We’ve seen an intensely eventful 2025, with the rise of generative AI and beginnings of agentic AI, and a major cyberattack seemingly every other week. What could 2026 possibly hold for tech?

The experts have shared their thoughts – let’s see what they have to say.

We’ve split it into the following sections:

AI
Agentic AI
Data
Legislation and regulation
Cybersecurity
Supply chain
Leadership
Other

AI

Composable intelligence will replace monolithic AI

The next frontier in AI/ML isn’t about building bigger models, it’s about making smaller ones work together. The rise of Model Context Protocol (MCP) and agentic frameworks will turn AI into a composable ecosystem of reusable, discoverable micro-agents. Organisations will deploy fleets of ML models, each powering specialised classification, prediction, and recommendation tasks, each behind MCP endpoints that plug directly into the agent mesh.

Paul Aubrey, director of product management, NetApp Instaclustr

AI empowerment wins over AI replacement

Do you want to play to win, or not to lose? In 2026, leaders will face a spectrum between two options: either use AI to eliminate jobs or use AI to empower people to create a competitive advantage. It is becoming increasingly clear that AI should empower people – not replace them – and companies will need bold and inspirational leaders to invest in their workforce through continued change.

Bryan Harris, Chief Technology Officer, SAS

Time to mop up AI slop

Remember when the log4J breach rocked the open source community? In 2026, mature, early AI adopters that bypassed attempts to measure and incorporate AI responsibly will be exposed. The result will be a massive loss of credibility as their use of commoditised AI slop is surfaced to the masses

Luis Flynn, market strategist for Applied AI, Open Source Software & ModelOPS, SAS

2026 will see the rise of purpose-built agents

“2026 will be the year of specialised AI agents. The era of “one-size-fits-all” AI agents will end, to be replaced by purpose-built consumer agents designed to drive specific outcomes. This could be resolving a customer issue, forecasting demand, or converting your consumers. General models like ChatGPT showed what’s possible; enterprise agents will now show what’s useful. Most companies simply don’t need a large language model that can tell them everything from how to debug a line of JavaScript to how to bake a cake. Most of that information is irrelevant intelligence.

Keith Zubchevich, president and CEO at Conviva

The next great security gap: AI connectors and data flows

The biggest data breaches of 2026 will come from the tools companies willingly connect to their own systems. As AI apps proliferate across cloud ecosystems, businesses will rush to integrate them without understanding the permissions and data flows involved. Each connector becomes a potential backdoor into business-critical systems like CRMs, SaaS platforms, and email environments. Attackers will exploit these weak links faster than defenders can catalogue them, forcing the industry to evolve more quickly toward disciplines like AI Posture Management.

Robert Johnston, GM, Adlumin

Eroding critical thinking skills

Widespread use of AI-driven information tools will make it easier than ever to find answers – but at the cost of eroding critical thinking skills. As people increasingly rely on AI to provide instant responses, the imperative to evaluate sources and exercise judgment will diminish. This creates fertile ground for social engineering and misinformation campaigns, as malicious actors can flood the internet with false narratives that AI systems may inadvertently amplify.

The risk is not just technical, but societal: as users become less accustomed to questioning the validity of information, organisations will face new challenges in defending against manipulation and accidental breaches caused by misplaced trust in AI-generated content.

David Higgins, senior director – field technology office EMEA, at CyberArk

• Digital Twins will become the most useful executive tools in 2026

Digital twins will become one of the most valuable executive tools in 2026. 

Improvements in AI modelling mean teams can now simulate how customers might respond to new ideas, features or creative work, using the insight they already have. It turns research from a static archive into a working system inside the marketing workflow, letting teams test, learn and iterate before costly decisions are made. 

For a C-suite facing rising pressure on speed, spend and certainty, simulation will become a key strategic capability in the next twelve months.

Danielle Jaffit, co-founder of Quartz Labs

Agentic AI

Agentic AI Risk and governance will break through to executive awareness

We’ll likely see the first major “AI governance” scandal in 2026, where an autonomous or semi-autonomous AI tool causes a security or compliance breach. That will push boards to treat AI like any other business risk, with proper oversight, risk models, and accountability.

In 2026, AI will no longer be just a technology issue. It will become a governance issue, one that’s owned by the board, not just IT.

Sam Peters, chief product officer, IO

CIO? That’s chief integration officer to you

In 2026, CIOs will answer the call to orchestrate the agentic AI future. As AI agents proliferate, the CIO’s role will decisively shift from tech enabler to ecosystem integrator: the Chief Integration Officer. AI governance, integration and cross-functional leadership will shape the day of every CIO as we determine the future of IT architecture in an agent-led world.

