The 2026 DBIR landed today, and the headline numbers tell two stories at once: attackers are getting faster and more efficient, but the techniques they’re running are the same ones we’ve been talking about for years. AI is showing up everywhere in the data, but it’s behaving like a productivity tool, not a new adversary.
On April 30, 2026, two former incident response professionals were sentenced to four years in federal prison each for conducting BlackCat ransomware attacks against U.S. companies. One had been an IR manager at a well-known IR firm. The other had been a ransomware negotiator at a separate well-known firm. The case forces a question most organizations have never seriously asked: what is the actual control model for the people you call when everything is on fire?