Club Benefits
There are few faster moving categories of the tech sector than cybersecurity.
But unlike, say, the introduction of new smartphone features or speedier connectivity, the improvements to online security are borne out of absolute necessity rather than a list of nice-to-haves.
At the vanguard of that progress are antivirus and virtual private network providers, as they try to stay one step ahead of bad actors that continue to grow in sophistication — the number of potential targets is expanding exponentially, with the well of personal information available for them to exploit only getting deeper.
While our own experts have already given their 2026 predictions, we also wanted to speak to a company that's on the frontline of that battleground — and none better than one of the very best VPNs around. Here's what we learned when we spoke to the pros at Surfshark.
Key developments in privacy and data in 2025
2025's primary threat as identified by Surfshark is unlikely to surprise anybody but those living under a rock for the last 12 months: AI-enabled scams.
[AI-enabled scams are] making it harder to distinguish legitimate content from malicious content and driving greater user vigilance.
Justas Pukys, Senior Product Manager at Surfshark
"In 2025, more money and resources were poured into AI-related ventures than the United States and the USSR spent during the entire space race that culminated in Apollo 11 landing on the Moon." That's the dizzying claim put forward by Information Security Manager at Surfshark, Miguel Fornes.
And our sister-site TechRadar has reported time and again about the surge of AI scams and AI-powered fraud this year.
Deepfakes and voice cloning are perhaps the best known and scariest sounding of these tactics, but internet users should also be on the lookout for AI-generated links passing themselves off as genuine URLs.
"Agentic AI amplifies this chaos by automating it end-to-end. Imagine a tool that not only writes a spam email, but also creates a fake profile, chats convincingly in real time, and carries out online-banking operations," adds Fornes.
Not only does the development of artificial intelligence mean that scams are getting cleverer and more sophisticated, but also that they can be scaled up at a frightening rate. Both the quality and quantity of the threats are evolving rapidly.
The rise of autonomous malware is another of the key dangers from 2025 pinpointed by Surfshark.
"This advanced form of code, utilizing AI, can mutate like a living organism," says the company's Senior Product Manager, Justas Pukys.
"Such self-evolving malware poses a serious and complex danger, demanding more sophisticated and adaptive defense mechanisms."
AI-created ransomware can generate malicious code and scripts in an instant. It means that the pool of potential scammers is no longer restricted to teams of skilled developers — bad actors can rely on the generative skills of AI models to create malware that learns and evolves.
What effect have these developments had on the VPN and cybersecurity industry?
To counteract the scarily speedy advancements in AI-enhanced threats described above, Pukys says that the VPN and cybersecurity industry is shifting significantly towards "integrated, advanced, and socially conscious security solutions".
There's nothing new about a general push away from disparate, standalone tools towards all-in-one online security solutions — suites like Surfshark One that include antivirus, VPN, cloud backup, password manager, parental controls, etc. But the need for comprehensive security under one roof has been accelerated in order to counter evolving threats.
Indeed, the recognition of the need for joined-up thinking is a key theme of Pukys's evaluation. Key members of the cybersecurity community are beginning to stand together to try and create a safer online world for everybody.
While transparency and accountability have always been central to the VPN industry, they will become even more important as the industry grows and its global impact continues to increase.
Justas Pukys
He points to the VPN Trust Initiative (VTI) as a key organization. The industry-led consortium that promotes VPN consumer safety and privacy online has released guidelines on the importance of selecting transparent and accountable VPN services, with frequent independent third-party audits (such as no-logs audits), publishing regular transparency reports about data requests.
Pukys says that he is also seeing an increase in collaborative research to tackle systemic challenges collectively, as well as more ethical security practices.
He gives an example of what his own employer is doing on this front: "Surfshark’s Internet Shutdown Tracker shows that 85 countries have restricted internet or social media access, affecting over 6 billion people, and the numbers are rising each year."
"For those who rely on a secure connection to share findings, report stories, and protect their sources, these restrictions can be devastating."
"Surfshark has an Emergency VPN program, which provides our services free of charge for journalists, activists, and NGO representatives working under censorship or surveillance. In 2025 alone, Surfshark provided over 2,000 emergency VPN accounts to activists and journalists in need."
Looking ahead to 2026 — the upcoming threats to data privacy and how the cybersecurity industry will respond
In short, we can probably expect more of the same as we look ahead at the online threats to expect over the next 12 months.
"Key developments are quite similar to what we already had in 2025," says Pukys.
In 2026, the human factor will remain the biggest vulnerability in cybersecurity.
Tomas Stamulis, Chief Security Officer at Surfshark
"However, they are expected to evolve even more. AI-enabled scams are expected to intensify, making it even harder to tell legitimate from malicious content than it is now."
"Deepfakes are becoming indistinguishable to the human eye or ear," agrees Chief Security Officer at Surfshark, Tomas Stamulis.
"Recognizing a fake is no longer about visual or audio cues; it’s about verifying context — who sent the message, from which domain, and whether the communication fits known behavioral patterns."
In terms of what cybersecurity firms will do to fight back, they foresee the following:
- Organizations investing in stronger domain-based authentication, metadata verification, behavioral analytics, and employee training to question context rather than appearance.
- More applications and devices will adopt password-less authentication and biometric methods to enhance identity management and protect data in case of loss of credentials via social engineering attacks.
- Proactive patch management, endpoint detection and response, and robust backup strategies to reduce impact.
- Quantum cryptography will become more mainstream as more companies adopt quantum-safe protections.
But cybersecurity tools — whether that be VPNs, antivirus software, all-in-one solutions or anything else — have never been and will never be a silver bullet for staying protected.
"In 2026, the human factor will remain the biggest vulnerability in cybersecurity," asserts Stamulis.
"Configuration errors, weak passwords, and unintentional actions continue to open the door to breaches."
So, if you're looking for a New Year's resolution, taking better care of your internet housekeeping in 2026 should probably be right at the top of your list.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
