IBM Outlook 2026 Security Trends: Proxy AI Drives New Attack Risks, Quantum Protection Demand Rises

IBM Security Technology Director Jeff Crume, in his latest video analysis, reviews his previous judgments on AI, cybersecurity risks, and emerging technologies, and summarizes the most noteworthy cybersecurity changes after 2026. He states that as enterprises rapidly adopt AI to improve efficiency, cybersecurity risks are also amplified. From shadow AI, deepfake attacks, proxy AI to encryption threats brought by quantum computing, the future of cybersecurity will enter a new phase with faster attack-defense cycles and broader impact.

AI Expands Convenience, Simultaneously Amplifying Security Risks

Crume points out that while AI brings efficiency to enterprises, it is also rapidly increasing cybersecurity risks. The most representative issue is “shadow AI.” Shadow AI refers to AI systems that are unapproved by organizations and lack governance and security controls, possibly just someone downloading models on the cloud and connecting internal data for direct use.

According to IBM’s annual “Data Breach Cost Report,” if a cybersecurity incident occurs and shadow AI exists within the company, the average loss increases by approximately $670,000. More concerning is that up to 60% of companies have not established AI governance or security policies, meaning costs and risks have already risen without corresponding protective mechanisms.

Deepfake Surge Out of Control, Scams and Social Engineering Rise

Crume further highlights that “deepfake”(Deepfake) has become another rapidly spreading cybersecurity risk source. Fake photos, voices, and videos generated by generative AI, while used for entertainment, are also heavily employed in scams and social engineering attacks.

Statistics cited by Crume show that in 2023, approximately 500,000 deepfake cases were observed, which surged to about 8 million by 2025, a growth of 1,500%. IBM bluntly states that deepfakes are no longer a question of if they will happen, but that they are already widespread and continue to expand.

Attack Surface Continues to Grow, AI Begins to Counter AI

As enterprises extensively adopt AI to boost productivity, AI itself has become a new attack vector. Crume points out that in the top ten vulnerabilities of large language models published by non-profit organization OWASP in 2023, “Prompt Injection”(Prompt Injection) ranked first, and it remained at the top in 2025, indicating that related risks have not diminished over time.

However, Crume also notes positive developments. AI has begun to be used for cybersecurity defense, such as real-time detection of prompt injection and assisting incident response. Crume believes that future cybersecurity systems must be capable of responding to rapidly changing attack patterns, and AI will be an indispensable tool.

Quantum Computing Approaching, Quantum Security Deployment Lagging

Crume also discusses quantum computing. He points out that quantum computers will have the ability to crack current encryption technologies in the future. Although the so-called “Q-Day” has not yet been confirmed, it is inevitable that it will arrive.

Crume observes that between 2023 and 2025, market interest in “Post-Quantum Cryptography”(Post-Quantum Cryptography) has significantly increased, but actual deployment progress remains limited. Crume bluntly states that quantum threats are approaching, but most organizations are still unprepared.

Rise of Proxy AI, Simultaneous Expansion of Attack-Defense Risks

Crume also admits that his own underestimation of the development speed of “AI Agents”(AI Agents). These goal-oriented and highly autonomous AIs, if hijacked, could execute large-scale malicious or erroneous actions in a very short time.

For example, proxy AI might execute prompt injection commands hidden in email summaries without user operation, leading to data leaks.

Meanwhile, proxy AI requires accounts and permissions, and can even generate other proxies, resulting in a surge in non-human identities and increased risk of permission abuse. IBM emphasizes that proxy AI is not unusable, but must be deployed with a full understanding of the risks.

(AI Proxy Becomes Professional Hackers? Anthropic Reveals GPT-5, Claude Can Replicate On-Chain Attack Patterns)

The Post-Password Era Takes Shape, Quantum Defense Technologies Need Strengthening

In cybersecurity protection, Crume emphasizes that “Passkeys” have become increasingly mature. Members of the FIDO Alliance include Amazon, Google, Microsoft, PayPal, and other major companies. Statistics show that 93% of accounts support Passkeys, with about one-third of users actively enabled, and IBM has fully adopted passwordless login internally.

Crume states that this technology can effectively reduce phishing risks because “no password, no theft.” He concludes by stressing that adopting quantum-safe encryption now is the only way to prevent future disasters.

(Bitcoin Post-Quantum Upgrade Takes 10 Years, Core Developers: Short-Term Quantum Threats Are Not a Concern)

This article, IBM’s Outlook on 2026 Cybersecurity Trends: Proxy AI Drives New Attack Risks, Quantum Defense Needs Rise, originally appeared on Chain News ABMedia.