Is the Cybersecurity Industry Stuck in a Vicious Circle?

The entry of AI agents into business radically changed the cybersecurity landscape in 2026. The question now is not “Should we use AI agents?”, but “Do we have a control mechanism that can stop them if they begin acting against us?”, says Anelia Kostadinova, Managing Director of COMPUTER 2000 Bulgaria. We spoke with her on the eve of the InfoSec SEE 2026 conference in Pravets — a regional-scale event that will demonstrate live how cybersecurity is evolving amid tectonic geopolitical changes.

Ms. Kostadinova, the major regional cybersecurity conference InfoSec SEE 2026, organized by COMPUTER 2000 Bulgaria, is approaching for the 18th consecutive year. A lot has happened globally since the last edition of the forum. How has this affected the cybersecurity sector?

The preparation for the 18th edition of InfoSec SEE 2026 is taking place during one of the most dynamic periods for the industry. Over the past year, the world of technology has undergone tectonic changes that transformed cybersecurity from an “IT issue” into a core pillar of national and corporate security.

Global events have reshaped priorities. If last year we were talking about the potential of AI, today we are already in the era of “autonomous agents.” Hackers are using AI to generate highly convincing phishing campaigns and to automate vulnerability discovery in real time. On the other hand, defense systems are also becoming more intelligent, with analytics now capable of stopping attacks before they even happen.

A particularly strong factor influencing the development of the cyber industry right now is geopolitical uncertainty. Cyberspace has become the “hidden front” of global conflicts. The conflict with Iran in 2026 became a turning point for the cyber industry, bringing digital warfare out of the shadows of “hybrid threats” and into the center of modern military operations.

The situation is paradoxical: while conflict brings destruction and risk, it also acts as a powerful catalyst for technological advancement. Iranian groups such as Seedworm and Handala proved that they do not need to attack governments directly. Instead, they target software and cloud service providers, creating a global “domino effect.”

February and March 2026 emerged as some of the “hottest” months in cyberspace, with some of the largest cyberattacks in history recorded. After the military operations in Iran began on February 28, 2026, cyberspace in the region literally exploded: internet access in Iran dropped to levels of just 1–4% within hours after the first strikes. This was accompanied by attacks against Iranian surveillance systems and state media. There was also sabotage through mass campaigns involving fake AI-generated videos of “senior military leaders.”

During the same period, major “blackouts” in network coverage were recorded across Eastern Europe and Russia. The conflicts also spilled into the private sector in the United States and Europe. One of the largest automated attacks in history, the “CyberStrikeAI” campaign, struck more than 600 firewalls across 55 countries simultaneously in March 2026 using autonomous AI agents. In March 2026, the American corporation Stryker became the victim of a destructive wiper malware attack attributed to Iranian groups. What made the attack unique was that it did not use traditional viruses but instead abused legitimate Mobile Device Management (MDM) tools to erase data from thousands of computers. Cyberattacks against industrial systems — water facilities, power grids, and transportation systems — also increased significantly.

At the same time, these intensified attacks accelerated the technological development of cybersecurity solutions. The conflict forced companies to implement AI-driven real-time threat detection. What was once theoretical is now being tested against some of the most sophisticated state-sponsored attacks in history.

We are also seeing growth in cyber insurance and security investments. Forecasts for 2026 point to steady growth in Cloud Security Posture Management and sovereign cloud solutions. Companies no longer see security as a cost but rather as insurance for survival. Standards are becoming consolidated as well. The need for collective defense accelerated the adoption of shared security protocols among NATO countries and their partners, making global infrastructure more resilient in the long term.

Specifically for Bulgaria, the past year was also key for adapting to the new European requirements. We now have a new Cybersecurity Act based on the European NIS2 Directive. This achieves full compliance with EU requirements, with the main difference being the expanded scope. Previously, the law mainly affected the public sector and critical service providers such as energy and transportation. The new legislation covers tens of thousands of additional entities. This is expected to accelerate the implementation of real cybersecurity solutions in companies and strengthen both national and corporate cybersecurity. The law positively affects business because companies are now required to take real protection measures instead of merely reporting that such measures exist formally.

Against the backdrop of these changes, what challenges do you face when organizing a large-scale event such as InfoSec SEE 2026?

