Most breaches enabled by exposure, not sophistication

The new Global Incident Response Report 2026 released Tuesday by Palo Alto Networks’ Unit 42 found four major trends that are expected to shape the threat landscape for 2026.

First, AI has become a force multiplier for threat actors. It compresses the attack lifecycle, from access to impact, while introducing new vectors. This speed shift is measurable: in 2025, exfiltration speeds for the fastest attacks quadrupled.

Second, identity has become the most reliable path to attacker success. Identity weaknesses played a material role in almost 90% of Unit 42 investigations. Attackers increasingly “log in” with stolen credentials and tokens, exploiting fragmented identity estates to escalate privileges and move laterally.

Third, software supply chain risk has expanded beyond vulnerable code to the misuse of trusted connectivity. Attackers exploit software-as-a-service (SaaS) integrations, vendor tools and application dependencies to bypass perimeters at scale. This shifts the impact from isolated compromise to widespread operational disruption.

Fourth, nation-state actors are adapting stealth and persistence tactics to modern enterprise operating environments. These actors increasingly rely on persona-driven infiltration (fake employment, synthetic identities) and deeper compromise of core infrastructure and virtualization platforms, with early signs of AI-enabled tradecraft used to reinforce these footholds.

Read more at Unit 42