The future of AI and cybersecurity
Dec 23, 2025
Transcript
Samuel Hill
Hello and welcome, everyone, to Mind What Matters, the show where we focus on interesting data points from the world of cybersecurity so you can mind what matters.
My name is Samuel Hill. I lead Product Marketing here at MIND, and I am joined, as always, by my co-host, the brains of the operation here at MIND, Landen Brown, Field CTO. Landen, how are you today?
Landen Brown
I am good, Sam. Merry Christmas. We are almost there, three days away from the big day.
I think it is the biggest day of the year for both of our households, given that we have so many kids. I will say there is one solid tradition that I always look forward to in my household, which is steamed pork buns. It is the staple recipe tradition of our family, and we only really splurge and make about five times the recipe on Christmas Eve.
So I am excited. That is what I am looking forward to the most.
Samuel Hill
That is a great tradition to look forward to.
And somebody else who knows an awful lot about having lots of children, Eran Barak, the co-founder and CEO here at MIND. Welcome to the MIND What Matters podcast.
Eran Barak
Yeah, great, Samuel. Hi, Landen. Thanks for having me.
And by the way, thank you so much for putting this podcast in place. I have heard a lot of good feedback about it, and I am excited to be here today before the end of the year and Christmas.
It is a sunny day here outside in Seattle after many days of clouds and rain, so I am excited about that.
Samuel Hill
Can you imagine the work happening in the North Pole right now? Santa is getting ready, loading the sleigh and finalizing all those last details as he makes his speed run around the world.
We are going to start off as we do with most episodes and talk about what is on your mind.
Landen, I will start with you. What is on your mind as we go into this joyous, festive holiday season?
Landen Brown
For us, this is our second, but less hectic, holiday here in Idaho.
We moved from Virginia. I took about a decade-long break from Idaho, moved to Virginia, did some work down there, and then we ended up moving back just over two years ago.
This holiday season is less hectic because it is not the same year that we moved right before Christmas. So we have been able to establish our traditions and have a good time as a family up to this point.
I think we have a better plan for how we can relax and have fun in Idaho and take advantage of things. I will say the downside is that it is not a white Christmas. We moved to Idaho to enjoy the white Christmas, and it is now our second non-white Christmas in a row, which is kind of ironic.
Other than that, I think we are doing really well. Top of mind for me is expanding on the traditions that we have in our household. So it has been a good year so far.
Samuel Hill
Yeah, not having a white Christmas, especially when you live in the mountains as you do, Landen, is a little disappointing.
I am looking outside. We currently have snow on the ground. It is, however, projected to melt away before the big day.
Eran, let us go over to you. What is on your mind?
Eran Barak
Yeah, so I think like Landen, we have been here in Seattle almost eight years now.
We celebrated Christmas here in Seattle the first year we came, and from then on we used to travel every year. Now I think this is the second year that we are doing Christmas here in Seattle.
I am excited about that, at least less travel, being at home and staying put here in Seattle. And as Landen said, I do not see snow here in Seattle this Christmas either, so we will watch it from afar.
Samuel Hill
Well, for all of you watching and listening, I hope your Christmas is merry and joyous, and maybe, if it is appropriate for your climate and part of the world, that you have a white Christmas as well.
That is what is on my mind. I have my family in town staying here at the house and, obviously, all of the activities, scheduling and fitting in all the different pieces that everyone is looking forward to for the holiday.
Thinking of traditions, though, guys, I wanted to start by playing a little bit of a game with you. I have not talked about these traditions with you, but what I would like to do is read you three different holiday traditions from around the world.
They might be true, they might not. You are going to have to decide: is it fact or is it fiction?
This is our holiday traditions edition of Fact or Fiction here on the Mind What Matters podcast. I am going to read you the tradition, tell you what part of the world it comes from, give you a brief description, and you are going to have to decide whether it is fact or fiction.
Here is the first one. This one comes from Spain, the wonderful nation of Spain, and it is called, and I am probably going to mispronounce it, Caga Tió.