Jay Upchurch, chief information officer, SAS

Data

Unstructured data will no longer be a passive archive

The era of AI is presenting enormous challenges and opportunities. Unstructured data is perhaps the biggest frontier for enterprises. It is vast, dispersed across multiple silos, and difficult to access and manage efficiently. Businesses that can unlock the full value of their unstructured data repositories and gather insights from that data are the ones that will gain the biggest competitive advantage in 2026. 

Organisations will need powerful data management tools to classify, curate, and clean data at scale, ensuring high-quality inputs for AI models. Moving to the cloud is an incredible foundational piece of the puzzle; it offers infinite scalability, global accessibility, and high performance. For the first time, we have cloud infrastructure that is equal to the scale of the challenge of unstructured data. Organisations can go from many hard to reach silos to having unified access to all of their unstructured data. At that point, seamless integration with multiple machine learning and large language models through standardised interface protocols (such as MCPs) enables ongoing insights and flexibility. Metadata-rich architectures will become the norm, providing the structure and automation needed to transform raw, unstructured data into a strategic enterprise asset.

With this approach, unstructured data will no longer be a passive archive but an active, intelligent layer of enterprise decision-making and innovation.

Andres Rodriguez, founder and CTO, Nasuni

Legislation and regulation

The rise of agentic regulation will redraw the AI rulebook

Next year, governments will shift from regulating AI models based on size or capability to regulating who can use autonomous agents and how much data they can touch. Agentic regulation will focus less on theoretical risks of general-purpose AI, and more on restricting autonomy and access within high-risk sectors. The industry should expect frameworks that classify agent permissions much like user access tiers – defining whether an agent can read sensitive data, issue commands, or act without human confirmation.

This new wave of regulation will create friction for enterprises deploying GenAI-powered assistants in sensitive workflows. It will force them to implement stricter oversight and consent mechanisms to ensure audit trails. We’ll see a shift from zero trust to “zero agency”, where organisations limit how much autonomy an agent can have and require explicit approval for sensitive actions. This change will mark an inflection point for responsible AI. The teams responsible for AI will need to demonstrate that every agent operates within defined guardrails and cannot be repurposed for malicious intent. As autonomous AI moves from experiment to enterprise standard, compliance will hinge on proving not just model safety, but agent accountability.

Jimmy Astle, senior director, validation and data science at Red Canary

Digital sovereignty will continue to shape the European software market

Looking at 2026 and beyond, digital sovereignty will continue to shape the European software market with the growing drive for greater digital autonomy and operational resilience. This represents a fundamental market shift, moving well beyond previous compliance exercises. This shift is driven by significant macroeconomic factors and regulatory needs. 

A wave of new rules and regulations, like the Digital Operational Resilience Act (DORA), Network and Information Security Directive 2 (NIS2) and the Data Act, is resetting market expectations for security and data handling. Customers are demanding more control over their data and a clearer understanding of their digital supply chains. Thus there is a growing focus on reducing technological dependencies and mitigating operational risks associated with third-party providers.

The key question is no longer just where data is stored, but who ultimately has control and access to it. 

This changes the competitive landscape for software vendors. Building verifiable trust is now a primary business objective, leading to a “sovereign-by-design” approach. This has now become a competitive business advantage. 

However, the biggest evolution is organisational. Success demands a cultural shift from a traditional legal-led compliance task to a product capability mindset. This requires making sovereignty part of the overall product feature, part of the software architecture, and not something that runs in parallel or is an afterthought.

In 2026, the conversation will pivot from regulatory awareness to proven execution. The market leaders will be those who have successfully made this organisational leap, leveraging enterprise open source not merely as a technology choice, but as the strategic foundation for delivering the verifiable autonomy, control, and resilience our customers now demand.

Fevzi Konduk, EMEA director software and ISV ecosystem, Red Hat

Cybersecurity

Browsers will be the soft spot in phishing’s AI upgrade

“In 2026, browsers will overtake email as phishing’s most exploited entry point. With generative AI lowering the cost and complexity of deception, adversaries will use deepfakes, poisoned search results, and fake CAPTCHA to trick users into executing code directly from the browser. These lures will be almost indistinguishable from legitimate sites, turning the browser into the easiest place to win trust and break it.

Phishing will become a real-time, AI-driven numbers game. Adversaries will target thousands of users with adaptive, highly personalised lures, needing only a few victims to reap significant financial reward. Unlike Windows or macOS, browsers act as a joker in the pack. They sit outside the traditional security stack and therefore lack the mature controls and visibility that protect operating systems and endpoints. Recent warnings around ChatGPT’s AI-powered Atlas browser show how this blind spot could also widen as intelligence moves into the browser itself.

