Kiteworks | Your Private Data Network

Enabling Zero Trust Data Exchange in One Platform

Free Trial EXPLORE KITEWORKS
Home > Security and Compliance Blog > Cybersecurity Risk Management > Google’s 2026 Cybersecurity Forecast Has a Message Nobody Wants to Hear: Your Biggest Threats Are Data Movement Problems

Google’s 2026 Cybersecurity Forecast Has a Message Nobody Wants to Hear: Your Biggest Threats Are Data Movement Problems

by Patrick Spencer updated February 25, 2026 Cybersecurity Risk Management
Reading Time: 10 minutes

Google Cloud Security just published its Cybersecurity Forecast 2026, and the message is blunt. The threats that will define this year — AI-powered attacks, ransomware at industrial scale, nation-state espionage, hypervisor targeting, on-chain cybercrime — share a common thread that most organizations are ignoring.

They are all data movement problems.

Not endpoint problems. Not perimeter problems. Not awareness problems. The report, built on frontline intelligence from Mandiant, Google Threat Intelligence, and Google Cloud’s Office of the CISO, makes a consistent case across every section: the most dangerous threats in 2026 exploit how organizations move, share, and exchange sensitive content. And the organizations that don’t treat content exchange as a first-class security domain are going to get hit hardest.

Here is what matters, what the report actually says, and what it means for anyone responsible for keeping regulated data safe.

5 Key Takeaways

1. AI Agents Are the New Shadow IT — and They’re Already Moving Your Sensitive Data

Google expects AI agents to become fully autonomous participants in enterprise workflows by 2026. That means every AI agent touching your environment is a potential exfiltration path for regulated data — ePHI, PCI, ITAR, CJIS. The report warns of “Shadow Agents” creating invisible, uncontrolled pipelines for sensitive data. Organizations that can’t track which agent accessed which file, under which policy, and with whose approval are flying blind on compliance.

2. Managed File Transfer Is Now Ground Zero for Ransomware

The report explicitly calls out managed file transfer (MFT) software as a primary vector for high-volume data exfiltration across hundreds of targets simultaneously. Legacy MFT platforms have become a systemic weak link. With 2,302 victims listed on data leak sites in Q1 2025 alone — the highest single-quarter count ever recorded — the extortion ecosystem is operating at industrial scale.

3. Nation-States Are Targeting Your Content Channels, Not Just Your Endpoints

Russia, China, Iran, and North Korea are all running persistent cyber operations focused on edge devices, third-party providers, and cross-border data flows. The fewer uncontrolled channels for sensitive documents, the smaller the attack surface. Organizations exchanging regulated content across jurisdictions — EU to US, APAC, Middle East — face overlapping regulatory obligations that demand governed, auditable data sovereignty and content exchange controls.

4. Hypervisor Attacks Can Destroy Your Entire Digital Estate in Hours

The forecast predicts a significant pivot toward hypervisor and enterprise virtualization attacks. Unlike traditional endpoint ransomware that spreads over days or weeks, hypervisor attacks can render hundreds of systems inoperable in a matter of hours. Configuration backups, engineering docs, operational runbooks, and ERP exports that live outside OT networks become critical recovery assets — and prime targets for exfiltration.

5. Compliance Forensics Are Now a Survival Skill

When a breach happens, regulators want to know exactly what was stolen, from which jurisdictions, and under which data categories. The report makes clear that extortion groups are weaponizing breach notification obligations by dumping personal data. Organizations without detailed transaction logs, policy context, and encryption state documentation face a breach-notification and regulatory-fine nightmare they may never recover from.

AI Agents Are Coming for Your Regulated Data

The forecast expects AI use by adversaries to shift from the exception to the norm in 2026. That includes prompt injection attacks that manipulate AI systems into bypassing security protocols, AI-enabled social engineering using voice cloning for hyperrealistic impersonation, and agentic systems that automate steps across the entire attack lifecycle.

But here is the part that deserves more attention than the adversary side: the enterprise AI agent explosion is creating just as much risk from the inside.

Google describes a coming “AI Agent Paradigm Shift” where organizations rapidly adopt AI agents for executing workflows and decisions. These agents will need their own managed identities, their own access controls, and their own audit trails. The report anticipates the rise of “agentic identity management” featuring just-in-time access and task-specific permissions.

That sounds forward-looking until you read the next section: “Shadow Agent Risk.” By 2026, Google expects employees to independently deploy powerful autonomous agents for work tasks regardless of corporate approval. These agents connect to SaaS platforms, email, storage, and file transfer systems and create invisible data pipelines that security teams cannot see.

The report’s exact language is worth pausing on: these shadow agents create “invisible, uncontrolled pipelines for sensitive data, potentially leading to data leaks, compliance violations, and IP theft.” And banning agents is not a viable option because it only drives usage off the corporate network, eliminating visibility entirely.

For any organization handling regulated data — healthcare, financial services, government, defense, legal — this is a ticking clock. Every AI agent that touches a file containing ePHI, PCI data, export-controlled information, or law enforcement records represents a new exfiltration path. And if you cannot prove which agent accessed which file, under which policy, and with whose authorization, you have a compliance gap that no amount of endpoint security can close.

