With the use of agent-based AI becoming mainstream, Munich Re has suggested the technology is poised to shape the scope, speed and precision of offensive and defensive cyber measures alike.
The global reinsurer’s recently released report, Cyber Insurance: Risks and Trends 2026, has highlighted a world defined by geopolitical tensions, armed conflicts, and intensifying competition in future-focused industries, alongside an increasingly complex cyber threat landscape that demands decisive and proactive risk management.
The report observed that agentic AI will increasingly be capable of planning and adapting multi-stage operations, exploiting vulnerabilities more effectively, learning from detection responses, and operating with minimal human input.
“Given that AI is already capable of generating deepfakes, realistic domains and websites, and of engaging in hyper-personalised social engineering and phishing, the existing attack surfaces will grow exponentially,” Munich Re’s report explained.
The reinsurer continued, “Consequently, synthetic content and personas, as well as the rising level of misinformation, are expected to further undermine trust.
“Further, AI models themselves will be the targets of attacks and have to be secured. Major attack vectors will include prompt injection and data poisoning, as well as the insertion of malicious data or instructions to manipulate outputs.”
Munich Re’s report also noted that while agentic AI could enhance parts of the cyber kill chain and lower barriers to entry for attackers, the use of autonomous systems could also fundamentally transform cybersecurity.
Risk owners’ views appear to reflect this sentiment. According to Munich Re, their overall perception and expectations of AI are largely positive: only 23% of executives believe it will negatively impact their business, 66% expect a positive impact, and 57% trust companies that use AI.
On this topic, Munich Re concluded, “But despite all this technology, the human factor remains – as a protective factor and potential gateway alike.
“Even with agentic AI, humans won’t be completely replaced. Therefore, some of the current discussions on agentic AI seem to be more like hype.
“From Munich Re’s perspective, our experts expect agentic AI to affect the frequency of attacks more than their severity in the near term.
“Affected types of insurance cover could especially include, system failure and (C)BI, incident response, data restoration, and cyber extortion – all potentially covered by a first-party element. In addition, the industry may see more third-party losses from wrongful collection, privacy violations, as well as media liability and tech E&O.”
