AI Emerges as the “New Normal” in Cyberattacks... Google GTIG’s 2026 Security Outlook

Google Threat Intelligence Group (GTIG) announced in its “2026 Cybersecurity Outlook Report” on November 5 (local time) that “the use of AI will become the new standard in cyberattacks starting next year.”

Multimodal AI: The Next Evolution of Impersonation Attacks

According to GTIG, attackers are moving beyond simple text-based phishing and are expected to leverage multimodal generative AI combining voice, text, and video.

This shift points toward the rise of “deepfake social engineering” - sophisticated impersonation attacks that mimic executives, employees, or partners through realistic conversations and manipulated video meetings.

A GTIG spokesperson warned, “AI is no longer just a defensive technology. Attackers are now using AI to manipulate human trust and bypass security systems.”

The Risk of “Shadow Agents”

The report also highlights the growing internal risks of unauthorized AI tool usage within organizations.

When employees use autonomous AI agents or automation tools without approval, sensitive data may be unintentionally leaked to external systems.

This so-called “Shadow Agent” phenomenon is emerging as a new axis of threats that corporate security teams must learn to manage.

Hypervisor Attacks: Exploiting Security Blind Spots

GTIG predicts that ransomware and data exfiltration campaigns will continue throughout 2026.

Notably, hypervisor infrastructures - which manage server virtualization - are expected to become prime targets.

If a hypervisor is compromised, attackers could gain control of an entire cloud environment with a single breach, a scenario GTIG describes as “catastrophic in impact.”

Shifting Strategies Among State-Sponsored Hacking Groups

The report anticipates strategic evolution among nation-backed hacking groups from Russia, North Korea, China, and Iran - moving from short-term tactical operations toward long-term strategic goals.

China is projected to maintain its large-scale global cyber operations, while North Korea is expected to focus on acquiring foreign currency through cryptocurrency theft and IT labor exports, expanding its activity into Europe and beyond.

Asia-Pacific: A New Testing Ground for Cyber Experiments

In the Asia-Pacific region, politically motivated espionage targeting diplomats and high-ranking officials — as well as vehicle-based fake base station hacks - are emerging as new threats.

AI-driven automated intelligence-gathering technologies could soon spread into political and diplomatic domains.

The Turning Point: When AI Becomes a Weapon for Both Attackers and Defenders

GTIG’s report is not just a warning - it signals a turning point where AI is being weaponized by both attackers and defenders alike.

Companies must strengthen not only technical defenses but also AI governance and internal AI usage management frameworks.

In 2026, the cybersecurity race will not be about who can block attacks better, but rather who can manage AI more intelligently.

Tech Insider Columnistㅣ tlswnqor@naver.com