Guest: Steve Winterfeld (LinkedIn)
Company: Akamai
Show Name: 2026 Predictions
Topic: Security

Cybersecurity in 2026 isn’t about preventing breaches—it’s about surviving them. Steve Winterfeld, Advisory CISO at Akamai, puts it bluntly: ransomware is the “reverse lottery ticket” that puts companies out of business, while ghost APIs and agentic AI create attack surfaces most organizations don’t even know exist. Drawing from Akamai’s State of the Internet (SOTI) Report, Winterfeld reveals the threat trends shaping enterprise security strategies this year.

The Evolution of Threats: From Web to Agentic AI

Akamai’s role in enterprise infrastructure has expanded far beyond its origins as a content delivery network. “Akamai is really a partner that allows you to build on it, perform faster and secure it,” Winterfeld explains. Today, more than half of Akamai’s business centers on security—from web application firewalls adapted for generative AI and large language models, to API protection, fraud prevention for major banks, and ransomware defense through micro-segmentation.

The threat landscape isn’t experiencing Black Swan events, Winterfeld notes—it’s experiencing accelerating evolution. “Most of this comes down to the threat getting bigger, faster.” This acceleration is most visible in how attack surfaces have evolved alongside technology adoption.

Winterfeld points to OWASP frameworks as a bellwether for emerging threats. “The first OWASP focused on web applications, and I used a WAF. The second OWASP addressed APIs, where the attacks were unique and required a new tool. Then came large language models, and once again the attacks were different, demanding a different approach. Now we’re seeing agentic AI introduce an entirely new class of threats.”

The Ghost API Problem

API security represents one of 2026’s most critical challenges. Organizations are discovering rogue, or “ghost,” APIs they didn’t know existed, creating blind spots in their security posture.

“More and more of our customer engagement—our customers’ customers, as any company engages with people on the internet—is going out through APIs,” Winterfeld says. “And those APIs are becoming more and more critical.”

The shift is fundamental: major breaches increasingly result from API abuse rather than traditional malware. Yet many organizations lack basic visibility into their API inventory, let alone comprehensive protection strategies.

The Reverse Lottery: Ransomware’s Business Impact

While data breaches dominate headlines, Winterfeld emphasizes a more existential threat. “I don’t know if I can name a company that went out of business because of a data breach. I can name a dozen companies that went out of business because of ransomware.”

He frames ransomware as a “reverse lottery ticket”—low probability but catastrophic impact. “You win a lottery ticket. That’s great. You win the reverse lottery ticket, you’re out of business.”

Akamai’s DDoS defense team sees this threat intensifying, with new DDoS records being set regularly.

Navigating Regulatory and Talent Challenges

Organizations face mounting challenges beyond evolving threats. Heavily regulated industries—finance and healthcare—must navigate compliance requirements such as the EU AI Act while addressing fundamental security gaps. Geographic regulations vary significantly, with the EU typically leading policy development.

The talent shortage compounds these challenges. “Right now, I don’t know that I can hire all the security AI experts I want. There just aren’t enough of them,” Winterfeld acknowledges. This scarcity makes vendor partnerships critical—organizations need partners with specialized expertise rather than expecting internal teams to master every domain.

He illustrates this with DDoS defense: “Akamai has a team that fights DDoS every day. We’re seeing new DDoS records being set—significantly new records. If my team deals with DDoS internally once or twice a year, they’re not going to be as good.”

The Assume-Breach Mindset

Winterfeld’s actionable advice centers on a fundamental mindset shift. “You almost want to assume you’ve been breached. You almost want to go back and build an environment that’s not assuming anything.”

This approach requires:

• Robust vendor management to ensure third-party and supply chain security
• A comprehensive understanding of AI usage across the organization
• Security awareness around new development practices like “vibe coding”—a term Winterfeld uses to describe AI-assisted coding that may lack security guardrails
• Updated risk portfolios covering DDoS, ransomware, APIs, and generative AI
• Tested playbooks and exercises to validate resiliency

“How do I gain situational awareness and measurable resiliency and readiness across my entire organization?” Winterfeld asks—the central question for 2026 security strategies.

Akamai’s 2026 Focus: Large Language Model Protection

While Akamai offers 15 to 20 security products and services, customer conversations increasingly center on one area: large language models.

“Most of them are focused on the next challenge, which is around large language models. How are they protecting them? How are they getting visibility into them?” Winterfeld explains.

Organizations want help with LLM visibility, protection, and adaptive threat mitigation as they expand AI adoption across internal operations and customer-facing services. This reflects the convergence of Akamai’s security expertise with the most rapidly evolving domain in enterprise technology.