The answer is not to block AI agents. The answer is to route them through a governed content exchange layer that treats every agent as a high-risk participant: scoped access, content inspection, approval workflows, and immutable audit trails for every interaction. The same controls you apply to external vendors and third parties need to extend to AI agents. Full stop.

MFT Is Now Prime Ransomware Territory

If there is one section of this forecast that should be printed and taped to every CISO’s monitor, it is the ransomware analysis.

Google calls the combination of ransomware, data theft, and multifaceted extortion “the most financially disruptive category of cybercrime globally.” Sandra Joyce, VP of Google Threat Intelligence, is quoted saying flatly: “This problem is going to continue and increase in 2026.”

The numbers back it up. In Q1 2025, 2,302 victims appeared on data leak sites — the highest single-quarter count since Google began tracking in 2020. Incidents in 2025 targeting retail and food wholesale supply chains resulted in hundreds of millions of dollars in total damages.

And then the report says something that anyone running legacy MFT software needs to read twice: “Targeting managed file transfer (MFT) software allows cybercriminals to execute high-volume data exfiltration across hundreds of targets simultaneously.”

This is not a theoretical risk. We have watched it play out repeatedly over the past two years. Legacy MFT platforms sit at the intersection of sensitive data and external connectivity, making them the perfect target for mass exfiltration campaigns. A single zero-day vulnerability in one MFT product can compromise hundreds of organizations in a single wave.

The compliance fallout is just as devastating as the operational disruption. When a legacy MFT platform gets compromised, organizations frequently lack the forensic fidelity to determine which records, jurisdictions, and data categories were affected. That means they cannot scope the breach for regulators. They cannot send accurate breach notifications. They cannot defend themselves in class-action discovery. Every downstream obligation becomes a guess.

The alternative is replacing brittle legacy MFT with a hardened content exchange platform built for zero-day and extortion resilience — one that enforces encryption in transit and at rest for all external file exchanges, applies DLP policies to prevent outbound transfers of protected data categories, and maintains immutable audit trails that survive regulatory investigation. This is not a nice-to-have upgrade. It is a structural response to a structural threat.

Nation-States Want Your Content Channels

The nation-state section of the forecast covers Russia, China, Iran, and North Korea in detail, and each profile reinforces the same theme: these adversaries are targeting how organizations exchange content, not just how they store it.

China-nexus threat actors continue to aggressively target edge devices that lack endpoint detection, exploit zero-day vulnerabilities, and compromise third-party providers to gain access to downstream organizations. Russia is developing advanced capabilities and obtaining strategic footholds within critical infrastructure. Iran is running integrated campaigns that blur espionage, disruption, hacktivism, and financially motivated activity. North Korea executed the largest recorded cryptocurrency heist at approximately $1.5 billion and is expanding IT worker infiltration globally.

The common denominator across all four is the exploitation of content exchange channels: edge devices, third-party connections, cross-border data flows, and supply chain relationships. Every sensitive document moving between a foreign subsidiary, a vendor, a regulator, or a law enforcement agency is a potential target.

For organizations operating across jurisdictions, the regulatory overlay makes this even more complex. Cross-border data transfers implicate GDPR, UK GDPR, PDPA, LGPD, and an expanding web of data localization laws. The report’s focus on nation-state persistence makes a compelling case for consolidating all regulated content crossing borders into a single secure channel with geo-aware routing, encryption enforcement, and auditable policy controls that satisfy both security teams and data protection authorities.

Hypervisor Attacks and the Race to Protect Crown Jewel Data

The forecast’s section on enterprise virtualization is alarming for a specific reason: the attack velocity.

Traditional endpoint ransomware campaigns propagate across a network over days or even weeks, giving defenders time to detect and respond. Hypervisor attacks operate on a completely different timeline. By bypassing in-guest endpoint detection, adversaries can execute mass encryption of virtual machine disks and cripple control planes, inducing enterprise-wide operational paralysis in a matter of hours.

The ICS and OT section compounds this concern. Google expects ransomware operations specifically designed to impact critical enterprise software like ERP systems, severing the data supply chain that OT operations depend on. Meanwhile, poor hygiene around remote access continues to allow common malware to breach OT networks.

When production systems are under attack, the data assets that matter most for recovery — configuration backups, engineering documents, firmware packages, ERP exports, operational runbooks — need to be accessible, intact, and provably uncompromised. If those artifacts live in the same environment that was attacked, they are gone. If they were exchanged with vendors, integrators, or incident response partners through ungoverned channels, there is no chain of custody.

This is where a secure content exchange layer becomes an operations-resilience backbone. Crown jewel artifacts need tightly controlled access, strong authentication, and content inspection for malware before anything reaches OT or cloud environments. And during crisis response, the evidence files, incident logs, and forensic artifacts being shared with IR partners and law enforcement need the same governance to keep privacy obligations intact.

On-Chain Crime Meets Off-Chain Compliance

The forecast’s section on on-chain cybercrime is forward-looking but has immediate implications for financial institutions, fintech companies, and anyone handling cryptocurrency-adjacent data.

