AI is changing the threat landscape faster than many security programs can respond. Traditional frameworks built around static control sets may still check the right boxes on paper, but that alone is no longer enough. Attackers are already using AI to scale phishing, manipulate users, exploit AI-enabled systems, and find new paths into organizations.

If your security framework isn’t evolving alongside these threats, your organization may already be behind.

HITRUST doesn’t take a one-time approach to security. Our assessments are designed to adapt continuously based on real-world threat intelligence, including emerging AI-driven attack techniques. We regularly update our requirements to stay aligned with the latest risks. That’s what makes the HITRUST framework different: it’s built to evolve as the threat landscape changes.

How HITRUST stays ahead

HITRUST uses a continuous, data-driven approach called the Cyber Threat Adaptive (CTA) program. It’s a constant cycle of collecting, analyzing, and responding to real-world threat intelligence. This analysis is directly applied to the i1, e1, and r2 validated assessments in addition to the HITRUST AI Security Certification.

In the first quarter of 2026, we

• Reviewed 259 real-world breaches
• Analyzed 4,761 threat intelligence articles 
• Evaluated 399,764 MITRE ATT&CK and MITRE ATLAS indicators 
• Confirmed that the HITRUST AI Security Certification maintains over 97% coverage of adversarial AI techniques observed in the period 

What are the top threats to worry about right now?

The most common attack techniques remain familiar, but the first quarter of 2026 also showed meaningful growth in AI-related attack activity. In addition to the most prevalent traditional attack methods, we saw AI-enabled techniques rise sharply as adversaries continue to expand how they target organizations.

Here are some of the top AI-related techniques organizations should be watching.

1. User Execution

This was the top AI-related technique observed in Q1 2026. Attackers rely on a user to take an action that triggers execution, such as opening a malicious file, package, or link.

It leads to: Execution of malicious code, compromise of AI-enabled environments.

What helps: Verifying AI artifacts, vulnerability scanning, and user training.

2. Phishing

Phishing remains one of the most successful attacker techniques, and AI is making it more scalable and convincing. Adversaries are increasingly using synthetic text, visual deepfakes, and audio deepfakes to target users.

It leads to: Stolen credentials, fraudulent activity, malware delivery, and broader compromise.

What helps: User training and deepfake detection.

3. Exfiltration via AI Agent Tool Invocation

When AI agents can perform write operations or use connected tools, adversaries may manipulate them to exfiltrate data or take unauthorized actions.

It leads to: Data loss, unauthorized document or system changes, and misuse of connected enterprise tools.

What helps: Strong AI agent permission controls, human-in-the-loop oversight, segmentation of AI components, and input/output filtering.

HITRUST has long recognized that the threat landscape does not stand still. Attackers adapt, new vulnerabilities emerge, and AI is accelerating both discovery and exploitation. That is why HITRUST created the Cyber Threat Adaptive (CTA) program. CTA keeps the HITRUST CSF aligned with real-world risk using threat intelligence, vulnerability research, and attack data.

Through CTA, HITRUST is already strengthening guidance in fast-changing areas such as vulnerability management, secure software development, dependency management, and detection and response. These updates are delivered through the CSF, CTA, and MyCSF with a focus on improving threat relevance without adding unnecessary assessment burden.

Recent developments, including frontier AI models and Project Glasswing, should get the industry’s attention. HITRUST is evaluating Project Glasswing and related information to determine what CSF updates may be needed. This CTA release does not include Project Glasswing specific control changes, but future updates, including out-of-cycle updates, may address those risks as they develop.

What should you do now?

Take the following steps to stay resilient against cyber threats.

• Train your people: Make role-based security training a priority, with a strong emphasis on phishing, spear phishing, and AI-related attack patterns.
  
• Strengthen AI safeguards: Include AI-specific security topics in annual training for teams involved in AI development, deployment, data science, and cybersecurity.
• Keep humans involved where it matters: Build human-in-the-loop checkpoints into AI-driven workflows before sensitive actions are executed.
• Validate what enters your systems: Filter user inputs and attachments for suspicious or adversarial content, especially in AI-enabled environments.
  

