ACCORDING to SANS Institute, the five top attack techniques for 2026 are all powered by artificial intelligence, marking a clear shift in the threat landscape. The list begins with AI-Generated Zero Days, illustrating how AI has lowered barriers for independent researchers and even smaller actors to develop weaponised exploits.
Supply chain risks follow, noting that the Shai-Hulud worm has infected more than a thousand open source packages and exposed 14,000 credentials across 487 organisations, while a China-affiliated group compromised Notepad++ update infrastructure for six months. OT complexity and root‑cause crisis highlight how logging gaps and lack of OT visibility hinder investigations, with real-world examples linked to a December 2025 Poland energy attack.
The article also warns about the dark side of AI in digital forensics and incident response, emphasising the need for trained humans to make decisions rather than relying on AI alone. Finally, the race to autonomous defence is explored, with a November Anthropic-documented GTG 1002 campaign attributed to a Chinese state‑sponsored group, which reportedly automated up to 90% of the attack process.