Agentic AI as the new insider threat: insights from Thales Data Threat Report 2026

Agentic AI: innovation at the cost of security

According to the fresh 2026 Thales report, the success of enterprise AI initiatives increasingly hinges on consistent, controlled access to proprietary organizational data. However, the integration of agentic operations is compounding stress on management systems. Experts emphasize that as autonomous applications gain access to greater volumes of data, AI effectively becomes a new type of insider threat.

In the age of agentic operations, security practitioners will need to address access, authentication, and authorization on an even greater scale.

The 2026 threat landscape

Cybercriminals are actively using artificial intelligence to scale their attacks, a fact confirmed by a global survey of over 3,100 respondents:

• Attacks on AI: 61% of organizations report that their AI applications are being targeted by attackers, with sensitive data being the leading target.
• Deepfakes: 59% of respondents have already seen deepfake attacks.
• Misinformation: 57% reported that AI-generated misinformation and deepfakes showed the second-highest increase in attacks.

Cloud security and the control gap

Cloud assets remain the number one target for attackers. Respondents identified cloud storage (35%), cloud applications (34%), and cloud management infrastructure (32%) as the top three targets. Despite these risks, the level of protection remains critically low: only 47% of sensitive data in the cloud is currently encrypted.

Key risk factors comparison

Operational challenges

• Human error: Misconfiguration or human error remains the leading cause of data breaches at 28%.
• Tool sprawl: On average, organizations use 7 different tools for data protection and monitoring, which significantly complicates the speed of response.

Technological risks

• Quantum threat: 61% of respondents are concerned about "harvest now, decrypt later" (HNDL) strategies.
• Data visibility: Only 34% of organizations have complete knowledge of where all their data is stored, which is critical for effective security.

Quantum reality

The threat of quantum computing has moved into the category of active risks. In response to the prospect of future data decryption, 59% of companies have already begun prototyping and evaluating Post-Quantum Cryptographic (PQC) algorithms to protect critical trust infrastructure.

Download the full Thales Data Threat Report 2026