2025 saw a number of significant trends emerge: from the increasing use of Artificial Intelligence (AI) and deregulation of industries at government level to the widening skills shortage of IT professionals.

This constant evolution of the computing ecosystem shows no signs of slowing in 2026, and – as innovations accelerate and new attack methods are uncovered – many companies will need to adjust their security strategies for the year ahead.

Firmware and boot-chain persistence becomes mainstream

Across 2025, investigators and incident-response teams increasingly encountered compromises that originated below the operating system, within the Unified Extensible Firmware Interface (UEFI) and the broader booth-chain. Multiple disclosures across the year highlighted systemic weaknesses in UEFI implementations, and persistent bootkit vendors affecting hundreds of motherboard models. Attackers were also found to be targeting the boot process for persistence while supply-chain lapses exposed signing keys to hackers.

We now expect a big response from the industry. In 2026, we hope that firmware integrity stops being a speciality topic within cybersecurity, and instead become a baseline requirement for endpoint trust decisions. This can be achieved through a measured boot process and signed event logs, alongside reference measurements which can be provided through TCG technologies like RIM and PRCR. Other standards such as CyRes can also aid with recovery provenance.

Agentic and Shadow AI

In last year’s blog, we noted that AI was set to become even more integrated across all industries in 2025. This proved to be true, and now the threat landscape associated with AI is greater than it ever has been before. For example, Agentic AI is being increasingly weaponized by threat actors in order to carry out cyberattacks that are quicker, autonomous, and more complex, since the technology enables less experienced hackers to carry out large-scale, potentially high-value campaigns that bypass traditional defences. We can expect to see the scalability of attacks increase, since every aspect from reconnaissance to exfiltration can now be carried out autonomously, speeding up the time it takes from access to full execution.

At the same time, the rise of Shadow AI is a cause for concern. By October 2025, research carried out by Microsoft found that 71% of UK employees use unauthorized AI tools at work, increasing the likelihood of privacy and security risks. If businesses don’t have full oversight on their employees AI usage, it can open the door to significant data leakage, security vulnerabilities, and compliance risks, all of which can result in serious financial and reputational damage if an issue occurs. As AI becomes more popular, it’s not hard to imagine the use of unauthorized, third-party tools will skyrocket this year.

Supply chain attacks on the rise

The rise of these Agentic AI attacks will also mirror the increasing number of supply chain attacks, since hackers will likely leverage the former to carry out autonomous actions and realistic impersonations. Attackers will use the latest tools to find vulnerabilities and create complex, self-evolving malware attacks that operate at faster speeds than a human can respond to. The vast majority of these attacks will be against third party Software-as-a-Service (SaaS) providers, as attacks attempt to exploit trusted connections between cloud apps in order to gain access to the wider chain. Additionally, entities within the supply chain will also be using their own AI services, which can be exploited and weaponized by attackers to their own ends.

Supply chain risks typically drive demand for verifiable provenance – third-party exposure and software supply-chain incidents are a significant influence, alongside chronic secret leakage in codes and builds. To this end, in 2026 we believe more buyers will expect cryptographical evidence of what was built, from what inputs, and how these map to what is running on devices. This can be achieved by tying SBOMS tied to signed build providence, as week as signed release artefacts, endorsement chains, audit-ready traceability from source, to build, to the firmware/OS image.

PQC migration efforts

As we’ve touched on in content throughout 2025, Post Quantum Cryptography (PQC) is no longer a distant concern, but is becoming a pressing issue. As we get closer to the day a quantum device capable of breaking encryption methods is realised, and with ‘harvest now, decrypt later’ attacks being carried out in secret, migrating to the approved, standardized PQC algorithms should move up a notch in 2026.

For TCG, this means updating our specifications in line with the roadmaps laid out by organisations such as the National Institute of Standards and Technology (NIST) and the National Cyber Security Centre (NCSC). Full migration will take some time, yet according to our State of PQC Readiness survey, 55% of security professionals across the US and Europe believe one PQC algorithm will be implemented by the end of this year, so we would expect to see some PQC pilots implemented in high-risk industries such as IT, finance and healthcare this year.

Greater credential theft

Last year, stolen credentials became a reliable entry point for attackers, fuelled by a steady stream of infostealer‑harvested logins leaking from unmanaged or personal devices. Even well‑protected organisations found themselves exposed, since identity alone was no longer a meaningful barrier: if an attacker had the right username and password, they often looked indistinguishable from a legitimate user.

This year, this has to change. The question of “who is this?” can no longer be separated from “what device or workload is making the request?” Identity must be anchored to something harder to fake, such as hardware‑bound keys, measured boot states, trusted execution environments, and verifiable device posture. Access decisions increasingly need to evaluate not just the claimed user, but the integrity, provenance, and security health of the system presenting those credentials. To help in these efforts, TCG technologies like TPM and DICE offer optimal device attestation, and access policies built on attestation signals.

Increasing exploit-led intrusions

Exploit-led intrusions continue to accelerate as attackers concentrate on exposed external infrastructure where a single weakness can unlock broad access. Edge services such as VPN concentrators, secure gateways and remote access platforms remain attractive targets as they sit between trusted and untrusted networks and provide scalable entry points that can bypass traditional endpoint controls. Attackers now weaponize n-day vulnerabilities, chaining exploits with credential harvesting and other methods to move laterally once inside. As organizations expand hybrid work and cloud connectivity, the attack surface at the edge grows faster than many defenders’ ability to harden and continuously monitor it.

In 2026, defensive strategies must evolve beyond the assumption of trust after a boot, and attestation must go beyond firmware or start-up checks: real-time visibility into whether edge devices are correctly configured, fully updated, and operating as intended will become even more critical. TCG can help as our technologies support continuous and/or periodic integrity reporting, verifiable configuration states, and secure update pipelines with staged rollouts. Users can also benefit from tamper-resistant logs, alongside remote remediation workloads that are guided by attested posture.

The need for confidential compute

Another thing which needs to grow in prominence this year is confidential computing and layered attestation, especially as organizations seek stronger guarantees about data and workload integrity. The adoption of confidential Virtual Machines (VMs) and Trusted Execution Environments (TEEs) needs to expand into mainstream cloud and hybrid deployments, especially because AI-driven implementation and deepfakes are eroding traditional trust signals such as identity alone. Approximately 62% of organizations have already experienced a deepfake attempt within the last year, and, as a result of these emerging threats, it’s key that authenticity and integrity controls operate at different layers, combining hardware-backed measures with cryptographic proof of workload identity and state.

Attestation will hopefully continue to broaden well beyond traditional devices into VMs, containers, software artifacts, and even AI models themselves. 2026 needs to be the year that organizations become more hardline in verifying not just who requests access, but what code is running, where it’s running and whether it remains untampered throughout it’s lifecycle. This will require interoperable attestation frameworks that span hardware Roots-of-Trusts (RoTs), TEEs, CI and CD pipelines and model development platforms. It will also need vendors to routinely align on standards and APIs that allow attestation evidence to flow across layers. Applying this trend to TCG, we can offer organizations confidential VM attestation integration, with standardized evidence handling and cross-vendor endorsements. Our technologies also highlight signed model and artifact integrity and provenance, alongside policy engines that can reason over multi-layer attestations.