To stay ahead next year, businesses must start treating browsers as critical infrastructure. That means tightening access and identity controls, improving endpoint and cloud-level monitoring, and training users to recognise the new generation of attacks. Awareness alone won’t be enough – defences rely on both user and system resilience working in concert.”

Keith McCammon, co-founder at Red Canary

Organisations that truly embrace risk in 2026 as part of their wider operating strategy will strengthen their cybersecurity and boost their competitive advantage

Organisations that truly embrace risk in 2026 as part of their wider operating strategy will strengthen their cybersecurity and boost their competitive advantage. By taking a scientific approach to understanding, measuring and monitoring risk – right across a business, from competitive strategy to security posture – cybersecurity will become an asset, delivering wider benefits and a stronger market position. 

Take the example of the casino industry: casinos are in the business of managing and monitoring risk all day long, in every aspect of operations, from the buffets to the card tables, yet there’s the understood concept that “the house always wins.” The secret lies in the casino industry’s risk thinking, which involves taking a systematic approach to measuring the benefits and costs of risk, so they know exactly when they’re willing to deploy resources across their operations to achieve a high financial reward, and more importantly, exactly where they are not.   

This year, CISOs must apply this rigorous casino thinking to cybersecurity operations to strengthen their organisation’s ability to innovate, when external risks are increasing but funding resources may be limited or declining. For example, while the benefits of dedicated security system access for the company’s C-level team may carry high costs, risk profiling shows that enhanced company-wide security access controls can maximise risk reduction across the business, while also unleashing more individual contributors’ productivity. It’s the CISO’s responsibility to ensure that in these operating areas where there’s a very clear value-add to the wider organisation, these game-changing opportunities don’t go begging.

Elyse Gunn, CISO, Nasuni

Defensive capabilities will overtake offensive thanks to cross-actor visibility 

While threat actors are quickly accelerating their tactics with AI-enabled scale, defenders are poised to regain the advantage in 2026 because they can see the whole board. Unlike attackers, who often operate alone, with limited creativity, security vendors can aggregate patterns across thousands of attempted intrusions to better understand popular tactics and strategies. This cross-actor visibility allows defenders to proactively identify emerging techniques long before individual organisations are targeted. In 2026, this network-level intelligence will become one of the most powerful differentiators in cyber resilience, enabling defenders to predict and neutralise attacks before they begin. 

Nicole Reineke, senior distinguished product leader, AI , N-able

Identity will become the new ransomware

In 2026, identity will eclipse ransomware as the top cybersecurity battleground. As small and mid-sized businesses continue migrating to the cloud and integrating AI applications into their workflows, many will unknowingly expose critical access points through poorly configured connectors and SaaS integrations. These identity-based attack paths, linking everything from CRM systems to cloud email, will become prime targets for cybercriminals looking to exploit misconfigurations and weak authentication. What was once a simple phishing email is evolving into identity hijacking at scale, driving a new wave of breaches that begin long before encryption and ransom demands ever occur.

Robert Johnston, GM, Adlumin

Cybersecurity budgets in transition 

In 2026, cybersecurity will be a key driver of operational efficiency and strategic resilience. Organisations that allocate their budget wisely will turn security costs into measurable value. The global cybersecurity market is projected to grow from USD 218.98 billion in 2025 to USD 562.77 billion by 2032, exhibiting a CAGR of 14.40 per cent during the forecast period, according to Fortune Business Insights.

In 2026, cybersecurity budgets are set to undergo a fundamental change driven by regulatory pressure, technological advances, and the evolving threat landscape. Companies will move away from rigid contracts and expensive individual tools toward flexible, AI-supported solutions that automate routine tasks and reduce the burden on security teams. AI technology will enable the security teams to cover more with less and make informed decisions faster in a way that never existed before. Companies of all sizes are increasingly turning to pay-as-you-go models, paying only for the services they use. At the same time, security spending remains stable at 10-15% of overall IT budgets, making intelligent allocation critical.

Compliance requirements – such as GDPR, NIS2, and DORA – are shaping cybersecurity strategies at board level, shifting the focus from reactive measures to risk-based investments. Cost-effective basic controls remain highly effective: multi-factor authentication, automated patch management, employee training, and adherence to frameworks such as NIST, ISO or Cyber Essentials. When security measures are strategically integrated, they enhance protection while improving business efficiency. By reducing the risk of downtime, streamlining processes and aligning security controls with the business strategy, cybersecurity becomes a real driver of productivity.

