• 2026 has been a lot, and there is no denying that uncertainty hangs in the air.
• Everyday people feel the impact of global shifts and instability. Threat actors are feeling it too.
• Attackers perceive volatility as an opportunity to strike. It’s our job to be ready to strike back. 
   

In a world where the only constant is change, a blog about instability might feel dated within seconds of going live. Nevertheless, the ongoing “expect the unexpected” mindset is likely to stay evergreen–whether you are reading this today or a year from now. That’s because if you doomscroll the news (zero stars, not recommended), interact with other humans (a better choice), or simply wake up in the morning and take a deep breath (baseline), you are likely picking up on a pervasive energy of unrest. 

As geopolitics intersect with our daily lives, many of us are searching for a sense of stability to offset the free-floating anxiety swirling around everything from rising gas prices and skyrocketing housing costs to learning baseball teams are paying fans to show up nekkid from the waist up. With all these concerns and distractions, attackers are rubbing their hands with glee as they survey a vulnerable threat landscape, where instability = opportunity.

We’ve seen this movie before. During the Covid 19 pandemic, attackers had a heyday. With unease on the rise once again, they are back at it. And this time their attacks are further amplified by increasingly potent Agentic AI. Just recently, for example, the Iranian hacker group Handala deployed LOTL tactics to kneecap a medtech giant. This attack highlights the risks of supply-chain weaknesses that roll out the red carpet for attackers with a vendetta.

Then comes Fast16, a previously undetected sabotage framework that dates back to before Stuxnet and is designed to subvert nuclear weapons simulations, and the emergence of frontier AI models capable of ferreting out vulnerabilities dating back years—a powerful tool for defenders that so far has only been available to the largest enterprises, which puts pressure on security vendors to protect everyone else.

Back doors are the new frontlines

The elevated threat level coincides with increased attacker sophistication. Weaponizing AI, attackers gain access through previously trusted channels. Once in, they lay in wait, playing an LOTL long game for maximum destructive impact. Recently, Symantec and Carbon Black uncovered Seedworm, an Iranian Advanced Persistent Threat (APT) attacker, which enters a back door to infiltrate a wide range of organizations, including banking, aviation, and links in government supply chains. The potential consequences of these carefully crafted back door break-ins are so terrifying they make previous attacks feel almost quaint by comparison. 

In 2026, attackers strike fast and strike hard, with a no-mercy strategy that leaves unprepared (and often under-resourced) organizations with little choice but to pay up and take the L. At increasing rates threats keep coming from within, as the ransomware attacks continue to exploit legitimate software to steal data. But unlike attacks of the past, they don’t encrypt stolen data and then try to sell it back. Instead, they leave it unencrypted, and threaten to leak it or sell it elsewhere. This ups the ante, increasing risk to all new levels in an extortion epidemic with potentially lethal consequences. 

Not only do these breaches decimate the bottom line for enterprises trying to stay afloat in a time of great change, they also destroy trust—a pillar even more valuable than money. Without it, institutions die. Lost trust is especially grave when some of the most at-risk sectors include telecom, financial services, and government. 

High stakes call for heightened security

If the bad news is that well-equipped attackers are prepared to strike at any moment, the good news is that we are more than ready to stop them in their tracks and strike back. At Symantec and Carbon Black, our teams have been working around the clock to outpace attacker evolution.  

Consider our growing stable of AI-enabled protections.

As LOTL schemes attempt silent infiltration, Adaptive Protection (AP) leverages behavioral analytics to spot threats early and block them before they take root. By identifying anomalous uses of legitimate OS utilities and other software, Adaptive Protection shuts down anomalous behavior of legitimate software. Of course, Zero Trust and continuous verification help here too. As explored in our recent series on approaches to repatriating IAM, in 2026, identity is everything. With Agentic AI fueled by sophisticated LLM’s permeating every enterprise, identity is increasingly crucial. Knowing the who-behind-the-what keeps trusted tools in the right hands.

Agentic AI, meet Symantec CBX

I know we all get tired of hearing about “the next world-changing solution.” But it’s time to listen up: Symantec CBX marks a massive development in our commitment to provide enterprise-grade security for all. Combining decades of expertise and award-winning capabilities from both industry powerhouses, CBX equips even the leanest SOC with streamlined and all-inclusive protections with a single, unified, cloud-based platform. 

From Davids to Goliaths, every business in your supply chain gets extensive visibility and proactive protection, without the complexities that slow down strapped teams.. Because even a behemoth can be toppled by downstream chinks in the supply chain armor, especially when AI gives attackers shortcuts to the weakest link. 

To be clear, Symantec CBX is not at war with AI. It’s at war with AI—and that’s a crucial distinction. CBX leverages the best of AI—from Incident Prediction’s forecasting abilities to Threat Tracer’s attack surface mapping—to put control back in the hands of the good guys and make detection and defense easier and faster than ever. That way the human heroes of SOCs can focus less on filtering and correlation and more on actionable insights. Capitalizing on AI, CBX delivers native data correlation, dynamic prevention, and intuitive investigations for full telemetry visibility–all at record speed.  

The ultimate weapon for 2026 and beyond

As a master of all domains, CBX secures endpoints, networks and data, all while correlating signals to transform noise into actionable intelligence–and then suggesting the next right step. It relieves overburdened SOCs by helping analysts connect the dots, find the answers they need, and then point them in the right direction—all just in time to stop would-be attackers bent on doing the wrong thing. 

At a time when it feels like the ground keeps shifting under our feet, CBX offers a solid security foundation. Grounded in the combined strengths of two legends, and purpose-built to withstand everything from geopolitical instability to the AI earthquake that’s shaking up institutions and enterprises of every size, CBX helps safeguard your organization against uncertainty and unrest.  

Whatever may come, stand strong. We’ve got you.  

See exactly how CBX stacks up against AI-powered threats in our latest five-part webinar series, CBX Fest—a monthly dive into the features that make CBX unparalleled.