Crystal Ball 2026: Prediction Roundup Part 3

More, more, more, you say? Our roundup authors this year had even more input on the topic of cybersecurity, especially when it comes to AI’s impact on manufacturers and the fact that bad actors are increasingly weaponizing AI against all kinds of industrial systems.

Here are our SMEs’ insights for this third chapter of our Crystal Ball 2026 roundup:

Configit’s Henrik Hulgaard, Dan Joe Barry, Laura Beckwith, and Sigrún Ívarsdóttir

Discrete manufacturing faces many challenges and opportunities as tech advances at lightning speed. Legacy tech and processes must give way to greater agility if the industry is to meet changing customer expectations with next-generation capabilities. Knowing which changes to make will set the leaders apart from the laggards. To that end, the experts at Configit are sharing strategic insights for the year ahead.

New Product Roundup: RS Americas, Rootstock, Waites

AI will become a bigger part of manufacturing operations, including configuration and knowledge capture. We predict we’ll see AI become more embedded across design and production systems, especially in connecting systems like PLM and ERP/Sales (for configuration data) to reduce silos and speed up product decisions. Additionally, configuration will become more predictive, with AI and integrations helping identify configurations that are both market-relevant and feasible to produce.

2026 will be a race to capture institutional knowledge. With an aging workforce, manufacturers face a critical knowledge transfer challenge. Capturing and digitizing configuration and engineering knowledge will be essential in order for manufacturers to stay competitive. In 2026, we expect to see acceleration of efforts to digitize this tribal knowledge.

Gurucul’s Steve Holmes, Nagesh Swamy, and Chris Scheels

AI and automation will lead to more business disruptions. As AI-driven response becomes embedded in security operations center workflows, organizations can experience a new class of self-inflicted outages. AI systems will confidently take “correct” actions without grasping business context, such as locking out key authentication pathways or shutting down critical operations to contain perceived anomalies.

AI will enable more successful, more evasive insider threat behavior. Insider threat actors will in 2026 offload the riskiest parts of their actions to AI systems, exploiting gaps in how organizations secure internal AI tools and access models. Instead of creating a noisy footprint, insiders will rely on AI to automate exfiltration, reconnaissance and privilege escalation, which will also make them harder to trace.

eHandbook: Industrial IoT

A shift to real-time threat storytelling becomes the new baseline for security information and event management (SIEM) in 2026. SIEMs that deliver isolated alerts are losing ground to platforms that provide full “threat stories.”

AI is correlating identity, behavior, asset, and timeline data into contextual narratives—giving analysts a complete picture instead of fragmented events. This transition will expose the inadequacy of event-centric SIEMs, pushing the market toward story-first analytics as the new baseline. By 2026, story-first analytics will no longer be a differentiator; it will be table stakes.

Data pipeline management and AI SOC analysts will become table stakes for next-generation SIEM. By the end of 2026, data pipeline management and analysts will no longer be “nice to have” add-ons; they’ll become core, bundled components of next-gen SIEMs.

Buyers will expect native, integrated AI assistance at every tier of the SOC stack, and vendors relying on bolt-on architectures will lose ground as customers gravitate toward unified, outcome-driven platforms.

Michael Weller of Verizon Business

AI moves from paralysis to production. Many manufacturers are worried about AI, and uncertain where to put compute power. 2026 brings breakthrough deployments focused on computer vision for quality control and AI “shells” that wrap legacy systems in protective security layers. This finally moving innovation “out of the drawer."

Factories will embrace visual technology in a larger way. Manufacturing floors will become highly visual environments, driven by computer vision, digital twins, AR/VR headsets, and gamification.

Humans learn visually far more effectively than through text, and visual content. From just-in-time training videos to 3-D schematics, visual environments will transform worker engagement and productivity.

Connected worker technologies will deliver on their promise. After years of hype, 2026 is when connected worker technologies prove their value on the factory floor.

Wireless-enabled tools, especially mobile equipment, finally will deliver on promises of improved safety, real-time asset tracking, and operational flexibility.

Andrius Buinovskis, NordLayer

AI-powered social engineering and AI-enabled malware, an increase in ransomware attacks, web-based attacks, and insider threats will be the main business cybersecurity concerns in 2026.

In 2025, the corporate world witnessed a significant rise in artificial intelligence adoption, leading to a boom in AI-powered browsers, co-pilots, and personal assistants. However, cybercriminals also were quick to adopt AI, automating and scaling their attacks, and this trend will continue.

Four main cybersecurity threats businesses should expect this year:

AI-powered social engineering and AI-enabled malware: According to the World Economic Forum, phishing and social engineering attacks increased by 42% in 2024. The uptick that AI might have caused is likely to worsen.

See also: How smart industry is escaping the 'single cloud of failure'

Automated deepfake social engineering is a growing concern. Utilizing it, cybercriminals will be able to carry out more believable attacks, tricking even the most well-prepared employees.

Bad actors could utilize highly believable videos and voice calls to impersonate CEOs, third-party contractors, or other employees to trick staff members into divulging sensitive information, accepting fake invoices, or handing over credentials to infiltrate network for larger attacks.

An increase in ransomware: According to NordStellar, as of September 2025, ransomware incidents have increased by 47% compared to the same period last year.

Like other cybercriminals, ransomware groups are adopting AI and using it to scale their operations by automating the attacks. We've already seen how the rise of the ransomware-as-a-service model lowered the entry barrier for these attacks, allowing even hackers without the proper technical skillset to participate.

Web-based attacks: Malicious browser extensions were a prominent cybersecurity topic in 2025, raising concerns over browser protection. However, they're not the only browser-related threat to look out for—the browser has become a substantial attack surface and the primary target for many dangerous attacks.

As companies continue to adopt web-based software as a service and abandon the desktop for the web, the cyber risks that are waiting for employees in the browser are becoming increasingly more prominent and common.

See also: The strategic importance of industrial data fabrics

Insider threats: A study found that 83% of organizations reported having experienced at least one insider attack in 2024. Moreover, they were identified as the cause for the costliest data breaches in 2024 in an annual report by IBM, with an average cost of $4.99 million per incident.

Insider threats are complex, and as companies' attack surfaces constantly expand due to remote or hybrid work models and the introduction of shadow IT and shadow AI, the threat will continue to escalate.

With so many factors contributing to the complexity of the current cyber environment, it's becoming increasingly more difficult to ensure high observability into what users are doing and prevent them from bypassing security policies.

Editor's Note: The Crystal Ball Series will conclude on Monday, Jan. 12, 2026.