Cybersecurity leaders have spent years defending against familiar threats, and while those risks remain significant, Gartner’s 2026–2027 ThreatScape suggests the balance of power is shifting toward a new class of threats fueled by AI, more complex software ecosystems, and expanding attacker capabilities.
As organizations race to adopt AI and agentic technologies, security teams are being forced to defend attack surfaces that are still poorly understood and constantly changing.
Presented at the Gartner Security & Risk Management Summit, the report argues that security teams can no longer treat AI-related risks as future problems. Instead, Gartner says organizations should be focusing now on four areas where attackers currently have the upper hand: AI application compromise, deepfakes, software supply chain attacks, and prompt injection.
Source: Gartner (June 2026)
1. AI Application Compromise
As AI applications move into production, the attack surface extends far beyond the model itself.
Security teams now have to account for how AI systems interact with enterprise data, external tools, and business workflows. Gartner warns that weaknesses in those connections can expose sensitive information or create opportunities for unauthorized actions, making AI security a broader challenge than model security alone.
2. Deepfake Identity Impersonation
The rapid improvement of AI-generated voice and video is making impersonation attacks more convincing and more difficult to detect. Gartner highlights growing concerns around executive fraud, recruitment scams, and attacks against biometric verification systems.
As trust becomes easier to manufacture, organizations may need to rethink how they verify identities and sensitive requests.
3. Software Supply Chain Attacks
Software supply chain risk continues to grow as organizations rely on an increasingly complex mix of open-source software, third-party vendors, and AI components. Attackers don’t need to target every company directly if they can compromise a dependency that sits upstream.
Gartner argues that visibility into what is running in the environment, and where it came from, is becoming a foundational security requirement.
4. Prompt Injection
Prompt injection stands apart from traditional vulnerabilities because it targets how AI systems interpret instructions.
A successful attack can alter a model’s behavior in unexpected ways, potentially leading to data exposure or actions that fall outside intended controls. Gartner recommends building prompt injection testing and monitoring into the AI lifecycle rather than treating it as a problem that can be solved with a single safeguard.
The Wrap
The common thread across all four threats is that traditional security controls weren’t designed for them. Organizations that treat these risks as tomorrow’s problem may find themselves reacting after attackers have already moved ahead.
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
