Gartner has flagged four urgent threat areas that cybersecurity leaders must tackle now: deepfakes, AI application compromise, prompt injection and software supply chain attacks.
The firm says attackers currently hold the advantage in all four, making them “critical and unpredictable” risks for 2026 and 2027.
Threats moving to the top
Source: Gartner (June 2026)
Gartner VP analyst John Watts said the growing volume of frontier AI security initiatives is adding “significant noise” to an already noisy threat landscape. His message for CISOs was clear: organisations must learn to separate genuine threat signals from the surrounding hype and vendor activity.
AI application compromise has become a priority because production-ready AI tools now sit inside public-facing and internal systems, often connected to third-party integrations and employee-only applications.
Gartner says this expands the attack surface well beyond traditional software, exposing credentials and sensitive data where controls are weak.
Deepfakes and identity risk
Gartner also warned that deepfakes have become more accessible, more realistic and more difficult to detect across voice, video and images.
That creates fresh risk for biometric authentication, real-time social engineering and even recruitment fraud. Watts said there is “no one cybersecurity control” that can solve the problem, adding that organisations need layered defences combining stronger processes, awareness and detection tools.
The advice is to go beyond deepfake detection alone and harden business workflows, online meetings and identity verification processes.
Gartner recommends conditional access policies, improved call metadata analysis and stronger presentation and injection attack detection for biometrics.
AI systems under attack
Prompt injection is another high-priority threat, especially as enterprises deploy large language models and agentic tools into workflows. Attackers can manipulate prompts to make systems reveal confidential data, take unauthorised actions or bypass controls.
Gartner says defenders should combine input filtering, monitoring for abnormal behaviour, strong system prompts and AI-specific testing throughout the development lifecycle.
In AI application security, Gartner points to its TRiSM framework, which helps teams embed threat mitigations directly into development. It also recommends purpose-based access control, stronger data classification and runtime monitoring to limit misuse once applications are live.
Software supply chains
The fourth threat is software supply chain compromise, which Gartner says will accelerate as GenAI increases reliance on open-source components and third-party code.
Watts urged organisations to demand SBOMs and AIBOMs from vendors, harden CI/CD pipelines and use curated repositories for code, containers and AI models. He also called for signed builds, least-privilege access and runtime monitoring of agentic tools.
A useful third-party trend comes from the broader security market: Gartner’s warning aligns with a wider industry shift towards securing machine identities, AI pipelines and digital trust, rather than only defending human users. That reflects how fast AI is turning conventional cybersecurity into a control problem around access, provenance and behaviour.