Geopolitical events have changed the very definition of “security.” It is no longer just about “how to avoid getting hacked,” but about cyber-physical resilience — for example, how to keep a business operational when internet access across an entire region goes down. It is also about verifying truth — how to distinguish a real management instruction from an AI-generated video requesting a financial transfer or the shutdown of servers.

“InfoSec SEE 2026 is not just an event, but a litmus test for the state of cybersecurity in the region,” emphasized Anelia Kostadinova.

These real-world scenarios from the past two months will be among the “hot topics” during InfoSec SEE 2026 in Pravets because they are no longer science fiction but part of everyday IT operations. Organizing a forum of this scale for the 18th time carries the responsibility of always staying one step ahead. This year’s main challenges are related to:

• Balancing theory and practice: participants no longer seek only presentations but working solutions. Therefore, the focus on May 12–13 at Hyatt Regency Pravets Golf & SPA Resort will be on practical formats such as the “Capture The Flag” simulation game, where experts can test their skills in a real environment. Bulgarian companies will also present successful case studies solved with solutions from our portfolio.
• Selecting world-class speakers: in a world flooded with information, the hardest task is bringing in speakers who share frontline experience. The participation of executives from companies such as Google Cloud, Trellix, Radware, Check Point Software Technologies, and Fortra demonstrates the authority of the conference.
• The hybrid model: organizing an event that is equally engaging for both in-person attendees and online participants from across Southeast Europe requires flawless technical preparation and logistics.
• The conference theme, “Securing The Digital Tomorrow”: choosing a theme that unites the interests of IT directors, security managers, and representatives of the public sector is a strategic challenge that COMPUTER 2000 Bulgaria has successfully handled for nearly two decades.

InfoSec SEE 2026 is not just an event but a litmus test for cybersecurity in the region. It demonstrates that despite growing threats, the community is becoming more united and better prepared.

You emphasized the implementation of the new Cybersecurity Act, which transposes the NIS2 Directive and significantly raises security requirements for organizations. How do you assess the state of cybersecurity in Bulgarian organizations after the implementation of NIS2?

The enforcement of the changes to the Cybersecurity Act on February 13, 2026 ended a long waiting period and marked the beginning of a new era for digital resilience in Bulgaria. The transposition of the NIS2 Directive is not merely an administrative act but a fundamental change to the “rules of the game” for businesses and public administration.

The law no longer affects only “traditional” sectors such as banking, telecommunications, and energy. It now includes between 10,000 and 12,000 organizations across 18 sectors, including food and chemical manufacturing, waste and water management, postal and courier services, and public administration, including municipalities.

A large portion of the newly affected entities, especially in manufacturing and smaller municipalities, are still experiencing an “educational shock.” For them, the new requirements for 24-hour incident reporting are a huge operational challenge.

The strongest effect of the new law is the introduction of personal management responsibility. Executives can no longer transfer all responsibility to the IT department. They are now required to approve risk management measures and undergo specialized training themselves. We are observing a sharp increase in top management’s interest in cybersecurity. The topic is now on the agenda of directors not only because of hacker threats but also because of the severe penalties — up to €10 million or 2% of global turnover.

The law also introduces a reduced-penalty regime for violations committed before June 1, 2026, with fines reduced by 50%. This gives organizations a short “window” to build their security systems and register in the national entity registry. Companies are massively investing in automated monitoring systems and outsourced SOC (Security Operations Center) services to meet reporting deadlines, including early warnings within 24 hours and detailed reports within 72 hours.

NIS2 also requires large organizations to assess the cybersecurity posture of their direct suppliers. This has triggered a “chain reaction” affecting smaller firms that provide components or software to larger companies.

In the announcement for InfoSec SEE 2026, you highlighted three elements that together determine the real level of security in an organization — technologies, processes, and people. How close are organizations to achieving synergy between these three elements?

The “technology, process, people” triad is a classic formula, but in 2026, under the pressure of regulation and new threats, it is undergoing a serious transformation. While organizations strive for synergy, in reality we observe a mismatch in the speed at which these three elements evolve.

Technology is currently the most mature element. Thanks to cloud services and autonomous AI, technologies today can detect and block threats within milliseconds. The problem is that organizations often suffer from “oversaturation.” They purchase expensive tools that are not integrated with each other, creating noise and false alerts instead of real synergy.

