AI, Quantum, & Data Sovereignty: Security Predictions for 2026

As we head to the end of another year, it’s tradition that the blog editorial team slides into the DMs of the Netskope expert team, asking for their thoughts on what may be in store for the industry in the coming year. Here’s what they had to say this year:

The “AI bubble” will burst

Mark Day, Chief Scientist: “My prediction for 2026 is that the “AI bubble” will burst. As a result, we’ll likely see the immediate collapse of many casual and speculative AI activities. However, I do not anticipate that this bubble bursting will have much effect at all on the small fraction of real business uses of AI. We will, however, probably see a frantic search for scapegoats and an overreaction to the collapse. 

AI use cases will need to overcome increased scrutiny, particularly with respect to sustainable economics and I would go so far as to assert that the overall economic damage will potentially be worse than from the internet bubble’s end. Whereas overbuilt fiber networks could still be useful while the technology was still current, today’s overbuilt data centers will be obsolete before demand returns.” 

The first major agentic AI-driven data breach will occur in 2026

Neil Thacker, Global Privacy & Data Protection Officer: “By mid-2026, I predict that a landmark data breach will be traced not to a cybercriminal or nation-state, but to an autonomous, agentic AI system operating within an enterprise environment. The incident will redefine AI governance, risk management, and compliance globally, exposing the danger of unmonitored AI autonomy and weak controls between interconnected AI services. Every enterprise adopting LLMs, AI, and agentic automation will need to implement an AI gateway. Much like how CASB became essential for SaaS security in 2013, AI gateways will become essential for AI governance in 2026.” 

The quantum security plan finally begins

Rehman Khan, Chief Information Security Architect: “In 2026, the conversation around quantum security will shift decisively from the “why” to the “how.” Previous forecasts have highlighted the urgent need for new quantum-resistant algorithms. These algorithms now form the basis of the first post-quantum cryptography (PQC) standards from the U.S. National Institute of Standards and Technology (NIST), which serves as the global benchmark. With this critical standard now finalized, 2026 will be the year organizations turn awareness into action.

This shift will be driven by a growing understanding of the key threat: encrypted data stolen today can be stored by attackers and unlocked by the quantum computers of tomorrow. Protecting long-term company secrets will therefore become a tangible, board-level priority. Consequently, the first practical step for most companies will be to launch the foundational project of finding and mapping all of their current encryption. This internal audit will be the necessary groundwork before any upgrades can be planned.

For leaders, the mandate in 2026 will be to move beyond discussion and allocate resources. The key objective will be to initiate this company-wide security review, marking the official start of the multi-year transition to a quantum-resistant future.”

Redefining digital trust in the age of AI and quantum uncertainty

David Fairman CIO & CSO, APAC: “In 2026, the convergence of generative AI and quantum computing will mark a turning point in how societies define and defend digital trust. As AI-generated content becomes indistinguishable from human creation, and the first credible quantum-assisted attacks begin to undermine classical encryption, the world will question trust in the digital ecosystem. Every assertion of identity, authorship, or authenticity—whether in business transactions, media, or democratic discourse—will face a new burden of proof.

For enterprises, this will elevate “trust infrastructure” to the same strategic importance as cloud or AI itself. CIOs will lead efforts to harden identity systems with quantum-resilient cryptography, embed verifiable provenance into data flows, and deploy AI models capable of authenticating as well as generating content. Beyond the enterprise, governments and civil society will wrestle with the erosion of collective confidence in what’s real. The organisations that thrive in this environment will be those that recognise digital trust as a shared public good—one that must be engineered, governed, continuously verified and constantly renewed in the face of technological uncertainty.”

Evolving the regulatory landscape for 2026

Steve Riley, VP & Field CTO: “In 2026, the regulatory environment will simultaneously remain murky and become clear. Geopolitical challenges have pressured governments around the world to tighten regulations, enforcement of which will grow. However, the variance in regulations will spread confusion among companies who must comply with an ever-growing set of difficult-to-implement rules. 

This much is clear: regulators (customers, too) will no longer tolerate avoidable breaches. Across all industries, those responsible for breaches that result from shirking common and sensible cybersecurity best practices will be held accountable.”

Data sovereignty will loom large in the global regulatory space

James Robison, CISO: “In 2026 I predict that data sovereignty regulations will have a more pronounced presence in the global regulatory space. Around the globe federal governments, including the US, Saudi Arabia and the EU, will all be looking to keep their data within their country or region. This is going to drive larger discussions around how to build and deliver services that stay in a given country.”