Artificial intelligence (AI) is changing the cybersecurity landscape so rapidly that companies may need to rethink where they invest their security budgets in 2026, according to cybersecurity firm CrowdStrike.
In an email interview with PhilSTAR Tech, CrowdStrike Field CTO Worldwide Fabio Fratucello said businesses should prioritize AI-powered defenses, identity protection, and autonomous security operations as attackers increasingly use AI to automate and accelerate cyberattacks.
“AI-enabled adversaries increased their operations by 89% year-on-year in 2025,” Fratucello said, citing data from the company’s latest threat research.

He also noted that companies should prioritize AI-powered cybersecurity investments in 2026 as cyberattacks become faster and increasingly automated.
According to CrowdStrike’s 2026 Global Threat Report, attacks are becoming significantly faster, leaving organizations with less time to react. The report found that cyberattacks now spread across systems at an average breakout time of 29 minutes, while the fastest observed attack moved laterally within just 27 seconds after the initial compromise.
Fratucello said this means organizations can no longer rely solely on traditional, manually operated security systems.
Crowdstrike said attackers are increasingly using AI across different stages of the attack chain, particularly in social engineering campaigns designed to trick employees into giving up credentials or granting access. Threat actors are also beginning to target AI systems themselves through prompt injection attacks that manipulate AI tools and agents.
CrowdStrike also observed a growing turn toward identity-driven attacks, where cybercriminals exploit legitimate credentials instead of deploying traditional malware. In 2025, 82% of detections monitored by the company were malware-free, a sharp increase from 51% in 2020.
Because of this, Fratucello said companies should focus investments on technologies that provide unified visibility across identities, endpoints, and cloud environments.
Among the technologies he highlighted were “agentic security” systems, AI-powered tools capable of autonomously analyzing threats, prioritizing risks and responding in real time while still operating within human-defined guardrails.
“These agents should be delivered through an agentic security platform that enables security teams to command and orchestrate them across the security lifecycle,” he said.
Fratucello added that organizations adopting AI technologies should also invest in governance and security controls for their own AI systems. These include monitoring AI usage, implementing strict access controls, classifying sensitive data and conducting vulnerability assessments on AI tools and third-party platforms.
Financial institutions remain among the most targeted sectors due to the large amount of sensitive financial and personal data they hold. CrowdStrike said Chinese-linked adversaries increased attacks against the financial sector by 20% year-on-year in 2025.
As businesses continue adopting AI tools to improve operations, Fratucello warned that security can no longer be treated as an afterthought.