Until last year, processes were the weakest link, often existing only on paper. However, the new Cybersecurity Act forced companies to “bring their policies to life.” It is no longer optional to have an incident response plan. Processes are finally beginning to catch up with technology because the law requires them to be audited and tested in practice.

People remain the greatest challenge. This is where synergy breaks down most seriously. Human adaptation is the slowest due to two main reasons: a shortage of qualified specialists, and “security fatigue.” Employees are overwhelmed by requirements for multi-factor authentication, deepfake verification, and complex password policies. This leads to people bypassing the rules — the greatest enemy of synergy.

At InfoSec SEE 2026, this balance will be a central focus: how to make technologies simpler for people and processes more efficient through automation.

More and more experts warn about the risks associated with AI agents entering business environments. Where are the weak points vulnerable to this new type of attack, and how are cybersecurity vendors responding?

The entry of AI agents has radically transformed the cybersecurity landscape in 2026. Previously, we were worried about “smart phishing.” Today, the main risk is the “hijacking” of autonomous agents.

AI agents have become the new attack vector. As they evolve into “digital employees,” they also become the easiest entry point for hackers because of three major vulnerabilities:

• Indirect command injection: hackers do not attack the agent directly but hide instructions in documents, emails, or websites that the agent reads. Since the agent is designed to execute tasks, it follows those instructions without questioning them.
• Excessive permissions: businesses give agents access to CRMs, databases, and emails. Once manipulated, such an agent becomes a “superuser” capable of extracting massive amounts of data within seconds without triggering traditional alarms.
• “Supply chain hallucinations”: agents often write or complete code. Hackers poison public libraries, for example on GitHub, with malicious code disguised as useful functionality. The AI agent downloads and integrates it into corporate software, assuming it is trustworthy.

Vendors such as Check Point Software Technologies, Trellix, and Google Cloud, all partners of InfoSec SEE 2026, are no longer offering just antivirus solutions but complete “Security for AI” systems, including:

• AI Firewalls: a new category of security solutions that analyze not only traffic but also the “intent” behind requests sent to AI agents. They block command injection attempts in real time.
• Treating AI as an identity (Identity-Centric Security): instead of being treated merely as software, the agent receives a unique digital identity. The Zero Trust principle is applied, meaning the agent only has access to what it needs at a specific moment. Any unusual behavior, such as mass file downloads, is automatically blocked.
• Auditability of decisions: new security platforms record the “reasoning” process of AI agents. If an incident occurs, security teams can trace exactly which input caused the AI to perform harmful actions.
• AI versus AI: the only way to stop attacks driven by machine-speed bots is with defensive AI. Detection systems (XDR) now use models that predict the next move of attacking AI agents and neutralize them before they reach databases.

“In 2026, the question is not ‘Should we use AI agents?’ but ‘Do we have a control mechanism to stop them if they begin acting against us?’” said Anelia Kostadinova.

New tools like GPT-5.4-Cyber and Mythos discover software vulnerabilities to improve cybersecurity, but many fear these AI models themselves create major risks. Is the industry entering a vicious circle?

This question touches the very epicenter of the technological arms race in 2026. With the release of GPT-5.4-Cyber by OpenAI and Claude Mythos by Anthropic in April, the industry officially entered the era of “autonomous vulnerability discovery.” Concerns, especially in the financial sector, are entirely justified. The situation indeed resembles a “vicious circle.”

Models like Mythos have demonstrated the ability to discover zero-day vulnerabilities that humans overlooked for decades, such as a 27-year-old OpenBSD vulnerability uncovered earlier this month. Although these models operate under strict controls, such as OpenAI’s Trusted Access for Cyber program, there is fear that such capabilities will inevitably reach the black market or be replicated by nation-state actors.

Major financial institutions such as JPMorgan Chase and Goldman Sachs are already part of testing groups but simultaneously express serious concerns. Their logic is simple: if an AI model can find a vulnerability in five minutes, the bank must patch it in four. Yet current banking update procedures often take weeks. In finance, AI-driven attack speed can outpace the speed of liquidity, making defense critically important.