Here is the tradition: a grinning log is fed sweets, tucked under blankets, and then ceremonially beaten with sticks while children chant until it literally poops gifts like a festive wooden piñata.
Eran, is this holiday tradition fact or fiction?
Eran Barak
Let me do ChatGPT before I answer.
No, I am kidding. Based on what you said, I would say fiction.
Samuel Hill
All right. Landen, fact or fiction?
Landen Brown
Listen, us as Americans do not have thousands of years of traditions as a culture. So the traditions we do have, if any are specific to Americans, are not really that strange.
The Spaniards have been around a long time. And I do not know if you know about some of the interesting sports that they play also. It is entirely believable that this is something they would be up to with their kids.
I am going to say fact.
Samuel Hill
So you are going to say fact. All right, excellent.
This tradition is indeed a fact. In Catalonia, they have a wooden log that they beat until it poops out gifts, which I think my children would love. Maybe that is something we are going to start this year.
Unlike me, I usually feel like the wooden log that gets beaten with sticks at the end of Christmas.
Landen Brown
I will be like, maybe that is what we need to do with our kids.
Eran Barak
Yeah.
Landen Brown
Yeah, that is me or my wife, right.
Samuel Hill
All right, number two.
This next one comes from Latvia, one of the Baltic states, and it is called Candle Counting Night.
On solstice eve, families place candles along windowsills and tables, never counting them aloud, and at midnight the youngest child in the family guesses the total. If they get it right, the family will have a year of good health and prosperity.
Landen, we will start with you. Is this fact or fiction?
Landen Brown
Listen, I am a history buff, and Eastern Europe has been through a lot historically in the past 150 to 200 years. So there are a lot of traditions in Eastern European families that help keep motivation and positivity in the home.
This one seems a little strange given that it is the youngest child guessing it. I can see some of the commonalities with positive reinforcement because there has been so much hardship there over time.
But for me, I am going to say fiction. It is not quite believable enough.
Samuel Hill
All right, and what about you, Eran?
Eran Barak
Yeah, when he said the youngest one, and I have a two-year-old, obviously he cannot count and guess.
And I do not want to be wrong again alone, so I will go with Landen and say fiction.
Samuel Hill
You are both calling fiction, and congratulations, that is a fiction. I made that one up.
I thought I could throw you off with Latvia. It is one of my ancestral family homes, so I thought I could sneak that one by you guys, but unfortunately not.
All right, third one for you guys. This one comes from the wonderful nation of Japan, where I do have family living. It is called KFC Christmas, where families reserve buckets of fried chicken weeks ahead, dressing it up as Christmas dinner, complete with cake and champagne, thanks to decades of extremely successful seasonal marketing.
Something we do not know anything about here at MIND, successful marketing, but it seems like it is working in Japan.
Eran, let us start with you. Fact or fiction?
Eran Barak
This is a tough one. Japanese culture is obviously fascinating and very different.
Although KFC is American, and I do not know the connection between Japan and America in this regard, I would say fact.
Samuel Hill
All right. Landen, fact or fiction?
Landen Brown
My sister actually studied abroad and then lived abroad in Japan for a number of years. And Eran, I think it is an understatement to say that Japanese culture is very unique. It is also beautiful. I think that is one of the things we as Americans get to admire, the thousands of years of culture that other societies have built that we do not really have.
I always admire all of these unique differences that each culture has.
However, I will say the Japanese have a strange fascination with some things that are American, a very strange fascination. So this one feels possible.
I also feel like I have heard something about KFC and fried chicken and the Japanese a while back, so I am not quite sure.
At the same time, I feel like Sam would purposely give us two fictions and one fact. Based on that premise, I am going to say fiction.
Eran Barak
Yeah, that makes sense.
Samuel Hill
All right, so Eran, you said fact, and Landen, you are calling fiction.
Eran, congratulations. This is indeed a fact. It is very popular in Japan, and again, weeks and weeks ahead, they have to reserve their fried chicken Christmas dinner.
And I agree with you, Landen. There is a lot we can learn and appreciate as Americans from cultures around the world that have long histories and many traditions. It is a beautiful thing. We get to pull the best from them.