Simon King, head of information security, Infinigate Group 

Banks will increasingly rely on fintech partnerships and digital payment innovations to expand their reach

As leading banks strive to lower their cost of capital, they increasingly rely on fintech partnerships and digital payment innovations to expand their reach and attract more deposits. This interconnected ecosystem, built for efficiency and growth, unintentionally creates new security vulnerabilities. Each additional fintech or digital payment provider becomes a potential entry point for attackers, expanding the attack surface and introducing risks such as identity theft, synthetic fraud, and disruption of payment systems. The drive for lower costs and greater reach, while commercially compelling, can outpace the ability of banks and their partners to secure every link in the chain, making the entire financial system more susceptible to sophisticated cyber threats.

Andy Parsons, Director, EMEA, financial services and insurance, CyberArk

Supply chain

Precision, not volume, defines software supply chain attacks in 2026

“In 2026, software supply-chain attacks will evolve from mass exploitation to precision targeting. Adversaries are already playing the long game, contributing legitimate code to open-source software (OSS) projects, building trust within developer communities and waiting for the right moment to strike. The goal won’t be a single breach, but systemic leverage. One compromise in a widely used dependency could ripple across thousands of organisations overnight.

This evolution will redefine scale. Instead of spraying exploits across thousands of targets, adversaries will compromise a single trusted dependency to reach many. With most open-source projects maintained by small teams or individual developers, often without security oversight, the attack surface has never been more exposed – or more tempting.

In 2026, trust will become an increasingly exploited vulnerability. Organisations must verify not just who accesses their systems, but what code they run. Knowing the origin, integrity, and build process of every component will become a baseline requirement. Software assurance will no longer be a checkbox exercise, it will become a critical layer of defence in an era where precision, not volume, defines the threat landscape.”

Keith McCammon, co-founder at Red Canary

Supply chain and third-party risk will bite even harder

Attackers are targeting suppliers and partners more than ever. In 2026, expect a rise in breaches that ripple across entire supply chains, from open-source software libraries to managed service providers. The weakest link is everyone’s problem now.

Third-party assurance is now central to resilience. Compliance platforms that connect supplier risk data are no longer optional; they’re essential.

Sam Peters, chief product officer, IO

Leadership

Strategy becomes a living system 

“Creating a strategy and checking in to adjust it quarterly is no longer going to work in an era where internal or external disruptions can change everything overnight. This year, strategy will shift to operating as a living system; one that is regularly learning, anticipating, and adapting in real time. AI and data analytics are making this possible, but the true shift will also be cultural. Organisations will shift from static planning to adaptive decision-making – where data doesn’t just report cyclical changes, but enables leaders and teams to anticipate change, see gaps, and plan for them. The companies that thrive will be those that are the most agile, can pivot plans without losing momentum, and can connect strategy, resources, and outcomes in a continuous feedback loop. The future isn’t faster reporting. It’s having visibility to understand what might be coming and the ability to adapt strategy before it happens.

2026’s core leadership metric: adaptability

In a world of geopolitical uncertainty, economic volatility, and rapid technological shifts, adaptability will surpass efficiency as the ‘MVB’ – or, most valuable business trait. Boards and executives are shifting their perspectives and realising that agility is more than a process; it’s a capability. In 2026, the best leaders will not measure success by perfect planning and execution, but by how quickly they can reallocate time, talent, and capital when reality changes – and their ability to do it with minimal internal disruption. When planning evolves from an annual ritual to a continuous conversation, the question changes from, ‘Are we aligned?’ to ‘How quickly can we adapt?’ This shift will separate the most resilient teams from the ones always playing catch-up.

Vic Chynoweth, CEO of Tempo Software

Tech leadership

If the geopolitical and macroeconomic climate continues to drive uncertainty next year, enterprise technology investment will push further to the right, slowing AI adoption, growing technical debt, and fuelling resentment between the people who demand the change and the leaders tasked with delivering it. 

As CEO and Board expectations rise, enterprise technology leaders will seek investment and roadmap clarity that CFOs are not able to underwrite, leading to increased churn and attrition in CTOs, CIOs, and their top teams, stalling velocity and strategic progress”

Richard Neish, CEO of Crosstide

CISOs to bridge technical security and business strategy 

The CISO is becoming a key figure in enterprise-wide cyber resilience. CISOs who master the balance between strategic planning, operational implementation and technological innovation will manage to position cybersecurity not as mere a protective measure, but as a growth driver and competitive advantage for the entire company.

