As 2026 unfolds, the business world faces evolving technologies, new international conflicts, and growing uncertainty about the economic and regulatory landscape. Cybersecurity threats swim under the currents of all these risks. Maintaining secure network and software environments means staying on top of unpredictable, emerging threats.

In April, the artificial intelligence (AI) firm Anthropic seemed ready to release Mythos, its latest model that marked a significant improvement over existing AI applications.

But then Anthropic withheld the new model from the public, arguing Mythos’ capabilities posed too great a danger to cybersecurity if it fell into the wrong hands. Instead, it gave select technology businesses a sneak preview of Mythos to get a head start at patching undiscovered network and software vulnerabilities that the model identified.

For the rest of the business world, the Mythos story sounded alarm bells. AI has already accelerated cybersecurity threats over the last year, refining and sharpening threat actors skills and methods. If a new model could quickly identify network and software weaknesses, some that had existed for years but went undetected until Mythos came along, then businesses faced new and alarming cybersecurity threats.

What loopholes could the next advanced AI model find that Mythos failed to identify? What vulnerabilities could unauthorized users who have already gained access to Mythos exploit? What if a less responsible developer released an even more powerful model without advanced cybersecurity screening?

Insurers also recognize these new AI-born risks and are beginning to analyze how policies and programs can address them. From that analysis will come new requirements that insureds must meet to mitigate risks and obtain coverage.

AI is not the sole emerging cybersecurity threat. Wrongful data collection claims, particularly those stemming from pixel tracking and other advertising technologies, have posed significant financial risks. Geopolitical tensions give rise to hackers who target government institutions, critical infrastructure, and sometimes businesses — not primarily for money, but to disrupt the enterprise.

Lockton’s 2026 Cyber Threat Report explores new vectors of global cybersecurity threats, how carriers contemplate these risks when underwriting cyber policies and other lines, how regulations have evolved, and how policyholders can better prepare for a rapidly changing cyber risk landscape.