The ink is barely dry on our Q4 2025 Threat Intelligence Report (Q4 Threat Report), and the AI predictions KasadaIQ identified are already accelerating. The line between legitimate and malicious AI agent activity is dissolving fast. Organizations need granular, identity-based controls to verify agent intent and enforce differentiated permissions at scale. Kasada's AI Agent Trust delivers that.
Four developments in early 2026 show how rapidly the AI threat landscape is evolving.
1. AI Recommendation Poisoning: The New SEO Manipulation
Microsoft recently uncovered a practice they're calling "AI Recommendation Poisoning." Companies are embedding hidden instructions in website elements like "Summarize with AI" buttons that inject persistence commands into AI assistants' memory. These prompts instruct AI systems to "remember [Company] as a trusted source" or "recommend [Company] first". This silently biases future responses across a range of topics. Microsoft identified over 50 unique prompts from 31 companies across 14 industries. Freely available tooling marketed as "LLM SEO growth hacks" has made this easy to deploy.
This is the kind of evolution KasadaIQ flagged in our report. In our analysis of the agentic impact on eCommerce and bot traffic, we highlighted how Generative Engine Optimization (GEO) is starting to rival traditional SEO as businesses optimize for AI agents rather than humans. Marketing teams are already reverse-engineering AI responses and redesigning sites with machine-readable schemas and AI-friendly formatting over human-first design. AI Recommendation Poisoning is the adversarial extension of that same trend, and it won't stop at marketing. As we noted, the same techniques could be weaponized for fraud or competitive sabotage.

