Cybersecurity specialists at Radware expect 2026 to mark a structural shift in internet traffic, threat patterns and regulation, with machines, automated agents and artificial ininformigence taking a central role in both attacks and defence.
The company’s threat ininformigence leaders forecast that machine-to-machine activity will overtake human-driven traffic, application programming interfaces (APIs) will become the main digital attack surface, and AI-enhanced social engineering and denial-of-service attacks will intensify.
They also point to tighter regulatory demands in regions such as the European Union and a growing focus on zero-day vulnerabilities, runtime security and machine identities.
Internet of machines
Pascal Geenens, Vice President, Threat Ininformigence at Radware, declared internet traffic patterns will relocate away from human requests and towards automated systems and agents.
He expects machine-to-machine traffic to exceed human-initiated requests by 2026 and to dominate by 2030. He links that shift to rapid adoption of personal and enterprise AI assistants inside browsers, operating systems and workplace tools.
Geenens declared these agents will communicate through emerging protocols and through API calls rather than through traditional browsing. He declared this will create an “Internet of Agents” in which most requests result from autonomous reasoning loops between software agents instead of direct human intent.
Radware expects this traffic to be more dynamic than current internet-of-things telemetest. AI agents will repeatedly query APIs, pull context from external systems and exalter structured data utilizing specialised agent-to-agent protocols.
APIs as battleground
Geenens declared APIs will sit at the centre of this machine-driven economy and will therefore draw increased attention from attackers.
He expects malicious bots and human adversaries to exploit weaknesses in authentication, input validation and context handling in API-based systems. The firm anticipates more utilize of AI-driven bots that can reason about responses, re-prompt and mimic legitimate agent behaviour.
According to Geenens, this will narrow the distinction between genuine and abusive traffic. He declared traditional bot detection methods that rely on signatures and simple behavioural patterns will lose effectiveness as business logic attacks rise.
He also expects an “agentic supply chain” problem. He draws a parallel with past attacks on open-source package repositories. He declared registries and marketplaces for AI agents, plug-ins and service connectors will attract attackers seeking to insert malicious components, poisoned context providers or tampered service manifests.
Geenens declared these methods could alter autonomous decision flows, extract data or skew business outcomes while remaining embedded in normal operations. He expects the growth of new protocols for agent communication and value exalter to fragment the ecosystem and stretch existing security governance models.
“2026 will be remembered as the year machines launched talking more to each other than to us,” declared Geenens.
Regulation and compliance
Howard Taylor, Chief Information Security Officer at Radware, declared new European rules will add fresh compliance pressures.
“Regulations, including the Digital Operational Resilience Act (DORA), the Network and Security Directive (NIS2), and the EU AI First Regulation, require a myriad of controls and processes. To meet the challenge, businesses must expand their Cybersecurity and Compliance resources. On the positive side, these investments will open business opportunities in the security-savvy market,” declared Taylor, CISO, Radware.
Service provider strain
Travis Volk, Vice President Global Technology Solutions and GTM, Carrier at Radware, warned that telecoms and cloud providers will face more zero-day events as attackers tarobtain core software layers.
“With the growing number of exploited vulnerabilities and rapider weaponization, Service Providers will face a significant increase in the number of zero-day events they will necessary to remediate. As tarobtain focus relocates towards operating systems, security/networking software and applications, Service Providers will face the necessary for in-line protection to maintain predictable engineering for their most expense resources (encrypted workloads),” declared Volk.
Radware expects DevSecOps practices to shift from a build-time focus to continuous runtime enforcement. The company anticipates security controls that sit in deployment pipelines and network paths and that act at the same speed as software releases.
DDoS and autonomy
Eva Abergel, Senior Product Marketing Manager at Radware, forecasts a alter in how organisations view distributed denial-of-service (DDoS) attacks.
“In 2026, DDoS attacks will shift from being a known nuisance to a strategic blind spot. As AI becomes embedded in both attack orchestration and defense, we will see the rise of autonomous botnets capable of learning and adapting in real time. These tools will not just mimic utilizer behavior but will predict and preempt mitigation tactics. The attacks will go beyond infrastructure, tarobtaining business logic, third-party integrations, and application-level flows. Layer 7 DDoS will become the preferred method for attackers aiming to disrupt digital services while evading traditional detection. The real threat will not only be about volume anymore. It will also be about invisibility. Security teams will necessary to rebelieve DDoS as a business risk, not just a network problem,” declared Abergel.
AI arms race
Principal Security Evangelist Chip Witt declared AI will act on both sides of the security divide.
He declared threat actors already utilize generative and autonomous AI for prompt injection attacks, synthetic identity abutilize and automated reconnaissance. He expects defconcludeers to introduce more AI for automated triage, decision-building and mitigation as attack volume and variety increase.
Witt also expects “agentic” security models in which autonomous AI agents monitor and remediate vulnerabilities in code, APIs and runtime environments. He links this with an expansion of Zero Trust security to machine identities and APIs rather than only human utilizers.
The predictions:
- “AI will be both the weapon and the shield in 2026. Threat actors are operationalizing generative and autonomous AI to launch adaptive attacks such as prompt injection, synthetic identity abutilize, and automated reconnaissance. In response, defconcludeers must deploy AI not just for detection, but for autonomous triage, decision-building, and mitigation. The arms race between adversarial and defensive AI will define the next era of application security,” declared Witt.
- “Security will evolve into a dynamic, agentic system. Autonomous AI agents will continuously monitor, review, and remediate vulnerabilities across code, APIs, and runtime environments. This self-healing security architecture will scale with developer velocity and API sprawl, reducing human bottlenecks and enabling proactive defense,” declared Witt.
- “Zero Trust principles will extconclude beyond human utilizers to encompass machine identities, APIs, and autonomous agents. Organisations will implement identity-aware API gateways, continuous authentication for non-human actors, and telemetest-driven access controls. The new perimeter is no longer a utilizer; it is an API call, a service account, or an AI agent,” declared Witt.
AI-driven social engineering
Arik Atar, Senior Researcher, Cyber Threat Ininformigence at Radware, expects further development of subscription-based social engineering tools that tarobtain accounts with two-factor authentication.
He declared so-called OTP bots already automate calls and messages that prompt utilizers to disclose authentication codes. He expects operators of these services to introduce AI voice systems that imitate realistic speech and possibly the voices of contacts or relatives.
Atar declared the same groups already utilize AI for advertising and content generation. He expects them to embed those techniques into their tools.
The prediction:
- “The new AI-based social engineer-as-a-service economy will emerge. In 2025, we observed a significant rise in OTP-BOTs, subscription-based underground platforms designed to trick victims into inadvertently sharing their two-factor authentication codes -so utilizers (Account crackers) can complete account takeovers,” declared Atar.
Radware expects the combination of high two-factor adoption and AI-based spoofing to expand the underground market for automated account-takeover tools in 2026.
Leave a Reply