure and continue to provide the goods and services that the world depends on.

Editor's Note: The Crystal Ball Series will resume on Monday, Jan. 5, 2026.