Google anticipates that malicious operations may begin migrating core components onto public blockchains, using the full Web3 stack for command-and-control, decentralized data exfiltration, and tokenized monetization. The immutability of blockchain gives adversaries unprecedented resilience against traditional takedown efforts — but it also leaves a permanent, publicly auditable record that can be used for attribution.

The compliance angle is straightforward: as crypto and tokenized assets go mainstream, regulated entities must demonstrate safe handling of KYC and AML documentation, beneficial ownership data, SAR packages, subpoenas, and regulatory submissions. That off-chain data is exactly what attackers want, and it requires the same governed, encrypted, auditable content exchange as any other regulated data category. A unified content exchange platform lets organizations apply consistent retention, legal hold, and jurisdictional routing rules regardless of whether the data arrives via SFTP, web portal, or API.

What This All Means: Data Movement Is the Battlefield

Reading Google’s Cybersecurity Forecast 2026 from beginning to end, a pattern emerges that the report itself does not quite name explicitly.

Every major threat category — AI agents, MFT-centric extortion, on-chain crime, hypervisor targeting, and nation-state espionage — is a data movement problem before it is an endpoint problem. The adversaries are targeting how content flows between systems, organizations, jurisdictions, and people. The regulatory frameworks governing that content are getting stricter, more overlapping, and less forgiving. And the organizations that lack visibility into their content exchange channels are the ones who will be unable to scope breaches, satisfy regulators, or recover operations.

This is not a theoretical observation. It is the operational reality that Google’s own frontline teams are seeing every day.

For organizations that want to get ahead of the 2026 threat landscape rather than react to it, the path forward is clear: treat content exchange as a first-class security domain. Consolidate sensitive file flows through a governed, compliant content exchange perimeter. Apply zero-trust principles to every participant — human users, AI agents, third-party vendors, and cross-border partners. Enforce encryption, DLP, content inspection, and policy-based access controls on every transfer. And maintain immutable, detailed audit trails that can survive regulatory investigation, breach notification obligations, and class-action discovery.

The threats are evolving. The question is whether your approach to protecting data in motion is evolving with them.

To learn how Kiteworks can help, schedule a custom demo today.

Frequently Asked Questions

The report identifies MFT software as a primary vector for high-volume data exfiltration because a single vulnerability in a widely deployed MFT platform can compromise hundreds of organizations simultaneously. Legacy MFT platforms often sit at the intersection of sensitive data and external connectivity with limited security monitoring, making them attractive targets for extortion groups. The report notes that 2,302 victims appeared on data leak sites in Q1 2025 alone, the highest single-quarter count since tracking began in 2020, confirming the industrial scale of these campaigns. Organizations should evaluate whether their ransomware resilience strategy adequately addresses the MFT attack surface.

Shadow Agents are AI agents deployed by employees without corporate approval that connect to enterprise SaaS platforms, email, storage, and file transfer systems. Google’s forecast warns that by 2026, these agents will create invisible, uncontrolled pipelines for sensitive data that security teams cannot monitor. Unlike shadow IT, which typically involves known software categories, shadow agents are autonomous systems that can access, process, and transmit data across multiple systems without human oversight. The risk extends beyond data leaks to include compliance violations and intellectual property theft. Organizations should apply the same access controls and audit requirements to AI agents that they apply to human users and external vendors.

The 2026 threat landscape intensifies compliance pressure across multiple dimensions. AI agents require new approaches to identity and access management with full audit trails proving which agent accessed which data under which policy. Ransomware and extortion groups weaponize breach notification obligations by dumping personal data, requiring organizations to have forensic fidelity to scope breaches accurately. Nation-state operations targeting cross-border data flows implicate overlapping regulations including GDPR, UK GDPR, HIPAA, CJIS, ITAR/EAR, PDPA, and LGPD. Organizations without detailed transaction logs, classification context, and encryption state documentation face compounding regulatory exposure.

A content exchange perimeter is a governed, security-hardened layer through which all sensitive file flows are routed, regardless of channel (email, MFT, SFTP, web forms, APIs). It applies zero-trust principles, content inspection, DLP policies, encryption enforcement, and policy-based access controls to every transfer. By consolidating sensitive content exchange into a single monitored perimeter, organizations reduce the attack surface that adversaries exploit, maintain forensic fidelity for breach scoping and regulatory notification, and enforce consistent compliance controls across jurisdictions, data categories, and participant types including AI agents, external vendors, and cross-border partners.

Based on the forecast’s findings, organizations should take four immediate steps. First, audit all content exchange channels to identify uncontrolled pathways for sensitive data, including shadow AI and shadow agent activity. Second, replace or harden legacy MFT platforms that represent systemic exfiltration risk. Third, establish AI data governance controls that treat AI agents as high-risk participants requiring scoped access, content inspection, approval workflows, and immutable audit trails. Fourth, ensure compliance forensics readiness by maintaining detailed transaction logs with policy context, classification data, and encryption state that can survive regulatory investigation and breach notification obligations.

Additional Resources

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who are confident in how they exchange private data between people, machines, and systems. Get started today.

Schedule a Demo

Table of Contents

Table of Content
Share
Tweet
Share
Explore Kiteworks