Predictions 2026: Amid proliferation of AI, data integrity, resilience and recovery to remain in focus
AI significantly accelerates the pace of attacks and expands the attack surface that malicious actors leverage. There is an increased urgency for CISOs to adopt an “assume breach” mindset and prioritise ensuring data integrity and recovery. When an attack occurs, the time to get a business up and running is the critical metric. However, in 2026, the new imperative is to ensure data integrity and the ability to recover to a verified, clean point quickly.
AI tools can rapidly generate malware and exploit known vulnerabilities. Organisations must pivot to recovery strategies that utilise integrity validation and isolated “cyber vaults.” The recovery strategies will guarantee the restored environment is free of malicious code, making robust recovery engines a necessity, not a convenience.
By the end of 2026, two key trends define India’s digital landscape:
1.Universal DPDP Enforcement: The Digital Personal Data Protection (DPDP) Act is fully enforced across all industries. Critically, AI systems that process or infer personal data are explicitly Governed by the Act, mandating “privacy-by-design” and comprehensive algorithmic accountability.
2. Controlled AI adoption surge: India experiences a significant increase in AI deployment, primarily in digital payments and large-scale enterprise automation.
The scaling is strictly regulated and features: Controlled Deployment: Widespread use of regulatory sandboxes and mandatory impact assessments for high-risk AI.
Local LLMs: A decisive shift toward deploying localised Large Language Models (LLMs) to ensure data sovereignty, cultural context, and legal compliance for agentic AI across the country.
Identity security: Identity-based attacks will dominate CISO investments
The scale of non-human identities in the AI era will become a critical vulnerability. Attackers continue exploiting the labyrinth of non-human credentials; however, in 2026, they’ll achieve full-system compromise.
A recent survey (zerolabs.rubrik.com /reports/the-identity-crisis) revealed that 89 per cent of organisations plan to hire professionals in the next 12 months specifically to manage identity security. Identity infrastructure will become more critical than the data infrastructure it protects.
The great AI sprawl
The proliferation of AI agents is creating the “great AI sprawl,” forcing IT and security teams to reconcile rapid deployment with system control. The dynamic will necessitate a governance renaissance in 2026 and immediate, focused investment to bring agents into production safely and at scale.To achieve production-grade agent deployment, organisations must rapidly implement monitoring and governance controls to ensure visibility into which applications or data agents are accessing and that they adhere to corporate policies. Inevitably, agents will make mistakes, and they will need to have remediation strategies in place.
Organisations will need to overhaul their current IT and security workforce management. In 2026, heavy investment in robust security and governance systems will be essential to monitor, control, and remediate agent output.
The convergence mandate: Multi-cloud chaos forces unified control plane or enterprise extinction
In 2026, the myth that native cloud tools are sufficient collapses as organisations recognise their siloed multi-cloud environments are severely slowing down cyber recovery. Using multiple native backup tools leads to long restoration times and frequent emergency migrations.
Recovery speed will become the only metric that matters as a unified multi-cloud platform transforms from a convenience feature to a non-negotiable survival requirement. The most resilient organisations will consolidate control under a unified plane, recognising that identity is the central hub for their entire multi-cloud data environment, demanding the seamless integration of identity security with data protection. (Rubrik is US-headquartered Security and AI Operations Company that leads at the intersection of data protection, cyber resilience, and enterprise AI acceleration.)
Writer is a Co-Founder and Chief Technology Officer, Rubrik; views are personal
