David Stonehill, CTO, NetLib Security offers his insight into what 2026 will hold for us in the way of AI scams.
By 2026, AI-generated scams and phishing will be virtually indistinguishable from legitimate apps, storefronts, and communications making detection alone unreliable. App developers will need to design for breach resilience using MFA, passkeys, AI-driven security testing, and strong data-at-rest encryption that ensures stolen data remains unusable. In an AI-first threat landscape, encryption becomes a core architectural requirement, not just a feature.
How did we get here? Quickly! We've been watching the growth of large language models for almost a decade, but this year, especially with the popularity of Sora and Google's Nano Banana, we've also witnessed the explosion of LVMs, or Large Visual Models. The combined language and visual models, or VLMs, has made the creation of "AI slop" easily accessible to the general public.
Unfortunately, once anyone can create AI images and text, so can the hacker and criminal community.
What is the potential threat of "undetectable" AI generative content? Here are a few predictions of what we're likely to see in 2026 - and trends we have already started to see in 2025 - such as retail scams.
Retail Scams. We are just beginning to see the introduction of online consumer oriented retail scams online. Nearly everyone is comfortable purchasing online - in 2024, in-store retail sales increased 0.93% while e-commerce sales increased 8.64% according to CapitalOne. But a new phenomenon has emerged: fake online store "personalities" can now be generated with VLMs and LVMs. You may believe that you're purchasing from a mom-and-pop store - but the actual merchandise is drop-shipped from China, and may be of a very lower quality, if you receive any merchandise at all. You've checked the online reviews and the ratings but in reality, those are just fake ratings.
Fake Ratings. Not that long ago, we trusted well-written reviews. Reviews that were grammatically correct and of high quality distinguished themselves from poorly written mass-produced fake reviews. Unfortunately those days are over. AI has the ability to compose elegant prose, describing the quality of a product, even though the AI has no firsthand experience with the purchase. But once you've purchased from a scammy retail store based on fake ratings, criminals have your email address, which they are much more likely to target with high quality phishing emails.
High Quality Phishing Emails. As with email e-commerce scams, phishing emails look better than ever due to AI. And this is not only a threat to you individually, but also to your entire organization! Phishing emails may be the number one security risk to any organization that relies solely on single factor authentication - essentially a username and password. But even if criminals find a way to log into your systems, they may or may not be able to use the data they find there. That's where we turn to some good news.
Increased Use of MFA and Passkeys. Many companies and websites are requiring multi-factor authentication, and it's so important that the public become accustomed to their usage. They have to be simple to set up (they are not always!) and built into your laptop, phone, or watch. You shouldn't have to struggle to set up 2FA or MFA. Grandma should be able to do it. Especially grandma! That's because MFA can render those phishing emails useless.
Data At Rest Encryption. This is a trend that must continue. Even when hackers penetrate peripheral defenses, they may not be able to use, sell, or blackmail companies with the data they find. Why? Because when you encrypt files on your disk, copying the files to another location renders them useless. You can't decrypt those files unless you have the right keys and the encryption software. And if you really want to protect your data, lock your keys to the hardware that the files reside on.
Using AI To Our Advantage. We like to warn everyone about the dangers of AI generated scams and phishing schemes. But there are also great uses for artificial intelligence that the security industry can use to thwart attacks. AI-powered pentesting tools can identify patterns, anticipate likely attack vectors, and even simulate complex, multi-stage attack chains that would take human testers days to investigate. Unlike traditional automated pentesting, which offers only shallow, surface-level results, AI-driven testing provides a much deeper and more sophisticated analysis of an organization's security posture.
They say that if you predict tomorrow's weather will be just like today's weather, you'll be right 70% of the time! So there's a good chance that the problems in security that we're encountering today will be similar to those we'll run into in the future. But what about that 30%? What will happen that we can't foresee?
If there's a big crash in AI stocks or investment, will that significantly change the security outlook for 2026? Probably not. The technologies that are disrupting the security industry are well-established. And so are many of the solutions! We just need to implement the best ones, like encryption, because those defenses are not optional.
NetLib Security has spent the past 20 years developing a powerful, patented encryption solution that starts by setting up a strong offense which can be managed from anywhere in the world, across every environment where your data resides: physical, virtual, and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place. You can simplify your data security needs by utilizing Encryptionizer to satisfy your security requirements quickly, and with confidence.
Address:
1855 S Ingram Mill Rd
STE# 201
Springfield, Mo 65804
Phone: 1-844-277-3386
Fax:417-429-2935
E-Mail: contact@appdevelopermagazine.com