Hackers are already laying groundwork to disrupt the 2026 midterms, research says
Detroit voters at the polls inside Central United Methodist Church on November 5, 2024 in downtown Detroit, Michigan. Sarah Rice/Getty Images
The report from cybersecurity firm Check Point lands as the Trump administration pushes new voting rules and intelligence officials face questions about how they are handling foreign election threats.
Hackers are already preparing for the 2026 midterms, with a new report warning that campaigns, fundraising platforms, public websites and local governments could face a wave of phishing, credential theft, artificial intelligence-generated deception and foreign influence activity.
The findings, produced by cybersecurity firm Check Point, do not point to voting machines as the most likely near-term target, but instead warn that attackers are more likely to exploit infrastructure around elections — like campaign accounts and fundraising platforms — to steal credentials, impersonate trusted organizations, disrupt public information or fuel doubts about the nation’s electoral process.
The conclusions come as the Trump administration has pursued a more aggressive role in election administration, including through a March executive order aimed at tightening rules around mail-in voting and voter eligibility. The U.S. Postal Service has also proposed a rule that would require states to submit lists of voters receiving mail ballots.
The report also comes amid scrutiny of the intelligence community’s posture toward election threats under outgoing Director of National Intelligence Tulsi Gabbard. ODNI recently named two officials to coordinate the intelligence community’s election-threat mission for the 2026 cycle.
The firm does not address the administration directly. The assessment is notable, however, because it points to AI and digital threats as more immediate election security concerns, rather than the voting-procedure issues that have dominated talking points from the White House.
“Overall, the most significant 2026 risks center on the trusted accounts, platforms, services, and information channels that election-related organizations rely on to operate and maintain public trust, with election-adjacent systems presenting the more immediate source of operational exposure,” the report says.
Check Point also said it observed sustained election-related infrastructure creation in early 2026, including new websites containing terms such as “election” and “vote.”
In January, the firm identified roughly 1,300 newly registered domains containing the keyword “election” and nearly 3,000 containing “vote.” Between April 13 and May 14, it identified about 1,140 newly registered domains containing “election” and roughly 4,000 containing “vote.”
The company cautioned that those registrations do not prove malicious activity on their own, but they expand the pool of web infrastructure that could later be used for phishing, fake donation pages, impersonation or misinformation campaigns.
Check Point also found exposed credentials tied to some of the most widely used political and government platforms, including roughly 9,500 linked to ActBlue, the Democratic fundraising platform, and 6,500 linked to WinRed, its Republican counterpart.
The firm also observed smaller volumes tied to gop.com and democrats.org, the national party websites, as well as usa.gov, the federal government’s public services portal.
The company identified Russia, Iran and China as the principal state actors to monitor. AI is expected to make their influence operations easier to scale, and could be used to create more convincing phishing lures, cloned audio, manipulated images and deepfake videos.
Local governments may be especially exposed because they often operate with fewer resources, older technology and smaller security teams. Check Point cited recent ransomware incidents affecting Winona County, Minnesota, and Foster City, California, as examples of how municipal cyberattacks can disrupt public services and erode trust in government systems.
“Even when election operations are not directly affected, disruption at the local government level can still create confusion, delay public communications, and undermine confidence during politically sensitive periods,” the report says.
The findings also come as the Cybersecurity and Infrastructure Security Agency’s election security role faces new uncertainty. The Trump administration’s fiscal 2027 budget proposal would eliminate the agency’s election security program, including funds for information-sharing support to state and local officials and dedicated election security advisors.
Efforts under the Trump administration to scale back CISA and its election resources have strained relationships with state and local officials and have raised concerns that jurisdictions may be far less prepared to counter threats in November, officials in Michigan and Georgia said late last month. Sen. Mark Warner, D-Va., the vice chairman of the Senate Intelligence Committee, has also pressed DHS over reports that CISA is no longer providing the same election security training and resources it offered in prior years.