The bottom line

Your security program should evolve at the speed of threats. Using adversary intelligence as a weapon can help get you there.

HITRUST assessments are designed to keep up with both established and emerging attack techniques. Backed by real intelligence and continuous updates, they help organizations build trust and resilience in a rapidly changing digital world.

As AI-related threats continue to grow, HITRUST’s threat-adaptive approach helps ensure both traditional systems and AI-enabled services remain better protected against what’s next.

Whether you’re just starting your security assessment process or need deeper protection, HITRUST helps you stay ready — not just compliant. Download the complete analysis to learn more.

Third-party relationships are now central to how organizations operate. They enable scale, innovation, and efficiency across increasingly complex digital ecosystems. But they also represent one of the greatest sources of cyber risk.

The 2026 HITRUST Trust Report highlights a growing “Trust Crisis” facing cybersecurity and risk leaders. As organizations expand their reliance on vendors, supply chains, cloud providers, and emerging technologies, the challenge is no longer just managing internal security.

Third-Party Risk Is Accelerating

The data is clear. Supply chain risk is not just increasing. It is reshaping cybersecurity.

According to the 2025 Verizon Data Breach Investigations Report, third-party related breaches have doubled from 15% to 30% in the past year. This reflects a broader shift in attacker behavior. Vendors and service providers are increasingly targeted because compromising one supplier can provide access to hundreds or thousands of downstream organizations.

At the same time, organizations are managing vast, interconnected ecosystems of partners. Each additional vendor expands the attack surface and introduces new pathways for breaches.

This combination of growing dependency and rising threat activity is at the core of today’s Trust Crisis.

Traditional Vendor Due Diligence Continues to Fall Short

Despite the scale of this challenge, many organizations still rely on fragmented approaches to third-party risk management.

Questionnaires, self-attestations, and inconsistent assurance reports remain common. These methods often fail to provide meaningful visibility into a third party’s actual security posture.

As a result, organizations struggle to distinguish between partners that are truly secure and those that simply appear compliant.

This lack of reliable, comparable assurance creates inefficiencies, low confidence, increased costs, and unnecessary friction across vendor ecosystems.

In other words, the issue is not just risk. It is trust.

The Shift Toward Measurable Cybersecurity Assurance

The 2026 HITRUST Trust Report underscores a critical shift in how leading organizations must approach third-party risk. They should be moving away from compliance-driven models and toward assurance mechanisms that are:

• Standardized
• Defensible
• Independently validated
• Aligned to real-world threats
• Reduce duplicative assessments
• Improve visibility into supply chain risk
• Make faster, more confident risk decisions
• Focus resources on the highest-risk vendors
• Prescriptive and aligned to real-world attack techniques
• Independently validated through centralized quality review
•  Continuously updated to reflect emerging threats   

This shift is driven by the need for measurable cybersecurity outcomes, not just documentation.

The Report shows a stark contrast between traditional approaches and validated assurance models. In 2025, 99.62% of HITRUST-certified environments did not report a security breach, demonstrating measurable cybersecurity risk reduction.

By comparison, more than 40% of organizations report experiencing a breach.

That gap highlights an important reality. Assurance quality directly impacts security outcomes.

Building a Stronger Foundation for TPRM

Effective third-party risk management now depends on assurance that is consistent, comparable, and decision-ready.

Standardized and independently validated frameworks enable organizations to evaluate vendor security posture using reliable data, rather than subjective interpretations.

This approach addresses one of the most difficult challenges in cybersecurity today: managing risk across hundreds or even thousands of external vendors, each with varying levels of security maturity and transparency.

It also enables organizations to:

Importantly, assurance must extend beyond the organization itself. It must include the risks introduced by service providers.

The Report notes that over 80% of HITRUST certifications, including 100% of r2 certifications, address threats posed by an organization’s service providers.

