2026年威胁态势报告：人工智能体的崛起

FOREWORD04 SECURITY FOR AI SURVEY INSIGHTS AT A GLANCE05 AI THREAT LANDSCAPE TIMELINE11 WHAT’S NEW IN AI13 PART 1: RISKS POSED BY ARTIFICIAL INTELLIGENCE17Risks to Society17 PART 2: RISKS FACED BY AI-BASED SYSTEMS26 Attacks on Model FoundationsAttacks Against GenAIAgentic Systems Security263033 PART 3: ADVANCEMENTS IN SECURITY FOR AI47 Defensive Frameworks and InitiativesThe State of AI Red Teaming4751 Part 4: Predictions and Recommendations57Predictions for 202657 About HiddenLayer & Resources61 We are entering the next phase of the AI revolution. What began as predictive models and generative interfaces is rapidly evolvinginto autonomous, agentic systems capable of planning, reasoning, and acting on our behalf. In 2026, no mission, enterprise, or Agentic AI represents a profound leap forward. These systems are no longer limited to responding to prompts. They can set goals, calltools, interact with other systems, generate code, initiate transactions, and adapt dynamically to changing environments. Properlyharnessed, they promise unprecedented operational efficiency, accelerated innovation, and entirely new models of productivity. When AI systems are empowered to take action, the attack surface expands dramatically. The same capabilities that enable agentsto automate business processes can be manipulated to automate exploitation. The same reasoning loops that drive efficiency can Make no mistake, the defining AI security challenge of this era is not hypothetical superintelligence. It is the weaponization,manipulation, and compromise of autonomous systems by bad actors. Agentic architectures introduce new layers of vulnerability, including tool poisoning, memory manipulation, model context hijacking,multi-agent collusion, identity abuse, data exfiltration via action chains, and the exploitation of decision-making loops. These risks Traditional cybersecurity principles remain essential, but they are no longer sufficient on their own. Securing agentic AI demandscontinuous validation of model behavior, real-time inspection of agent actions, guardrails around tool access, and controls that In this year’s report, we examine how the rise of agentic AI is reshaping the threat landscape. We detail the novel attack patternstargeting autonomous systems and analyze how adversaries are adapting proven tactics to exploit AI-driven workflows. We sharefindings from security and AI leaders deploying agents in production environments, along with data-driven insights from our work As organizations race toward autonomy, security must move just as quickly. Innovation without protection invites disruption.Autonomy without oversight invites abuse. Let this report serve as a guide for navigating the agentic era responsibly. Whether you are building, deploying, or defending autonomoussystems, we invite you to join us in securing AI not just as a tool, but as an actor in our digital world. We are proud to present the 2026 HiddenLayer AI Threat Landscape Report. TitoCEO & Co-Founder(Unassisted by LLMs) This year’s survey reveals a growing disconnect between howAI systems are being deployed and how they are being secured.Organizations are rapidly operationalizing AI with increasingautonomy, while security programs remain largely optimized forstatic models and traditional application controls. Foundationalsafeguards such as encryption and secure deployment arenow common, but the operational controls required to manageagentic behavior, provide runtime visibility, conduct adversarial erodes control, with most organizations acknowledginguntracked deployments that bypass governance, monitoring,and approval processes. In agentic environments, delayeddetection and unclear ownership are not just inefficiencies; At the same time, AI has become foundational to businessoperations. Most organizations now consider both internallyoperated and third-party AI systems critical to revenue,customer experience, and operational resilience, yetconfidence in vendor security remains limited. Taken together,the findings reinforce a core conclusion reflected throughoutthis report: AI systems should be assumed exploitable, notmerely vulnerable. Securing AI in an agentic era requires a shift That risk is amplified by limited detection confidence andfragmented accountability. Nearly one-third of organizationscannot definitively determine whether they experienced anAI security breach in the past year, even as attacks remain AI’s Critical Role in Business Success of organizations report thatmost orall internally operated AI models are state thatAI projects are critical orimportant to revenue generationover report thatembedded third-partyAI models are also business-critical, say AI is critical or important tocustomer experience, and96%tocorebusiness operations, raising the impact Rising Attacks — With Uneven Detection Attack Vectors for AI Breaches of organizationsdefinitely knowwhether they experienced an AI securitybreach in the pa