In 2026, the role of Chief Information Security Officer (CISO) will be widely expected to be a strategic one. CISOs are increasingly acting as bridge-builders between technical security, regulatory compliance, and broader corporate strategy. In light of new EU regulations – such as NIS2, DORA, and the EU AI Act – CISOs take central responsibility for risk management, security culture, incident response leadership and often business continuity too.

CISOs face the dual challenge of navigating regulatory pressure while promoting proactive, innovative security architectures. Building a resilient security culture requires integrating cyber and business risk, fostering collaboration across IT, legal, and management teams, and securing sufficient resources and training. Only an integrated approach can sustain both cyber resilience and business momentum.

Technological trends such as AI, quantum computing, and zero-trust architectures are changing the threat landscape and operational requirements. AI improves efficiency through automation but also introduces new risks, such as deepfakes and personalised phishing campaigns. Zero trust is becoming the standard for hybrid working environments, while quantum computing is challenging the future of cryptography. CISOs must strategically and responsibly integrate these technologies to strengthen security measures and reduce attack surfaces.

Simon King, head of information security, Infinigate Group

The human firewall’s rising importance

In 2026, companies will move towards fundamentally revamping their security awareness programmes. Instead of rigid classroom training and repetitive exercises, an adaptive, data-driven approach will prevail.  Adaptive systems will continuously assess each employee’s security competence and deliver tailored training where knowledge gaps are identified. It’s important to find the right balance between continuous learning and repeated training, as too much repetition becomes counterproductive.

Gone are the days of tedious mandatory flat file courses. In 2026, engaging simulations and gamified elements will dominate security training, informed by the emergence of AI behaviour training. Employees will actively participate in realistic scenarios, from simulated phishing attacks to virtual incident response exercises, rather than being overloaded with theoretical knowledge. Continuous feedback systems will nudge users toward safer habits, such as avoiding risky clicks or using secure channels for sensitive data.

The responsibility now lies with management, as security awareness becomes a leadership priority. In 2026, executives should measure not only completion rates, but real-world outcomes: How many suspicious emails do employees proactively report? How much does the incident rate decrease? The organisations that thrive will be those that communicate cybersecurity as a shared responsibility and embed it into their corporate culture.

Simon King, head of information security, Infinigate Group

Other

Counting on quantum

In 2026, the quantum market will heat up considerably as hopes rise that the technology will mature to early-stage value by 2030. Most investors will broaden their scope from hardware and post-quantum cryptography to a greater emphasis on software and applications. Meanwhile, keep your eyes peeled for the phrase ‘quantum architecture’: it encompasses the full stack of a quantum system, including the software and application layers that drive real-world quantum value. Expect to see hiring ramp up for in-house expertise to drive toward this future.

Amy Stout, head of quantum product strategy, SAS

The next endpoint revolution: Privacy will replace control 

In 2026, endpoint security will shift from control and surveillance to privacy and transparency. This will demand architectural changes that focus on containerisation of sensitive assets vs. full device control, led by the enablement of extended workforces like contractors, consultants and offshore teams. Traditional approaches that lock down entire devices will increasingly clash with employee expectations for personal privacy and productivity.

Remote work technology will reverse RTO mandates 

According to Inc.com, “83 percent of companies with remote-friendly work policies report high staff productivity.” As remote work productivity and security tools continue to evolve, the illusion that physical presence equals performance will fade, exposing RTO policies for what they really are: smoke and mirrors. At least one major Fortune 100 company will be forced to publicly reverse its RTO mandate after seeing top talent leave and output decline.

David Matalon, founder and CEO at Venn

Platform budgets will come under pressure 

This will intensify for teams that haven’t tracked their platform’s impact and for organisations that are accustomed to delivering projects rather than committing to long-term product development. When technology leaders don’t see a competitive benefit to the platform, they are likely to start reallocating platform team members to other areas. Development teams will be left stranded on a platform that may not be able to respond to their ongoing needs.

Developer productivity will be driven by technical skills, less by methodology 

Software delivery fluctuates between technical methods and management frameworks. The past year has seen a trend of improvement in methodologies and work practices, and progress tends to be cyclical. At first, management frameworks appear simpler and offer an escape from complex techniques and practices. Eventually, management frameworks fail to deliver sustainable and reliable software delivery, and teams return to technical routes. We predict this will be the trend in 2026.

Steve Fenton, director of DevRel, Octopus Deploy

Read more

Tech predictions 2025 – what could be in store next year? – Leading experts join us to share what they think is going to happen in the tech space in 2025 – do you agree with their predictions?