AI arms race to reshape Australia’s cyber defences by 2026

Kinetic IT has outlined five cyber security trends it expects to shape Australian critical services in 2026, with AI-driven attacks and AI-driven defence tools at the centre of a widening cyber arms race.

The company said AI already sits inside criminal toolkits and it expects attackers and defenders to standardise tactics around automation, machine learning and new forms of identity control for AI agents.

"We can expect more sophisticated phishing and social engineering, powered by AI-generated content and deepfakes so convincing that spotting pretext without advanced tools will be near impossible. Adversaries will use AI to accelerate attacks, boosting speed, scale, and stealth. Autonomous 'agentic' malware will emerge, capable of scanning networks, finding vulnerabilities, and adapting tactics on the fly. Crime-as-a-service will deploy AI bots to run hyper-realistic phishing campaigns, complete with synthetic voices and deepfake videos impersonating trusted contacts.

"Defenders will respond in kind, with security teams increasingly relying on intelligent agents in security operations centres (SOC) to automate detection, correlation, and response. AI 'tier zero' analysts will handle triage, sift logs, prioritise alerts, and even execute containment actions in seconds, turning cutting-edge capabilities into standard practice. By year's end, AI-driven triage and incident analysis will be commonplace," said Tony Campbell, Enterprise Security Service Line Manager, Kinetic IT.

Kinetic IT also flagged security risks that come with broader AI usage inside organisations. It said companies need tighter identity and access controls for AI agents. It expects new standards and frameworks to play a bigger role in governance, including ISO 42001 for AI management systems and standards focused on AI threat models.

Campbell described a balance between using AI for defence and managing it as an emerging attack path.

"In 2026, the challenge is harnessing AI's defensive power without letting it become the ultimate attack vector. Despite this, AI isn't just an attacker's weapon, it's a game-changer for defenders. In 2026, intelligent automation will mean faster detection, smarter correlation, and near-instant response, dramatically reducing dwell time. Combined with adaptive security frameworks and ISO 42001 standards, these capabilities could transform resilience, shifting cyber security from reactive firefighting to proactive risk management," said Campbell.

Quantum signals

Kinetic IT placed quantum-related developments at the top of its predictions list. It pointed to research efforts around room-temperature quantum communication and said that, if practical deployments follow, it would reshape assumptions around interception and secure communications.

"Quantum communication typically requires ultra-cold laboratory conditions, and it's so fragile that even breathing near the equipment can ruin the experiment. Now, researchers have managed to send quantum signals at room temperature, using a novel method that stabilises those notoriously fragile quantum states. This is not a marginal improvement. Quantum communication, especially the sort that doesn't require a cryogenic freezer the size of a small caravan, is the beginning of a strategic shift, because once quantum communication becomes affordable, portable, and industrial rather than academic, we enter the age of guaranteed interception detection," said Campbell.

The company said large organisations should start planning for quantum-resilient architectures and future threat models. It also pointed to supply chain dependencies, including vendor readiness for post-quantum requirements.

Wearables exposure

Kinetic IT expects cyber security to converge more directly with wearables and medical devices. It said health data generated by consumer devices creates an expanded target area, including for platforms linked to wellness programs and insurance arrangements.

"Wearables bring their own challenges. Health trackers and the data they collect-such as heart rate, location, sleep patterns-are prime targets. Breaches of fitness platforms or insurer wellness programs could expose deeply personal information. Expect moves toward security certification for consumer IoT health devices, building on Australia's voluntary IoT Trust Mark and emerging smart device standards," said Campbell.

Smart city risk

Kinetic IT also expects higher risk for smart cities and connected critical infrastructure. It said connectivity expands the number of potential entry points, especially where operators manage a mix of IT and operational technology.

"In 2026, expect at least one major city to suffer a coordinated cyberattack with a real possibility of ransomware taking down IT networks and connected services. The pace of development demands faster modelling of attack scenarios, because the consequences of failure will be systemic and potentially catastrophic," said Campbell.

The company pointed to government initiatives focused on critical infrastructure and to emerging sector-specific standards. It also described measures it expects to see more often, including cyber emergency drills, network segmentation and asset mapping, alongside greater information sharing between agencies and industry groups.

Digital government

Kinetic IT said government agencies face an expanding threat landscape as more services move online. It said attackers will target citizen-facing portals and underlying data stores, and it expects more attempts at manipulation rather than theft alone.

"In 2026, expect attackers to escalate tactics, moving beyond data theft to manipulation, such as altering permit records or health data to sow chaos. With elections looming in some jurisdictions, electoral systems and disinformation campaigns will face increased targeting as hacktivists and state actors seek to undermine trust," said Campbell.

The company also highlighted the role of national coordination functions and legal frameworks for critical services, including the Security of Critical Infrastructure Act. It expects more cyber drills and stronger notification and response processes across agencies and operators.

Design requirements

Kinetic IT's final prediction focused on secure-by-design expectations. It said regulation, procurement requirements and insurance conditions will push security controls earlier into product development and service delivery.

"Market forces reinforce this trend. Buyers now demand proof of security hygiene with ISO 27001 compliance, regular penetration tests, and secure coding practices becoming deal-breakers. Cyber insurance providers increasingly require evidence of controls before issuing policies. In practice, expect widespread adoption of DevSecOps 'shift-left' testing and secure coding training. Products will ship with multi-factor authentication enabled, encryption by default, and sensible privacy settings. Governments may introduce consumer-facing security labels for Internet of Things devices, similar to energy rating labels, to raise the baseline and eliminate low-hanging fruit like default passwords. Continuous compliance monitoring replaces annual audits, with dashboards providing real-time visibility into security posture," said Campbell.

Kinetic IT said regulators and commercial partners will take a harder line on breaches linked to patching failures and other basic lapses. "Security will no longer be bolted on; it will be woven into innovation," said Campbell.