What Experts Predict for the Future of the Commercial Cyber Market

, Virtual Routes recently convened a group of leading experts from government, industry, and academia at Ironmonger House in London for a structured forecasting workshop as part of the Horizon Europe REMIT project. Participants examined potential developments over two-year and five-year time horizons, assessing the technological, political, legal, economic, and military factors likely to shape the future of commercial cyber proliferation.

What will the market for commercial cyber capabilities look like in five years’ time?

This question matters far beyond the relatively small world of commercial spyware vendors. The market for commercial cyber intrusion capabilities – including spyware, hackers-for-hire, exploit brokers, vulnerability markets, and other components of the offensive cyber ecosystem – sits at the intersection of national security, technological innovation, human rights, and geopolitical competition. Yet despite growing policy attention, there remains remarkably little understanding of where this market is heading.

To explore this question, Virtual Routes recently convened a group of leading experts from government, industry, and academia at Ironmonger House in London for a structured forecasting workshop as part of the Horizon Europe REMIT project. Participants examined potential developments over two-year and five-year time horizons, assessing the technological, political, legal, economic, and military factors likely to shape the future of commercial cyber proliferation.

Five observations stood out.

1. Experts were pessimistic about the ability of governance to shape the market

Participants struggled to identify any plausible scenario in which current international governance initiatives significantly altered the long-term trajectory of commercial cyber proliferation. Even widespread adoption of voluntary frameworks, such as those emerging from the Pall Mall Process, was generally viewed as having limited impact on market dynamics. More restrictive measures, such as comprehensive bans on spyware sale and use, were considered potentially effective—but politically unlikely.

The implication is sobering: experts increasingly appear to view commercial cyber proliferation not as a governance problem waiting to be solved, but as a structural feature of the international system.

2. The most plausible AI future was not better cyber capabilities—but many more cyber capabilities

Participants broadly agreed that advances in frontier AI models will fundamentally reshape vulnerability discovery, exploit development, and cyber operations.

However, the most important effect may not be that cyber capabilities become more sophisticated. Rather, it may be that they become available to many more actors.

The most convincing long-term scenario discussed was one in which highly capable AI systems dramatically lower barriers to entry across the cyber ecosystem, leading to a substantial expansion of commercial cyber capabilities among states, companies, and individuals alike. In this future, today’s commercial spyware market may ultimately prove to be only an early manifestation of a much broader proliferation challenge.

3. Commercial cyber markets may increasingly fragment along geopolitical lines

Participants repeatedly returned to the possibility that the market for commercial cyber capabilities may become less global and more geopolitical.

Rather than a single international marketplace, distinct ecosystems could emerge around major geopolitical blocs, including the United States and Five Eyes partners, Europe, Russia, and China. Commercial providers may increasingly need to choose not only customers, but geopolitical affiliations.

Such a development would represent a profound shift: commercial cyber capabilities would remain commercial, but become deeply embedded within broader patterns of geopolitical competition and strategic alignment.

4. Artificial intelligence may benefit technological latecomers more than established cyber powers

One of the more counterintuitive observations concerned the distribution of cyber power.

Participants noted that technologically advanced states face an enormous challenge in adapting legacy digital infrastructure to machine-speed vulnerability discovery and patching cycles. States with less accumulated technical debt, by contrast, may be able to adapt more rapidly to AI-enabled cyber environments.

If this assessment proves correct, artificial intelligence may not simply reinforce existing cyber hierarchies. Instead, it could partially redistribute cyber advantage.

5. The greatest long-term consequence of commercial cyber proliferation may not be cyber conflict, but democratic erosion

Finally, participants reflected that discussions of commercial cyber proliferation often focus too heavily on interstate competition and military conflict.

Many of the most significant harms associated with commercial cyber capabilities already occur within states: surveillance of journalists, political opponents, activists, civil society organizations, and private citizens. Over time, the cumulative effect of these practices may be to weaken democratic accountability, erode public trust, and reshape the relationship between citizens and the state.

If so, the most important strategic consequence of commercial cyber proliferation may not be a future cyber war. It may instead be the gradual normalization of increasingly intrusive forms of digital surveillance and political control.

Commercial Cyber Proliferation as a Structural Feature 

Forecasting exercises rarely succeed in predicting the future. Their value lies elsewhere: revealing which assumptions experts are increasingly willing to challenge.

At least among the participants in this workshop, one conclusion stood out above all others: commercial cyber proliferation increasingly appears to be not a temporary market failure that can be regulated away, but an enduring characteristic of the emerging technological and geopolitical landscape.

REMIT is an EU-funded research project that examines how emerging digital technologies affect governance, regulation and fundamental rights in Europe, and this workshop is part of a series of workshops applying scenario-testing methodologies to technology and geopolitics. REMIT research is conducted under the umbrella of the European Union’s Horizon Europe research and innovation program, grant agreement No 101094228. UKRI’s support to the project does not necessarily represent an endorsement of its findings.

Similar posts

Virtual Routes

Bob Herczeg Promoted to Program Manager, Ironmonger House

Virtual Routes is pleased to announce the promotion of Bob Herczeg to Program Manager, Ironmonger House.
Virtual Routes

Elizabeth Kolade joins Virtual Routes as Summer Research Associate

Elizabeth Kolade is an interdisciplinary cybersecurity professional with experience spanning the private sector, government, and civil society.
Geocyclone: Cyber & Autocracy
Virtual Routes

Virtual Routes presents at GeoCyclone in London

On 19 March, Co-Director James Shires held a fireside chat on “Cyber & Autocracy” as part of GeoCyclone series, a monthly London-based community gathering bringing government, industry, and academic representatives, to discuss crucial cybersecurity and digital policy issues.

Thank you for signing up to our newsletter!

Thank you! RSVP received for What Experts Predict for the Future of the Commercial Cyber Market

What Experts Predict for the Future of the Commercial Cyber Market

Loading...

Loading…