So this year for Christmas, my family will be eating fried chicken from KFC as well. Just kidding. My wife would not allow that.
All right, guys, thank you for that. That was kind of fun.
I think the winner of our Fact or Fiction is actually a tie. You both got two correct and one wrong. So congratulations on tying. Merry Christmas.
Eran Barak
This was not planned in advance for our audience.
Samuel Hill
No, not at all. I kept this very secret. My planning here was hopefully fairly impeccable.
Let us dive into this part of the year.
Every single year, it seems like somebody has a prediction for what will happen in 2026. While there are typically low stakes in making these predictions, whether you are right or wrong, it is still kind of fun.
Guys, we have been working on some of these predictions. I have three that I am going to read for you, and we are going to react to them. Then, at the end, we are each going to make our own predictions for 2026.
Maybe we will revisit this in a year and call fact or fiction on whether what we thought came true.
So let us dive into the first one. This one comes to us from TechRepublic, and they are talking about deepfakes forcing a trust revolution.
Here is what they say:
Trust used to be implicit online. Now it must be engineered. Between deepfakes, synthetic identities and AI-generated content, we have seen a surge in fraud and impersonation that legacy verification methods simply cannot mitigate. Regulators are pushing toward mandatory provenance standards, and I expect that to accelerate. Companies will need the ability to prove where data came from, how it was generated and whether it was altered, especially for high-impact decisions and sensitive workflows. The shift is not just about compliance, it is about maintaining credibility in a world where anything can be faked. Provenance pipelines, watermarking and cryptographic signatures will become foundational.
Landen, what do you make of that prediction for 2026?
Landen Brown
I do not even think it is a prediction. I think it is happening.
I can tell you from personal experience, it is happening. I have gotten numerous phone calls at 2:00 a.m. from Eran begging me for money, and family members as well. Family members have gotten those calls from me. I think I shared a story on a previous podcast with you, Sam.
I would almost say this is not even a prediction. This is happening now. The real prediction is how it is going to be solved.
One of the things I have thought about a lot is that it almost seems like we invented key signing, email signing, public-private keys, asymmetric keys and encryption for a reason. I feel like this is one of those areas where we are going to see an expansion of that methodology, maybe centralized signatures throughout the enterprise.
We think of applications communicating autonomously. We think about users emailing each other, communicating over Slack, making official business calls to employees or people who report to me.
I feel like there is going to be, maybe not exactly this, but some kind of centralization of authenticity. Is there a third-party signing mechanism for every email, every text, every Slack message, every phone call, every record that someone uploads, attaching a specific identity signature to what they are doing and their intent?
I do not know, but I do think this goes beyond a prediction and is something happening now. The prediction lies in how organizations are going to solve it.
Samuel Hill
Well, and Eran is the person who is usually sending me those text messages asking me to get gift cards because he is in an important business meeting.
You are the CEO of our company, right? You are the person people would try to impersonate.
So what do you think about all this?
Eran Barak
Yeah, first of all, I agree with Landen. It is not a prediction, it is already happening.
If we got used to scams where you got some text messages and stuff, now we are moving to a different level. Sam, you are sending us pictures of the three of us or some people from the company, and they look completely real.
So how would I know that this picture was not real and just faked by an AI model?
To Landen’s point, we will need to see some development around how we prove that this data is real and has not been altered. Because it is scary. I can tell you it is scary.
You can really do some crazy stuff with this kind of technology these days. It affects more than just business. We are in the B2B world, but it will affect very personal human situations too. I think of my kids when they grow up. You can shame people and do some really scary things.
So we need to be careful about that. I really hope there will be some regulation around it because we cannot let it go.
If you combine this with social platforms like Facebook, Meta, WhatsApp and Snapchat, it is a really scary combination when you think about it.
Landen Brown
Yeah, it is funny. You open up any cybersecurity book, a Security+ book, a CISSP book, a CASM book, whatever is teaching cybersecurity at a 101 level, and they talk about the CIA triad: confidentiality, integrity and availability.
