As the year winds down and organisations map out their 2026 plans, one reality is getting harder for companies of every size to look past: cyber threats aren’t just growing, they’re accelerating. And while the familiar culprits remain (credential theft, social engineering, system intrusions), these attacks are now playing out at breakneck speed. AI has amplified everything: the scale, the precision, the stealth.

“It’s going to get worse before it gets better,” says Elastic chief information security officer Mandy Andress. “It’s not what people want to hear, but I think it’s the reality.” 

Across Australia and New Zealand, the challenge is no longer merely identifying threats; it’s keeping up with adversaries who are moving faster, learning quicker and masking their activity to evade traditional security tools. 

For the year ahead, Elastic predicts speed and context will become the defining factor in whether an organisation stays safe or is left exposed.

AI-powered attacks are changing the tempo

According to Andress, two extremes are emerging. 

On one end are ultra-fast, AI-enabled attacks that slip in and out before alerts can even fire. On the other are low-and-slow infiltrations where attackers sit undetected for months, or even years, evading logging cycles and traditional detection rules. 

“The recent global breach involving F5 networks, where intruders sat inside the environment for more than a year, is an example,” Andress notes. 

She adds that the middle ground is disappearing. “Threat actors are leveraging AI to go faster and creating social engineering attacks that are highly contextualised. Deepfakes, blended voice scams, real-time impersonation are becoming incredibly convincing.”

This is a threat Andress knows intimately. She recently received a scam call so realistic she found herself second-guessing it - a stark reminder that when attackers harness personalised data and AI-generated urgency, even experts can be caught off guard.

Threat priorities for 2026

As organisations brace for this faster threat landscape, Andress points to three foundational steps that matter more than anything else:

1. Master the fundamentals: Secure configurations, timely patching, removing default settings and ensuring basic hygiene across cloud and hybrid environments may sound unglamorous, but they’re still the most powerful defences.
2. Minimise the blast radius: If attackers get in, they shouldn’t be able to reach everything. Segmentation, zero-trust access and limiting lateral movement are essential in a world where intrusions can unfold in seconds.
3. Protect non-human identity: API keys, secrets, access tokens and machine identities are quickly becoming high-value targets. 

“These are critical as more organisations move to agents and cloud-native applications,” she says. “They’re often overlooked, and they’re being targeted heavily.”

Context is King: The role of Search and AI

As attackers use AI to move faster, defenders need AI that can think faster. Andress says the real advantage isn’t more data, it’s context.

“For organisations just starting out with AI, the priority should be solutions that help you understand what’s happening in your own environment,” she says.

This is where Elastic’s search heritage becomes a security superpower. To secure an environment, you must be able to search it. Elasticsearch allows teams to search through structured and unstructured data, including emails, business apps, and logs, to provide the necessary context. 

This context is what prevents AI from "hallucinating" and allows it to deliver accurate security outcomes. 

“AI brings collective intelligence,” Andress says. “It exposes patterns or actions teams may never have considered.”

The rise of Agentic AI

If 2025 was the year of identifying Agentic AI, 2026 will be the year of fulfilling its potential. These systems will move beyond scripted workflows and autonomously resolve malware alerts or triage activity across Windows, Linux, and cloud environments.

The biggest upside? Filling gaps in short-staffed teams.

“Agentic systems can handle the initial analysis and triage where teams are most constrained,” she says. While humans still validate the results, the bottleneck of first-level investigation shrinks significantly.

Future-proofing: Quantum horizons and crypto agility

Looking further ahead, Elastic is preparing for the “harvest now, decrypt later” threat posed by quantum computing. Andress expects 2026 to be the year when organisations begin formal post-quantum planning, with a focus on crypto agility, to ensure that customers can shift to new algorithms as cloud providers roll them out.

Ultimately, however, resilience comes down to people. Security must be built into workflows, not added as an obstacle.

“If people have to remember to do something in a secure way, they’ll forget,” she says. “We need systems that make the secure path the easiest path.”

As 2026 approaches, threats are faster, and context is king. Resilience will depend on fundamentals done well and a security stack that leverages search and AI to outpace the adversary. 

“The attackers are moving quickly,” says Andress, “so our defences have to move faster.”

Visit Elastic for more. 

More related stories

Editorial

Incredible experiences you can only have by helicopter

Travel is all about exploring new horizons, but when you set sail with Scenic Discovery Yachts, you can take that literally.

Read more

Editorial

Why business leaders need to focus on digital trust

Data breaches are a near-daily headline, eroding the very foundation of consumer trust. For Australian businesses, this constant barrage of cyber incidents means that digital trust is no longer a technical footnote but a critical business imperative.

Read more