News brief: Future of security holds bigger budgets, new threats | …

As 2025 nears, the security community is of two minds: buoyed by signs of stronger investment and technological breakthroughs, yet wary of how the same innovations could supercharge adversaries. This week’s roundup from the Informa TechTarget team captures that tension, spotlighting rising cybersecurity budgets, growing concern in Washington over AI-driven attacks, and an emerging class of cyber-physical risks as humanoid robots edge closer to mainstream use.

In the SOC, agentic AI could be both relief and risk

Security operations centers are feeling the squeeze of persistent staffing gaps, alert fatigue and a relentless threat tempo. Enter agentic AI — autonomous or semi-autonomous systems capable of triaging alerts, correlating signals across tools, and even orchestrating response playbooks. For chronically overstretched SecOps teams, these capabilities promise real productivity gains and faster mean-time-to-detect and respond.

But defenders aren’t the only ones poised to benefit. The same AI building blocks that improve analyst workflows can empower threat actors to industrialize everything from phishing and reconnaissance to lateral movement. Early demonstrations of autonomous attack chains underscore the risk: models that can write convincing lures, generate malware variations, and adapt tactics mid-operation reduce the cost and skill barrier for attackers. The net effect is a higher-velocity threat landscape that compresses defenders’ decision windows.

Budgets are set to rise — and with them, expectations

Looking to 2026 and beyond, many CISOs will welcome signals that cybersecurity budgets are climbing globally. The trend reflects a maturing executive view that cyber-risk is business risk — one that touches brand, revenue, compliance and operational resilience. Increased spending is likely to flow into security operations modernization, identity and access management, cloud posture and data protection, as well as the tooling and talent required to wield AI responsibly.

More money, however, brings higher expectations from boards and regulators. Security leaders will need to translate investment into measurable outcomes: reduced exposure, faster incident response, simplified architectures and tighter governance around third parties and AI models. The winners will be programs that convert budget into automation and alignment — consolidating overlapping tools, hardening identity-first defenses, and using AI where it amplifies human judgment rather than replacing it.

Washington warns: Federal defenses lag AI-enabled threats

A bipartisan chorus in Congress is sounding the alarm that the U.S. government is not fully prepared for a surge in AI-enabled attacks. Lawmakers point to gaps in readiness, from workforce and procurement to testing and red-teaming of AI systems. Their concern is straightforward: adversaries are moving quickly to weaponize generative and agentic AI, and public-sector defenses must adapt at the same pace.

Expect pressure for clearer standards on AI security testing, increased funding for cyber talent, and mandates to harden critical infrastructure against autonomous exploitation. Agencies will also be pushed to adopt secure-by-design AI practices — from data provenance and model governance to continuous monitoring — to reduce the risk of model manipulation, prompt injection, and automated social engineering at scale.

Humanoid robots: nearer than expected, with cyber-physical stakes

Experts increasingly believe that humanoid robots will be present in workplaces and public spaces sooner than many expect, capitalizing on advances in locomotion, dexterous manipulation and embodied AI. While the potential benefits are compelling — from logistics and manufacturing to healthcare and eldercare — their arrival widens the attack surface.

Unlike traditional IT assets, humanoids blend software, sensors, networking and actuators in systems that can physically affect the world. That raises the stakes of compromise: a breach could mean safety hazards, privacy violations via onboard cameras and microphones, or misuse as mobile platforms for reconnaissance and access. Anticipated vulnerabilities span insecure over-the-air updates, supply chain tampering, weak identity for components, and inadequate segmentation between control systems and external networks.

Security-by-design must be non-negotiable. Vendors and operators will need rigor around secure boot, hardware roots of trust, signed firmware, real-time anomaly detection, and fail-safe behaviors. Just as importantly, transparency about bill of materials, third-party libraries and model training data will be essential to assess and manage risk across the robot lifecycle.

What to watch through 2026

• AI in the SOC, but guardrailed: Expect wider deployment of agentic assistants for analysts, paired with strict human-in-the-loop controls, auditability and red-teaming of AI workflows.
• Board-level metrics that matter: CISOs will be pressed to show quantifiable reductions in attack paths, identity risk and time-to-containment, not just tool adoption.
• Policy acceleration on AI defense: Look for new federal guidance, procurement requirements and funding aimed at AI security testing, workforce growth and critical infrastructure resilience.
• Cyber-physical hardening: Sectors piloting humanoid robots and other autonomous systems will invest in safety engineering, zero trust for devices, and incident playbooks that bridge IT and operational teams.

The bottom line: The security horizon holds bigger budgets and smarter tools, but also faster, more automated adversaries and new classes of cyber-physical exposure. Organizations that move now — embracing AI with discipline, measuring outcomes, and designing for safety at the edge — will be better positioned for the threats and opportunities arriving by 2026.