They will not wait for the world to catch up, so here are some trends and predictions to take heed of…

With AI being used to rapidly release new types of polymorphic and self-morphing malware, cybersecurity teams will be fighting not just moving targets, but autonomously evasive code that can adapt to out-manoeuver traditional security systems.

To stay ahead of hackers, business leaders need to be aware of three major developments and prioritize a proactive approach to cybersecurity.

Here are the three trends  to monitor closely this year…

1. Commercialization of cybercrime

State-sponsored and organized cybercrime has been industrialized into a profitable business. More criminals are joining forces to form international groups to offer “as a service” business models.

A good example of this is the Cambodia scam ring that was recently targeted for takedown. Other cyber syndicates in the region have also been experimenting with AI‑assisted techniques to evade detection, although concrete evidence of large‑scale AI‑driven evasion remains limited. One threat vector cybercriminals will continue to exploit involves the Domain Name System (DNS). This layer of infrastructure is the “front door” to a network, and though it is a common point of entry for attackers, it is also a place where organizations can strengthen security measures.

By implementing preemptive, DNS‑based security, organizations can block many malicious domains before they reach endpoints. The message is clear: Waiting for alerts is no longer a viable security approach. Cyber strategy should be pivoted into proactive, AI‑driven threat hunting.

2. Adoption of AI agents is creating new system weaknesses

Agentic ops, autonomous AI‑driven IT operations that manage tasks without humans, promises a future without outages, as machines do not sleep, do not escalate, and do not miss alerts.

However, the integration of AI agents into critical infrastructure also turns them into prime targets. For example, threat actors could manipulate these autonomous bots to disrupt operations or exfiltrate sensitive data. As AI is changing too fast for companies to spend sufficient time on rigorous testing, prioritizing quick adoption is a strategic misstep. Organizations should act carefully by training teams and implementing robust security governance to avoid reckless rollouts in the first place.

3. Deepfakes and adaptive malware are eroding trust

Once confined to being used by media professionals, sophisticated deepfakes are now being created by even newbies for deception and malice.

Meanwhile, malware is becoming polymorphic and AI‑assisted, constantly rewriting its own code to evade detection by traditional security programs.

The classical kill chain model, which charts out threats that take a predictable path, is breaking down. Through it all, the DNS remains a constant part of the infrastructure and does not change with these advancements. This makes DNS security an important component in safeguarding digital infrastructure from evolving threats.

Building stronger resilience in 2026

Enterprises in the region and beyond will need to evolve their cyber strategies fast with three decisive steps in response:

• First balance innovation with governance, proactively moving beyond mere compliance with all the new AI data regulations being reactively launched globally.
• Reinforce foundational and often‑overlooked defenses such as DNS, identity security, software supply chain hygiene, virtualization and operational technology layers. (Editor’s note: A good reference is the World Economic Forum’s neutral global cybersecurity outlook for 2026.)
• Invest in education and internal frameworks to securely manage AI agents and train teams against personalized scams such as deepfakes, to counter the strategic risk of blind trust in automation.

The threats of 2026 will not wait for our readiness. The time to act is now, not when the breach hits home.