2026 is shaping up to be the year AI fundamentally shifts the balance between attackers and defenders. Security researchers report that threat actors are routinely using AI coding tools to write malware in unusual programming languages — Nim, Zig, Crystal — specifically because traditional antivirus scanners don’t recognise code that looks nothing like older threats. More strikingly, 28% of newly disclosed vulnerabilities are now being actively exploited within 24 hours of becoming public, compared to the months or years it used to take attackers to build a working exploit.
For everyday users, this means the window between “a new flaw is discovered” and “criminals are using it to break into devices” has collapsed from months to hours. Software you haven’t updated in even a week could already have attackers targeting it. The advice hasn’t changed — keep your devices and apps updated, turn on automatic updates wherever possible — but the stakes of ignoring that advice are now much higher, much faster.