Looking ahead to 2026 with Sylvian Cortes, Hackuity

As part of an online miniseries, Sylvian Cortes, Vice President of Strategy at Hackuity discusses his industry predictions for 2026.

Can you tell me a bit about yourself, your job role and how long you have been at the company?

I am the Vice President of Strategy at Hackuity, a provider of a Risk-Based Vulnerability Management (RBVM) platform that enables organizations to remediate the threats that are specific to their environment, faster.

I joined Hackuity in 2022 and in this role, I ensure the product marketing and roadmap priorities for the company are aligned with the market expectations, now and in the future.

I’ve been a Microsoft MVP for over 18 years, bringing decades of cybersecurity innovation to the industry.

What are some of the key trends and predictions you think we will see in the security industry in 2026?

For security teams, the task of remediating an overwhelming number of new daily vulnerabilities continues to be an uphill battle.

Attackers have the ability to weaponize CVEs at lightning speed and these pressures are having a knock-on effect. 

It’s leading to delays in incident response and missed security alerts. The impact isn’t only at a security level, there’s a human cost as well with teams reporting that it’s contributing to burnout.

What is one piece of advice you would give organisations and professionals as they head into 2026?

Preparing for what’s to come in 2026 means that teams will need to address these gaps.

With SOC teams feeling the pressure, they’ll need to be equipped with the context around the data to make sense of the vulnerabilities and how they could impact their organisation.  

 The flood of CVEs is only set to continue to rise moving forward and through next year, we can expect the rise of generative AI to accelerate this trend.

Thanks to AI-coding assistants, developers are able to ship code faster than ever, but are also pushing insecure code into production before it can be properly reviewed.

More insecure code in production inevitably translates into more vulnerabilities making it into live applications.

Many vulnerability management programmes were built for a different era in which patching cycles could keep up. Today’s environment looks very different.

The processes that organisations might have relied on in the past – siloed tools and reactive workflows – will be no match for the speed and scale of these threats.

A more automated approach to vulnerability management is critical to keeping pace and protecting both the security of the organisation and the wellbeing of the teams tasked with managing these threats.