Skip to main content

The WeRX Brands  |  StrategyWeRX  | WeRX.Marketing  | MentorWeRX  | ProsperWeRX

Your cart is empty :(

Cybersecurity Threats to Watch Out For: Summer 2026 Update

Your business faces cybersecurity threats from everything from outdated software to prompt injection attacks. Here are the threats to tackle in Q3-Q4 2026.

Written By: John O'Hara
Originally Published: 10 July 2026
Last Updated: 10 July 2026

When it comes to cybersecurity threats, 2026 has featured a mix of old and new, with one particular new threat ramping up in the second half of the year. Weak and recycled passwords, failure to set up 2FA, phishing emails and text scams, and out-of-date software are still the main threats to your business.

While we’re still playing all the old hits, there is a new tune that will be playing everywhere in the second half of 2026: artificial intelligence. The threat that AI will replace every white-collar job hasn’t borne fruit, but it has certainly 10X’d hacker and scammer productivity this year. The main cybersecurity threats we’ll have to deal with in 2026 have to do with AI, but there are some other threats to stay aware of.

Microsoft Ends Support for Windows 10

Microsoft ended support for Windows 10 back in October, 2025. If you are still using Windows 10 devices, either update to Windows 11 or subscribe to receive continued updates. Yeah, it’s not a great move by Microsoft to charge us for continued Windows 10 support when Windows 11 is still so full of issues, but those are your options if your business is running Windows. The other thing to be aware of is that Windows Server 2016 extended support is scheduled to end on January 12, 2027. Outdated software is at a higher risk for attacks, so keep your OS up to date, as it’s the most important piece of software on your computer.

Even If You’re Not Using AI, You’re Probably Using AI

Just about every piece of business software today has some form of AI in it, whether it’s standard machine learning or a large language model (usually in the form of a chatbot). So even if you’d rather take a more cautious approach to AI implementation, it’s hard to know which parts of which apps to use or avoid, if they’re even possible to avoid.

Understanding and addressing AI cybersecurity threats presents a new set of challenges to your business. Working with reputable software developers and vendors has always been important, but it’s even more important today, in the era of AI generated code and LLM “wrappers” (apps that add a custom interface to someone else’s AI model), to do your due diligence and inquire as to how and where AI was used in the development of a product.

Before adding a new piece of tech to your stack, confirm whether the code was written by a software engineer or by an LLM like Claude Code. If the code was AI generated, confirm that it was thoroughly vetted by a software engineer and that the code can be easily updated and patched whenever necessary.

In general, only work with software vendors that have experience and a track record of successful implementations, satisfied customers, and financial stability that they can point to, reassuring you that they won’t just disappear overnight.

Unsupervised, Unfocused Use of Agents

It’s not just shoddy vibe-coded software you have to worry about. Your own employees’ use of generative AI tools can harm your business. New, unproven tools come with new, unprecedented risks. We’ve seen multiple reports of agents deleting files even after being specifically told not to delete files. While they are being touted as coworkers and replacements for employees, these are tools that can cause more harm than good if given free rein to make decisions you would normally entrust to a reasonable and experienced person. At least when people make mistakes, they make mistakes in predictably human ways and can be taught the right way to do things. AI errors are unpredictable, so make sure there is a knowledgeable employee in control.

Prompt Injection Attacks

Another danger of large language models is the prompt injection attack. A prompt injection is a way for a user to bypass a chatbot’s safety protocols. For example, say you want to learn how to create malware or a virus, but the chatbot’s guardrails prevent it from answering the question. So you word your question in such a way that it subverts or bypasses these guardrails and you get the response you’re looking for.

The most likely way hackers would try to use AI to harm your business is through indirect prompt injections. In an indirect prompt injection attack, the person doing the prompt injection isn’t the person using the chatbot, but a third party. For example, let’s say you receive a long email from what seems to be a client or coworker. Unbeknownst to you, the email is actually from an attacker who has included text in the message that you can’t see (i.e. the text is the same color as the background).

This text contains malicious instructions for an AI tool to follow, so if you use AI to summarize the email, that text—the prompt injection—will tell the AI to do any number of things that can harm your computer or your business. It might, for instance, instruct the AI to forward all emails to the attacker, giving them access to private information. If the AI has access to any AI agents you’ve deployed, the results could be even more catastrophic, giving the attacker access to passwords and bank accounts as well as the ability to perform tasks within your systems.

This kind of attack doesn’t just happen via email; a shared Google doc you thought was from a trusted source could also contain hidden malicious instructions. As generative AI makes its way into nearly every SaaS platform, users have to be increasingly aware of what these tools are doing and what they have access to.

Email Fraud

Scammers don’t need access to these high-tech tools as long as they can fool employees into thinking fraudulent emails are legitimate. You’ve probably already noticed an increase in spam emails appearing to be completely legitimate messages from coworkers or trusted businesses. It is crucial that you train your employees to recognize these scams, be skeptical of every email they receive, and, most importantly, to never click a link or download an attachment in an email without first confirming that the link or attachment is safe.

Stay Safe Through Caution, Deliberation, and Strategy

The way AI is marketed has generated a great deal of FOMO throughout the business world. Businesses everywhere are rushing to adopt the technology, afraid of being left behind, without first learning how the technology works and what its strengths and weaknesses are. It’s important not to succumb to this fear of missing out and approach new technology the same way businesses always have: through caution, deliberation, thorough research, limited testing and pilot programs before company-wide rollouts, and, of course, a strategic foundation.

Before implementing any new software, whether it’s a shiny new AI agent or a boring old SaaS suite, understand why you need it, how it fits into your strategy, how it helps you achieve your goals, and how you will measure whether or not the implementation has been successful. As if wrapping our heads around cloud computing and software as a service wasn’t difficult enough in the 2010s, artificial intelligence introduces another level of complexity to strategy. To get started on your own AI implementation strategy rooted in rationality and results, check out Straight Talk: The No-Nonsense Guide to Strategic AI Adoption, available from the sidebar on the right (or at the bottom of this page on mobile) or wherever you buy your books online.

Are You Ready to Do Better Growth Management?

MentorWerx is all about growth strategy and management. That means giving you the tools you need to develop sound strategies, structure your organization to lay the track ahead of the train, and implement the tools you need to grow. Ready to learn more about how we do that? Book a free consult and bring your questions. See if you like working with us on our dime, and get some good advice in the process.