I feel like we have done a really good job as an industry bringing those three concepts to each individual piece of technology. Emails have an element of confidentiality, integrity and availability. So do applications, and so does data.
But not across the ecosystem in a collaborative way that enforces authenticity of identity, behavior and action.
That is why I wonder if there is a world where we see something similar to how we centralize keys in a vault or bring in Okta to centralize identities, but more of a CIA-focused authenticity platform integrated into everything for the identity layer and what it is doing.
If it does not have this key or this tag associated with it, maybe we do not even let it traverse the network or the API gateway.
Especially when we think about how we are going to monitor agents running autonomously at light speed, we are not going to be able to do that manually. There has to be some level of verifying authenticity, and it needs to tie back to how we now have software-defined networks and applications.
So I think, bottom line, there is going to be a consolidation in how we verify authenticity in the technology ecosystem. I do not know exactly what that is yet, but it is becoming more necessary.
Samuel Hill
Yeah, we almost need a PKI for a Slack message or something like that, a digital ID of some kind. Obviously, that opens Pandora’s box in many different ways, so there is a lot to figure out there by people above my pay grade.
All right, here is the second prediction.
This one comes to us from the wonderful people at Palo Alto Networks, one of the security platforms trusted by millions around the world.
They talk about data trust in the context of data poisoning.
Here is the prediction for 2026:
A new frontier of attacks will be data poisoning, invisibly corrupting the copious amounts of data used to train core AI models running on the complex cloud-native infrastructure that powers the modern AI data center. Adversaries will manipulate training data at its source to create hidden backdoors and untrustworthy black-box models. This marks a seismic evolution from data exfiltration. The traditional perimeter is irrelevant when the attack is embedded in the very data used to create the enterprise’s core intelligence.
Let us start with you, Eran. What do you make of this prediction around data poisoning, model tampering and adversaries getting down to that level?
Eran Barak
Yeah, again, I think this is real and already happening.
I can tell you that from our customers, and you guys have heard it too, they are really concerned about prompt injection and how you can manipulate different AI models that their employees use on a daily basis. Then that can create backdoors and obviously lead to data exploitation and stealing sensitive information.
It is not just about stealing identity anymore. It is a new frontier, and it is kind of breaking what we have known so far about cybersecurity and technology. We need to think differently about how to secure this stuff.
Landen Brown
Yeah, I agree with Eran that it is already happening.
I do have to draw a distinction in my head, though, between what is consumer and what is business.
From a B2B perspective, when we look at OpenAI, Microsoft, Google, the companies spending billions of dollars in compute, power, talent and infrastructure to train these models, those are the players that seem to be the primary targets for something like this.
Until technology changes, I do not think many enterprises are training their own models. They are taking pre-vetted models off the shelf, hopefully. So this kind of prediction, while it has some basis in truth, almost feels like fear aimed at organizations over something they cannot really control.
It would be like not buying a cell phone because you are worried it might make your ear too warm. You are not building the cell phone yourself.
I also have kind of an intimate relationship with this thought because I saw certain consulting firms in the industry, which I will leave unnamed, selling services when Copilot became a big topic in the enterprise. They were selling “red team Copilot” engagements for huge sums of money.
At the end of the day, the enterprise does not control whether Copilot is secure from a model-level prompt injection perspective. So they were basically farming money for something that was not materially improving the organization’s posture.
I do not want to say Palo Alto is intentionally fearmongering, but I do think this is a problem for very big tech corporations to solve. It will impact us all if it is not addressed, but for most organizations it is not directly in their control.
Samuel Hill
I think I follow what you are saying.
Palo Alto is making a prediction about what they think they are going to see. Surprise, marketing teams help make these predictions, and sometimes they point toward things Palo Alto could help solve.
What you are assuming is that the future is going to continue to favor public models, because the large companies like OpenAI have the resources to train them with all the compute, storage and cooling required.
So you are assuming that is going to be more common than organizations training their own models, where they would be more directly susceptible to training data corruption and poisoning.
Landen Brown
Yeah, absolutely.
