Information Security and Defense

AI: Shield and Sword Simultaneously

The most important — and most uncomfortable — truth about AI and cybersecurity is that the same technology that strengthens defences simultaneously empowers attackers. AI is not a tool that belongs to one side of this contest. It belongs to both, and whichever side deploys it more effectively, more quickly, and more creatively holds the advantage in any given moment.

On the defensive side, AI has brought genuine and measurable improvements. Security operations centres that once required large teams working through thousands of manual alerts can now use AI to triage, prioritise, and respond to threats at machine speed. Anomaly detection, predictive threat modelling, and automated incident response have all improved materially with AI integration. Nearly two-thirds of organisations now have processes in place to assess the security of AI tools — almost double the figure from 2025 — indicating that structured AI security governance is beginning to take hold. iQuasar

But the offensive transformation is equally profound. Generative AI tools are reshaping the cybercrime landscape by enabling criminals to refine their methods, automate attacks, and personalise techniques at scale. Successful phishing, deepfake and social engineering attacks were experienced by 42% of organisations during 2024. The Birmingham Group In 2026, attention is pivoting from purely offensive AI innovation toward the unintended exposure and misuse of sensitive data through generative and agentic systems — with data leaks linked to GenAI now the leading concern at 34%, overtaking fears about adversarial AI capabilities at 29%. iQuasar

This is a critical shift. The most acute near-term risk is no longer a sophisticated nation-state attack on a well-defended perimeter. It is the quiet, unintentional leakage of sensitive organisational data through AI tools that employees are already using — often without oversight, governance, or awareness of the exposure they are creating. Gartner's research found that over 57% of employees use personal GenAI accounts for work purposes, and 33% admit to inputting sensitive information into unapproved tools. Federal News Network The insider risk of the AI era is not malicious — it is habitual.

The Human Gap: Skills, Awareness and Governance

Technology alone cannot close a security gap that is fundamentally human in nature. The cybersecurity sector is currently short up to 4.8 million professionals globally. Only 14% of organisations say they have the skilled people they need, while the cyber skills gap increased by 8% during 2024 — predominantly in the public sector. The Birmingham Group

This shortage compounds every other vulnerability. Organisations deploying AI without adequate security expertise are not merely unprotected — they are actively expanding their attack surface with every new tool they adopt. Gartner recommends shifting from general awareness training to adaptive behavioural programmes that include AI-specific tasks, strengthening governance, embedding secure practices, and establishing clear policies for authorised tool use — all designed to reduce exposure to privacy breaches and intellectual property loss. Federal News Network

At Alfred Vault, we view the skills gap not only as a risk but as a durable commercial opportunity. The organisations that solve the human layer of cybersecurity — through training platforms, managed security services, and AI-native security operations — are building products for a market with structural, long-term demand that is largely independent of economic cycles.

Geopolitical Tensions: When Cybersecurity Becomes an Act of War

If AI has transformed the technical landscape of cybersecurity, geopolitics has transformed its strategic context. The world of 2026 is one where cyber operations are no longer a tool of last resort for state actors — they are a routine instrument of foreign policy, economic competition, and military positioning.

In 2026, geopolitics is the top factor influencing overall cyber risk mitigation strategies. Some 64% of organisations are accounting for geopolitically motivated cyberattacks — such as the disruption of critical infrastructure or espionage — and 91% of the largest organisations have changed their cybersecurity strategies specifically in response to geopolitical volatility. Winvale

The threat actors driving this shift are well-known and increasingly brazen. Operations from actors such as Russia, China, Iran, and North Korea are expanding in 2026, with political instability and new technology forcing cybersecurity and risk leaders to adapt continuously. Russia continues to manipulate narratives around major elections, while China is expected to continue executing cyber campaigns to strengthen its political and economic influence globally. Market Xcel

The physical consequences are no longer hypothetical. In April 2025, a Norwegian hydropower dam was hacked, opening a floodgate and releasing 500 litres of water per second for four hours — an event officials described as a deliberate act of sabotage. Sectors such as energy, water, and transportation are increasingly targeted in cyber warfare campaigns, where the interconnected nature of systems amplifies the impact of any single disruption. PeopleSolutions GPS spoofing and satellite-targeting attacks surged throughout 2025, with threat actors demonstrating the ability to redirect drones, interfere with aviation navigation, and degrade military munitions guidance systems — a domain that is expected to escalate further in 2026. Market Xcel

Europe has borne a disproportionate share of this pressure. The continent accounted for 22% of all global ransomware attacks in 2025, with 3.2 million recorded DDoS attacks across Europe, the Middle East, and Africa in the first half of the year alone — costing France, Germany, Italy, and Spain a combined €300 billion over the past five years. Market Xcel Ongoing instability in the wake of the war in Ukraine has coincided with a rise in hybrid attacks using drones to target airports and critical infrastructure, alongside the spread of disinformation campaigns that have further destabilised the regional security landscape. PeopleSolutions

The geopolitical fragmentation driving these threats is also reshaping how organisations structure their digital infrastructure. Growing fragmentation across digital and technological ecosystems has prompted a renewed focus on digital sovereignty — an urgent drive by states and organisations to safeguard autonomy, control critical assets, and reduce exposure to external shocks. The concept of cyber sovereignty reflects the application of traditional state rights to cyberspace, though its application is complicated by the fact that servers, cables, and data flows do not map neatly onto physical borders. PeopleSolutions

The Investment Implication: Security as Structural Infrastructure

Confidence in national cyber preparedness continues to erode, with 31% of survey respondents reporting low confidence in their nation's ability to respond to major cyber incidents — up from 26% the previous year. Govwin Shifting geopolitical landscapes and evolving global mandates have made cybersecurity a critical business risk with direct implications for organisational resilience — with regulators increasingly holding boards and executives personally liable for compliance failures. Federal News Network

Our view is straightforward: cybersecurity has permanently graduated from a cost centre to a structural necessity — as foundational to operating a modern organisation as legal counsel or financial controls. The organisations, platforms, and infrastructure providers that deliver genuine, scalable, AI-native security solutions are operating in a market defined by non-discretionary demand, regulatory tailwinds, geopolitical urgency, and a skills shortage that ensures human-augmenting technology commands premium pricing.

The value generated in 2026 and beyond is concentrated in filling the gap between frontier AI capability and operational security deployment. Organisations that treat AI security as another line item will find themselves overwhelmed by an operational tempo they cannot match — while those that internalise it as a fundamental shift have the opportunity to redefine their competitive position entirely. Synovus

In a world where a hydropower dam can be sabotaged from a keyboard, where election narratives can be manipulated by state actors at industrial scale, and where an employee's casual use of an unapproved AI tool can expose an entire organisation's intellectual property — cybersecurity is not a technical problem waiting to be solved. It is a permanent condition of the AI era, and one of the most compelling long-term investment themes Alfred Vault follows with conviction.

This content represents the views and perspectives of Alfred Vault and is provided for informational and educational purposes only. It does not constitute investment advice. Please refer to our full disclaimer.