The industry is trying to break this “vicious circle.” Instead of stopping progress, which is impossible, cybersecurity vendors are implementing new strategies:

• Controlled access: models such as GPT-5.4-Cyber are not publicly available. Access requires government-level identity verification and participation in trusted programs.
• AI-native patching: the response to rapid vulnerability discovery is even faster patching. AI agents are being developed whose sole purpose is to automatically generate and test patches immediately after vulnerabilities are identified.
• Shifting defense “left”: instead of searching for vulnerabilities after software is completed, these AI models are integrated directly into the coding process so software becomes “immunized” during development.

The industry is trapped in a vicious circle only if defense relies on human speed. The synergy we discussed earlier is no longer optional — it is mandatory.

Do you believe a global agreement similar to nuclear non-proliferation treaties could be achieved to limit offensive AI models?

The idea of a “Digital Geneva Convention” or an agreement similar to nuclear non-proliferation is one of the hottest geopolitical topics in 2026. Although the comparison with nuclear energy is logical, cyberspace presents unique challenges that make such an agreement extremely difficult, though not impossible.

To build a nuclear bomb, you need uranium mines, giant centrifuges, and a detectable thermal footprint. To build an offensive AI model, you only need GPUs and electricity. This can happen in a basement, in the cloud, or inside a small mobile lab.

The same technology used by GPT-5.4-Cyber to discover and fix vulnerabilities defensively can also be used offensively. You cannot ban “offensive AI” without crippling your own defenses.

Unlike nuclear war, where there are no winners, cyberwarfare can provide enormous economic and strategic advantages with minimal direct risk to the aggressor’s population. This reduces incentives for restraint.

Despite the challenges, there are already signs of regulation in 2026. Instead of controlling code, leading countries are attempting to control chips. Restricting access to high-performance computing resources is becoming the modern equivalent of controlling enriched uranium.

There are also discussions about international standards requiring AI models above a certain capability threshold to leave a “digital fingerprint” in generated code or actions so that the creator can be traced. Similar to biological weapons bans, there is strong pressure to prohibit AI systems capable of making autonomous decisions involving physical destruction without human oversight.

“At the moment, the world is closer to a ‘Digital Iron Curtain’ than to global cooperation,” said Anelia Kostadinova.

Most experts believe that instead of a global treaty, regional alliances will emerge. NATO countries and their partners are likely to establish a “Zone of Trust” with shared ethical standards for AI, while other states continue developing unrestricted systems.

What will be the leading highlights of InfoSec SEE this year, and what is your message to business and public-sector professionals ahead of the conference?

For the 18th consecutive year, InfoSec SEE 2026 is establishing itself not simply as an event but as a “war council” for cybersecurity in the region. On May 12–13 at Hyatt Regency Pravets, COMPUTER 2000 Bulgaria is bringing together some of the brightest minds in the industry to answer one critical question: How do we secure the digital tomorrow that is already here?

This year’s program focuses on the reality “after NIS2” and “during AI.” Some of the highlights include:

• AI: From Threat to Shield — speakers such as Mike Hart from Google Cloud and Eva Abergeil from Radware will explain how AI is changing the rules of the game.
• Practical resilience — Mo Cashman from Trellix will present strategies for moving from passive defense to active operational resilience.
• The CISO vision in the AI era — Jony Fischbein from Check Point Software Technologies will discuss how cybersecurity leaders manage risk and budgets in an environment where threats evolve at machine speed.
• The human factor and identity — experts from Netwrix and Fortra will discuss how to close the gap between identity and data, where most breaches begin.
• Practical training — the conference strongly emphasizes hands-on simulations and real-time testing environments.

The message to businesses and public-sector organizations is clear:

“Cybersecurity is no longer insurance — it is a condition for survival.”

Why shouldn’t you miss the event?

• Time is running out: this is the final major industry gathering before the full expiration of transition periods under the new Cybersecurity Act.
• Access to the frontline: rarely are technology leaders from companies such as Google, Trellix, and Check Point gathered in one place.
• Unmatched networking: at Hyatt Regency Pravets, decision-makers meet and partnerships are formed that can help organizations survive future crises.
• Beyond theory: in a world flooded with webinars, InfoSec SEE offers the trust and depth that only physical presence can provide.

The final message:

“Do not go to Pravets to hear what happened last year. Go there to understand how to survive the next one. The digital future is secure only for those who build it with the right tools and the right allies. See you on May 12 in Pravets — where security meets strategy.”

CONTACT US

Let’s walk through the journey of digital transformation together.