Back in the day, you might have been more inclined to build your own wagon before manufacturing and sawmills and all of that became standard. But once people started manufacturing wagons, cars and automobiles at scale, it became highly disadvantageous to build your own. You want the one that has been tested, built properly, has a warranty and has shared responsibility behind it.
I think it is the same with machine learning models.
Now, there are some caveats with RAG-based architectures where people are augmenting existing models with their own data. But at that point, I think it just becomes a foundational cybersecurity concern: are you protecting your data?
Samuel Hill
Yeah. Eran, anything you want to add to that?
Eran Barak
Yeah, Landen made a good point.
The model-building wave is somewhat behind us already. These models have already been developed, and you are not going to see a lot of new players or startups coming into that area because it is a big enterprise game now. It is Microsoft, OpenAI, Google.
But to Landen’s point and yours, Sam, you can still manipulate these LLMs and poison them. That is why we need to work together with these big enterprises as smaller companies or mid-sized companies, and make sure we can trust these models even when they are trained on specific datasets.
At the end of the day, the bottom line is still data exploitation and stealing IP and so on.
Samuel Hill
Yeah, it is all about the data. AI models are fairly useless without data being input into them that they can train on or work with in order to get their jobs done.
Okay, the last prediction before I get to hear what you guys have to say for 2026.
This one comes to us from SecurityWeek, and they talk about security teams being measured on business enablement, not tool count.
Now, I am not sure security teams were ever truly measured on how many tools they owned, but maybe it is more of a checkbox way of asking whether you have a tool that covers each aspect of cybersecurity.
Here is what they say:
Security teams will be under pressure to do more with fewer people and fewer tools. Tool sprawl will be recognized as a liability, not a strength. Success will be measured by how well security enables the business rather than how many alerts it generates. This will drive consolidation around platforms that provide visibility across identity, endpoints and user behavior while integrating tightly with data lakes and analytics stacks. Security leaders who can articulate risk in business terms and reduce friction without increasing exposure will emerge as true strategic partners.
Landen, we will start with you. What do you think of this prediction?
Landen Brown
Yeah, I think it is happening now, but I also think it is still a good prediction because it is only becoming more true over time.
Tool sprawl is a liability, and it will continue to be recognized that way.
At the same time, we are in a rapid age of innovation, and technology is allowing us to consolidate capability. Some of that is being driven by agentic AI. It is pushing us toward a reality where identity is king, and data is essentially our attack surface.
So managing identity, authenticity and that data attack surface becomes the foundation.
I think this is a pretty expected prediction, and honestly, I think it is pretty spot on.
Samuel Hill
And how about you, Eran?
Eran Barak
Yeah, I think again, to your point, Samuel, tool sprawl has always been there.
I have been in security for more than two decades now, and I am not sure that part is new. Obviously, as a CISO or CIO, you do measure how many tools you have and the impact they make.
But I think the more dominant part of this prediction is the business outcome, and I agree with that.
At the end of the day, the job of security, the CISO and the CIO is to enable the business, not block it. While you want to make sure you are still secure and operating safely, you do want to measure security teams and leaders on business outcomes.
If I block an organization from reaching its goals just in order to be secure, that is not success. It is a fine line. You need to find the right balance between staying safe and enabling the business.
Business outcome is very important to every organization in the world. So yes, this is quite spot on, and we will see it more and more as part of the KPIs of CIOs, CISOs and security teams in the next few years.
Samuel Hill
They have been talking about that forever, right? Security leaders who can articulate risk in business terms so their counterparts on the executive team, the board and others who provide oversight can understand it.
I really do think that is coming to a head in a lot of ways.
So I think this is a fairly safe prediction, and I do not think any CISO loves tool sprawl. If they can accomplish the task with a more streamlined set of tools, they would prefer that.
But okay, guys, now it is time for us to draw a line in the sand and make a claim. We are going to put our names on the line for what we think is going to happen next year in 2026.
This is our opportunity here at MIND What Matters to make our 2026 predictions.
I will go first.
I think next year we are going to see a record number of AI initiatives launched across organizations. Thousands and thousands of AI initiatives will start, and most of them will fail.
That is my prediction for 2026. I think we will see a rough equivalence between the number of initiatives started and the number that fail.
