HP predicts surge in AI-driven cyber threats & cookie theft by 2026

Cybersecurity specialists at HP expect a new wave of threats and challenges in 2026, including a rise in cookie theft, greater use of artificial intelligence by attackers, and increased scrutiny on device and identity security within organisations.

Cookie Theft on the Rise

HP predicts that as multi-factor authentication becomes more common, cybercriminals will pivot to stealing authentication cookies and tokens rather than passwords. Attackers will seek to exploit these stolen cookies quickly before expiry, aiming to insert backdoors and maintain ongoing access to victim systems.

The market for these exploits is growing. Threat actors are expected to create rapid, online marketplaces for trading and use of stolen cookies and tokens. Security teams face a challenge. Defences against cookie and token theft are still immature. These measures remain inconvenient for users, making prevention less likely.

Such attacks pose particular risks for users with privileged access, such as system administrators. They often use web browsers for accessing sensitive portals. If attackers access admin cookies, they may breach critical services such as EntraID, InTune or AWS.

Issuing privileged users with separate, dedicated access workstations is recognised as best practice. Uptake is still inconsistent, and even dedicated devices can be compromised. Experts recommend that organisations consider further layers of protection, such as stricter isolation and device security checks.

AI in Criminal Workflows

HP analysts expect organised crime groups to use artificial intelligence to automate more parts of their cyberattacks. Groups are already using AI for basic tasks, such as creating phishing content. In the years ahead, AI will help with advanced reconnaissance and vulnerability discovery.

"In 2026, we expect to see organized crime groups automate workflows and outsource more tasks using AI agents in their attacks, especially preparatory tasks like researching victims to target. Beyond this, rapid improvements in large language models and agentic AI systems are expanding their role in the attack lifecycle. Threat actors will no longer limit their AI use to basic automation or phishing content creation. They will also start using AI to assist with complex tasks like vulnerability discovery," said Alex Holland, Principal Threat Researcher in the HP Security Lab.

Holland noted that AI will allow threat actors to scale up attacks, reducing the need for skilled human operators. Cybersecurity detection tools will struggle to keep pace, making containment and response more important.

Physical Device Attacks

Hybrid work models and increased device mobility make physical attacks on IT devices more likely. Tools for device tampering are becoming affordable and accessible. Attackers may use these tools to exfiltrate data, take control of devices, or cause destructive damage.

Security teams will focus more on practices that maintain device and data integrity. Devices are often used in public or semi-public places, increasing the risk of tampering. Tampered devices may lead to wider enterprise breaches if not properly secured.

Organisations are expected to seek hardware with built-in protections, including authentication and integrity checks at both software and hardware levels.

IoT and Print Security in Focus

Following a pattern of attacks on connected devices, businesses and public sector organisations will increase oversight of Internet of Things (IoT), edge, and print devices. Past security failures have enabled attackers to take over printers or launch attacks from unprotected endpoints.

Experts say printers and similar devices often escape basic monitoring and controls, making them a security blind spot. Security teams will become more proactive about monitoring connected devices and automating compliance checks across IT fleets.

Quantum Readiness Requirements

Adoption of quantum-resistant cryptography will accelerate. New standards for quantum-safe encryption are coming into effect. Public sector and critical industries are expected to plan migration away from traditional cryptography such as RSA and elliptic curve algorithms. Many organisations will shift to quantum-resistant keys for new device procurement from 2026.

This move reflects growing concerns that quantum computers may soon threaten existing encryption. Devices ordered in coming years could still be in use when these attacks become feasible.

Identity and Data Provenance

Experts foresee a shift from fragmented identity solutions to unified, data-centric models for authentication and data governance. Security strategies will increasingly focus on tracking data origin and use, enforcing control beyond the organisation's boundaries.

Persistent identity and policy management will follow data through its lifecycle, embedding governance and oversight. AI-driven business processes will make transparent provenance and data custody more important for trust and regulatory compliance.

"In 2026, we'll see efforts within enterprise security shift from fragmented identity frameworks and perimeter-based controls to a unified, data-centric model. Today's zero-trust implementations often create complexity and fatigue, with identity scattered across users, apps, and devices. This fragmentation leads to blind spots, inconsistent enforcement, and poor user experience. The next phase will prioritise consolidation: centralised identity orchestration that simplifies access, strengthens governance, and reduces operational risk," said Peter Blanchard, Document Workflow Security Strategy Principal at HP.

Device manufacturers and their customers are now under pressure. Businesses will increasingly require advanced hardware security and resilient cryptography in all future procurement decisions.