Samsung SDS has identified AI-based security threats among the top cybersecurity risks expected to impact businesses this year.
The company on the 23rd released its analysis of five major cyber threats for 2026, based on a review of domestic and international cybersecurity incidents from last year. The five threats include: AI-based security threats arising from AI abuse or misuse; ransomware that seizes user information and systems while demanding payment for recovery; cloud security threats emerging as companies migrate their IT environments to the cloud; phishing and account hijacking that impersonates others to steal information, money, or access privileges; and data security threats involving unauthorized access, damage, or leakage of critical data. Samsung SDS gathered input from 667 domestic IT and security practitioners, managers, and executives, and presented countermeasures for each threat.
The adoption and expansion of generative AI and AI agents is expected to increase AI-based security threats. Excessive delegation and privilege abuse in AI agents can lead to data leaks, unauthorized operations, and system damage. To prevent this, organizations should grant AI minimal privileges, implement real-time monitoring and anomaly detection for sensitive commands such as information changes or payments, and require user approval processes.
Ransomware tactics have evolved to include encrypting victim company data, threatening to release stolen data, launching DDoS attacks, and pressuring victims' customers, partners, and media. Response requires establishing backup systems for early recovery and normalization. Stage-by-stage responses are also necessary, including blocking malicious code before execution, detecting anomalous behavior, and isolating, analyzing, and recovering from incidents after malicious code execution.
As corporate IT environments shift to the cloud, excessive storage sharing, improper authentication and privilege management, and neglected default settings are leading to security incidents. Organizations can respond by establishing continuous monitoring systems such as Cloud-Native Application Protection Platforms (CNAPP) to identify vulnerabilities in account privileges and resource configurations in real time, and automatically detect and remediate vulnerable settings such as external exposure or missing encryption according to predefined policies.
Phishing targeting corporate users now encompasses entire organizations through internal network intrusion, data leakage, additional hacking via ransomware installation, and securing attack channels into supply chains. The scope of damage can extend to personal information leaks, service disruptions, resulting financial losses, and erosion of corporate trust. Access privileges granted to AI systems such as chatbots and AI agents should be managed through multi-factor authentication (MFA) for all users and comprehensive management of access accounts, roles, and policies. Security threats from data damage and theft caused by single authentication systems, excessive privileges, and inadequate access management can be addressed through user behavior-based access controls monitoring mass file downloads, external transmissions, and access during abnormal hours.
"The proliferation of AI and AI agents will amplify new security threats including sophisticated phishing, data leaks, and attacks targeting AI environments," said Jang Yong-min, Vice President and Head of the Security Business Division at Samsung SDS. "These threats are difficult to address with traditional security solutions alone, so companies must transition from security dependent on specialized personnel to proactive responses that automate measures such as AI-based monitoring, detection, and automatic blocking by adopting AI-based security solutions."