The security landscape in 2026

The security landscape is undergoing a rapid transformation.

Adversaries’ AI-driven threat innovation is evolving at an accelerated pace via streamlined information synthesis and automated workflows. This is resulting in more diverse adversary capabilities and new, indirect avenues of access. AI’s role on both sides of the cyber battle is anticipated to shift significantly as these technologies become more widespread.

The Elastic Global Threat Report uncovers real-world threat activities, revealing a fundamental shift in how adversaries achieve success today. It also includes a new section describing our visibility from non-telemetry sources, highlighting which malware families and threat behaviors were seen externally.

Access brokers are increasingly using information stealers to maintain a distance from collective defense efforts, significantly escalating the risks of credential exposure through cloud storage and other services. Trojanised software, which represented about 61% of all malware samples observed, was a major contributor; the ClickFix methodology is one of the most common techniques used to deliver trojans and infostealers. More than 24% of malware samples on Windows represented named infostealer code families.

The Elastic Global Threat Report

This report from Elastic in late 2025 covers the following key trends in depth:

• Adversary priorities on Windows are changing
• The cloud attack surface is highly concentrated
• Adversaries are weaponising AI to lower the barrier to entry for cybercrime
• The theft of browser credentials has industrialised

Download