The simple reason is that we are still at a highly iterative point in AI use cases and AI initiatives. We keep hearing about all the wonderful advances and things that can happen for business, and I think most of those will probably end up being true. But I think we are still a few rounds of experimentation away from truly useful and effective specific applications.
So that is my prediction for 2026: companies are going to start AI initiatives, and most of them will fail.
What do you guys think of that?
Landen Brown
I think you are right, Sam.
I think back to my time doing consulting in the early era of the AI boom. There was all this talk about transparent AI, responsible AI, ethical AI and explainable AI. That all came from the belief that organizations would be training models themselves, and there were valid use cases for that in the early days. Some big medical companies were trying it for diagnosis use cases and things like that.
But at the end of the day, many of those companies that invested massive amounts of time and money into building responsible AI programs just ended up adopting Microsoft Copilot.
So how much was that investment really worth, other than educating people on what AI is, which does have value to some extent?
I think there has been an overinvestment and an overprepared state in some organizations. In some cases, it is becoming a sunk-cost fallacy around AI adoption.
I think things could be a lot simpler. So yes, I agree. There is going to be a lot of AI activity, and a lot of it is going to fail, and then it will settle back down into a more natural and practical order.
Samuel Hill
And what do you think, Eran? Am I completely out to lunch here, or do you see a path for this being true?
Eran Barak
No, no, I think you are spot on.
And I also have my own opinion when it comes to AI agents. There is obviously a lot of hype around them. I do think, as you said, Sam, the technology is not quite there yet when it comes to more complex reasoning and action by agents that can mimic human thinking.
I think AI is very good when you narrow down the workflow of these agents. That is where they will be very effective, especially in 2026 when we will see more and more of them.
I can tell you, for example, I read just a week ago about Amazon creating almost 2 billion agents from July 2025 until today, which saved a lot of money in fraud, returns and things like that. But again, you see that these are narrower, more dedicated and repeatable tasks.
So I agree with you, but at the same time we will definitely see more projects and more initiatives around AI.
Samuel Hill
Well, that brings us to your prediction, Eran. Why do not you tell us what your prediction is for 2026?
Eran Barak
Yeah, I think my prediction is just doubling down on what you said. We will see more AI agents, one hundred percent.
I mentioned that 2 billion number, but the fascinating thing is that I predict, and maybe it is already happening, that you will see more and more of these agents running locally on endpoints, on the devices of employees themselves, not just in the cloud.
The reason is that new technology is coming out, like tools similar to Cursor and others, where developers and employees can create their own agents running locally.
That is quite scary when you zoom out and think about it. These agents, when I ask how they are identified from an identity perspective, at the end of the day, they are not. How do I know whether it is Samuel or Landen or one of their hundred agents doing the work right now?
There are many ways you can validate that, but I think this is where I see room for innovation. If we speak specifically about data and MIND, how do you really get a grip on how many agents there are, what they are doing, what data they are creating or touching, and how you distinguish between human, non-human and AI agents?
I think that is where the market is going to be in 2026, and we as a company need to be there with a very innovative solution.
Landen Brown
Yeah, Eran, that makes me wonder, outside of security, what the operationalization of extensible agents is going to look like in the future.
It makes me think of back in the day when we had to do repeated tasks on an endpoint. We would have to set up a cron job or a scheduled task in Windows. If we wanted specific software, we could not always just get it because things were managed by Group Policy or SCCM. But sometimes I could go to the SCCM store and download the application I wanted, right, that had been approved by the organization.
It makes you wonder if there is going to be some kind of build-an-agent box on a machine, almost like SCCM, where you can say, here is the task I want to do, and I am going to build an agent that is approved by my organization. It sits on my computer as a running process, but we are giving those tools to the user.
One thing we learned through consulting on AI adoption is that AI is hyper-specific to the user. It is very hard to create generically good agents. They are highly tailored to a specific task and a specific user’s need.
So do we give users the ability, kind of like a software store in the organization, to build their own agents through approved guidelines and then let them run?