This level of coverage is critical in a threat landscape where third-party exposure continues to grow.

Moving From Trust Assumptions to Trust Evidence

Trust has become a strategic requirement for digital business relationships. But it is increasingly difficult to establish.

Stakeholders including boards of directors, regulators, insurers, and investors are demanding proof that cyber risk is being effectively managed.

That proof cannot come from self-attestation or flexible interpretations of controls. It must come from assurance that is:

This is the foundation of modern TPRM.

It transforms assurance from a compliance exercise into a mechanism for measurable risk reduction and scalable trust.

The Future of Third-Party Risk Management

As organizations deepen their reliance on third parties and adopt technologies like artificial intelligence, the need for reliable assurance will only increase.

Traditional models are no longer sufficient for the scale, speed, and complexity of modern ecosystems.

Restoring trust requires a new approach. One that aligns assurance with real-world threats and measurable outcomes.

Because in today’s environment, trust can no longer be implied. It must be demonstrated.

Download the full 2026 HITRUST Trust Report to explore the data, insights, and strategies shaping the future of cybersecurity assurance and third-party risk management.

Cyber threats continue to evolve, and organizations are under increasing pressure to demonstrate that cyber risk is being effectively managed. At the same time, digital ecosystems are becoming more complex, with organizations relying on an expanding network of third parties, cloud providers, and emerging technologies like artificial intelligence.

The 2026 HITRUST Trust Report examines this changing landscape and highlights a growing challenge for security and risk leaders. There is a widening gap between the level of assurance organizations need and what traditional approaches are able to provide. 

Drawing on four years of performance data across HITRUST-certified environments, The Report provides a data-driven view into how cybersecurity assurance is evolving and what organizations can do to build greater trust in their security posture. 

A Growing Trust Crisis in Cybersecurity

There is a growing trust crisis facing cybersecurity and compliance leaders.

Organizations today depend on a vast interconnected ecosystem of vendors, service providers, and platforms. These relationships drive innovation and efficiency, but they also expand the potential attack surface and introduce new risks that must be managed.

At the same time, stakeholders including boards, regulators, insurers, and partners are demanding stronger proof that cybersecurity risks are being addressed.

However, many organizations still rely on fragmented approaches to assurance, including questionnaires, self-attestations, and inconsistent reporting. These methods often fail to provide the visibility needed to confidently answer a critical question.

“Can I trust the security of the organizations I depend on?”

Measurable Outcomes Highlight a Different Approach

One of our most significant findings is the continued performance of HITRUST-certified environments. 

The Report found that 99.62% of HITRUST-certified environments remained breach-free in 2025, demonstrating measurable cybersecurity risk reduction. 

In comparison, independent surveys indicate that more than 40% of organizations have experienced a security breach. 

This highlights a broader shift in cybersecurity. 

Organizations are moving beyond compliance-based models toward standardized, independently validated assurance that produces consistent and measurable outcomes. 

For a quick, visual breakdown of these findings, explore the 2026 Trust Report Infographic. 

The Role of Standardized and Validated Assurance

Standardized, independent, and defensible assurance frameworks are becoming foundational to modern cybersecurity programs. 

Unlike traditional approaches that rely on flexible, principle-based frameworks, HITRUST uses prescriptive control requirements aligned to real-world threats and validates those controls through independent quality review. 

This approach enables organizations to:

• Evaluate security posture consistently across environments

• Gain more reliable and comparable results

• Improve both efficiency and effectiveness over time

The Report also notes that organizations adopting structured assurance programs with continuous validation and corrective action processes see improvements in security maturity over time.

Access the 2026 HITRUST Trust Report 

The 2026 HITRUST Trust Report shows that addressing today’s trust crisis requires more than compliance. It requires measurable, validated assurance. Organizations that choose HITRUST gain a proven approach to reducing risk, strengthening security, and building trust across an increasingly complex ecosystem. 

Read the full 2026 Trust Report to learn more.