Prof. Jeff Crume highlights that in 2025, AI moved from a "fun tool" to a major security risk.
1,500%Increase in Deepfake instances
+$670kAvg. cost of breach if "Shadow AI" is used
60%Companies lack an AI security policy
Key Takeaway: The Human Factor
Because deepfakes are increasing so fast, Jeff argues we should stop trying to "spot the fake." Instead, we must train humans to analyze what the request is asking us to do (e.g., "Why is my boss asking for a wire transfer via a video call?").
2026: The Rise of Autonomous Agents
The biggest shift for 2026 is **Autonomous Agents**—AI that doesn't just chat, but actually does things on its own.
1. Attacks ON Agents (Hijacking)
Risk Amplification: If a hacker hijacks your AI agent, the agent can steal data at light speed.
Zero-Click: Agents can read a malicious email and get infected without you ever clicking a link.
2. Attacks BY Agents (Automated Hacking)
Automated Kill Chains: AI can now handle the whole hack—from finding a target to stealing the data—without a human hacker needing any skills. It's "Click here to hack" automation.
Strategic Defenses
To fight AI-speed attacks, Jeff recommends two non-negotiable technologies:
Passkeys (Passwordless)
Phishing works because hackers steal passwords. If there is no password, there is nothing to steal. Jeff notes that **1/3 of users** have already moved to Passkeys.
Quantum-Safe Cryptography (PQC)
Quantum computers are coming. Eventually, they will break all current encryption. Jeff urges companies to start **deploying** Quantum-Safe algorithms now, before "Q-Day" arrives.
Jargon Buster
Shadow AI: Using AI tools at work (like ChatGPT) without the IT department knowing or approving.
Prompt Injection: Tricking an AI into ignoring its safety rules by giving it specific, clever instructions.
Autonomous Agent: An AI that can make its own decisions and execute tasks across different apps to reach a goal.
NHI (Non-Human Identity): An "ID card" for a bot or AI agent. Bots need access permissions just like people do.
Polymorphic Malware: A virus that changes its own code every time it spreads so that antivirus software can't recognize it.
Interactive Quiz
Test your knowledge on the 2026 outlook!
1. What is the main danger of an "Autonomous Agent"?
Correct! Agents amplify productivity, but if hijacked, they amplify risk and damage just as quickly.
2. According to Jeff, what is the best way to handle Deepfakes?
Correct. Deepfakes are becoming too perfect for detection software; we must rely on analyzing the context of the request.
3. Why are Passkeys better than Passwords?
Correct! Phishing relies on stealing a secret string of text. Passkeys use device-based biometrics, leaving the hacker with nothing to grab.
4. What does "Shadow AI" do to the cost of a data breach?
Correct. Unregulated AI tools create data leaks that significantly drive up the financial damage of a hack.
5. What is "Q-Day"?
Correct! We don't know exactly when it will happen, but we must prepare Quantum-Safe (PQC) defenses now.