And if that is the case, how do we secure that? I think to your point, Eran, security tools are not ready to manage that level of activity if we let users go do some of those things.
Eran Barak
Correct.
Samuel Hill
But I think you are seeing that from some of the big SaaS providers too. Salesforce is offering agents for all sorts of business use cases.
I know you are talking specifically about endpoints, but I think there is a comparable trend in SaaS.
Eran Barak
Yeah, but that is the big difference.
These agents running in SaaS can, in a way, be more managed by those big companies. It sounds counterintuitive, but it is easier for them to control.
When I give every employee in my company the ability to create their own agents, and I have no clue what they are doing, that is a very different problem. It is going to require much deeper technology to secure them.
Samuel Hill
That is a fantastic point.
All right, Landen, round us out with your prediction for 2026.
Landen Brown
Yeah, when we look at agentic security and agentic AI, I kind of feel like, at some foundational level, you can treat an agent a little bit like an application.
And I think even with the rise of traditional applications, containerized applications and cloud-based applications, we saw a heavy focus for about two or three years on application and container security.
We saw Wiz explode. We saw Sysdig, Aqua, Chainguard and a few others really take off. Then they started to shift and incorporate much more of a data-security focus.
My prediction is that everything keeps coming back to data.
I think data security as a market category, as a budget line and as a CISO priority, is going to overtake application security tenfold in 2026 because AI consumes everything. AI consumes all data.
At the end of the day, data becomes the entirety of our attack surface and what we are trying to protect.
I think there are two key elements in 2026. One we have already seen is that identity is key. But I think data overtakes all other security priorities outside of that.
So I think we are going to see a large focus on identity, authenticity and data as the attack surface in 2026.
Samuel Hill
All right, so to summarize our predictions for 2026:
We are going to see a lot of AI initiatives start across many organizations for specific business imperatives and goals. Most of them will fail, but we are going to keep iterating and innovating through that process.
There is going to be a rise of agentic AI specifically on the endpoint, almost like an agentic AI store, if you will, to hyper-enable productive employees. But this is going to potentially break security as we know it today, so there will need to be an incredible amount of innovation to keep up.
And finally, data security is going to surpass application security and perhaps become foundational alongside identity for overall enterprise security.
Those are some fantastic stakes in the ground for 2026. We will revisit this next year and see. Maybe we will all be wrong about absolutely everything, and that would make for a very fun podcast episode.
But guys, as we wrap up today, this has been an awesome conversation and I really appreciate it.
We are going to close with: what did you learn today?
Eran, we will start with you. What did you learn today?
Eran Barak
I will go back to the first section of our podcast, the fact versus fiction part.
I think that is where I learned something about different cultures, Spain, Japan and others. So yeah, I will take that. Thanks for educating us on fact versus fiction when it comes to those traditions.
Samuel Hill
And also learning that you cannot trust every word that comes out of my mouth. It might not be true.
Landen, what did you learn today?
Eran Barak
That is rude too. That is rude.
Landen Brown
You know, I would say through the beginning of our conversation in jest around holiday traditions, maybe I learned that Americans do have traditions. They are just not beating logs and making them poop candy. It is more about simply having fried chicken available at all times.
So maybe our traditions just look different from the rest of the world.
Samuel Hill
Not a problem there.
And you know what? I will go beat fried chicken out of a log if that makes everybody happy.
I think what I learned today is the importance of trust, but verify, in some ways. So I will be performing retinal scans for my in-laws when they enter my house for the holidays to make sure they are exactly who they say they are, and all gifts opened by my children will have a seal of authenticity to make sure that it is actually the remote-control car or whatever my preteen daughter asked for for Christmas.
So that is what I learned today, and we will take that forward into this wonderful holiday season.
Eran, Landen, I hope you have an absolutely joyous and festive holiday season filled with people you love and care about, food and all of the celebrations. Warmest greetings for this season.
And for all of you watching and listening, may your holiday season also be blessed, and may you enter 2026 with a sense of purpose, passion and focus so that you can mind what matters.
For Eran Barak and Landen Brown, my name is Samuel Hill, and that is all for now.
