Want smarter insights in your inbox? Sign up for our weekly s to get only what matters to enterprise AI, data, and security leaders.Subscribe Now
“With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities,” statesForrester’s 2026 Budget Planning Guide, revealing a fundamental shift in how organizations allocate cybersecurity resources.
Software now commands40%of cybersecurity spending, exceeding hardware at15.8%, outsourcing at15%and surpassing personnel costs at29%by11 percentage pointswhile organizations defend against gen AI attacks executing in milliseconds versus a Mean Time to Identify (MTTI) of181 daysaccording toIBM’slatestCost of a Data Breach Report.
Three converging threats are flipping cybersecurity on its head: what once protected organizations is now working against them. Generative AI (gen AI) is enabling attackers to craft 10,000 personalized phishing emails per minute using scraped LinkedIn profiles and corporate communications.NIST’s 2030 quantum deadlinethreatens retroactive decryption of$425 billionin currently protected data. Deepfake fraud thatsurged 3,000% in 2024now bypasses biometric authentication in97%of attempts, forcing security leaders to reimagine defensive architectures fundamentally.
Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:
- Turning energy into a strategic advantage
- Architecting efficient inference for real throughput gains
- Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead:
Platform consolidation is eliminating an $18 million integration tax as 75-tool sprawl collapses
Enterprise security teams managing 75 or more tools lose$18 million annuallyto integration and overhead alone. The average detection time remains277 days, while attacks execute within milliseconds.
Gartner forecaststhat interactive application security testing (IAST) tools will lose 80% of market share by 2026. Security Service Edge (SSE) platforms that promised streamlined convergence nowadd to the complexitythey intended to solve. Meanwhile, standalone risk-rating products flood security operations centers with alerts that lack actionable context, leading analysts to spend67% of their time on false positives, according to IDC’s Security Operations Study.
The operational math doesn’t work. Analysts require90 secondsto evaluate each alert, but they receive11,000 alerts daily. Each additional security tool deployed reduces visibility by 12% and increases attacker dwell time by23 days, as reported inMandiant’s 2024 M-Trends Report. Complexity itself has become the enterprise’s greatest cybersecurity vulnerability.
Platform vendors have been selling consolidation for years, capitalizing on the chaos and complexity that app and tool sprawl create. As George Kurtz, CEO ofCrowdStrike, explained in a recentVentureBeat interviewabout competing with a platform in today’s mercurially changing market conditions: “The difference between a platform and platformization is execution. You need to deliver immediate value while building toward a unified vision that eliminates complexity.”
CrowdStrike’s Charlotte AIautomates alert triageand saves SOC teams over40 hours every weekby classifying millions of detections at98%accuracy; that equals the output of five seasoned analysts and is fueled by Falcon Complete’s expert-labeled incident corpus.
“We couldn’t have done this without our Falcon Complete team,” Elia Zaitsev, CTO at CrowdStrike, toldVentureBeatin a recent interview. “They do triage as part of their workflow, manually handling millions of detections. That high-quality, human-annotated dataset is what made over 98% accuracy possible. We recognized that adversaries are increasingly leveraging AI to accelerate attacks. With Charlotte AI, we’re giving defenders an equal footing, amplifying their efficiency and ensuring they can keep pace with attackers in real time.”
CrowdStrike,Microsoft’s Defender XDRwithMDVM/Intune,Palo Alto Networks,Netskope,TaniumandMondoonow bundleXDR,SIEMand auto-remediation, transformingSOCsfrom delayed forensics sessions to the ability to perform real-time threat neutralization.
Security budgets surge 10% as gen AI attacks outpace human defense
Forrester’s guidefinds55%of global security technology decision-makers expect significant budget increases in the next 12 months.15%anticipate jumps exceeding 10% while40%expect increases between 5% and 10%. This spending surge reflects an asymmetric battlefield where attackers deploy gen AI to simultaneously target thousands of employees with personalized campaigns crafted from real-time scraped data.
Attackers are making the most of the advantages they’re getting from adversarial AI, with speed, stealth and highly personalized, target attacks becoming the most lethal. “For years, attackers have been utilizing AI to their advantage,” Mike Riemer, Field CISO atIvanti, toldVentureBeat. “However, 2025 will mark a turning point as defenders begin to harness the full potential of AI for cybersecurity purposes.”
Regional spending disparities reveal threat landscape variations and how CISOs are responding to them. Asia Pacific organizations lead with22%expecting budget increases above 10% versus just9%in North America.Cloud security, on-premises technology and security awareness trainingtop investment priorities globally.
Software dominates budgets as runtime defenses become critical in 2026
VentureBeat continues to hear from security leaders about how crucial protecting the inference layer of AI model development is. Many consider it the new frontline of the future of cybersecurity. Inference layers are vulnerable to prompt injection, data exfiltration, or even direct model manipulation. These are all threats that demand millisecond-scale responses, not delayed forensic investigations.
Forrester’s latest CISO spending guide underscores a profound shift in cybersecurity spending priorities, with cloud security leading all spending increases at12%, closely followed by investments in on-premises security technology at11%, and security awareness initiatives at10%. These priorities reflect the urgency CISOs feel to strengthen defenses precisely at the critical moment of AI model inference.
“At Reputation, security is baked into our core architecture and enforced rigorously at runtime,” Carter Rees, Vice President of Artificial Intelligence atReputation, recently told VentureBeat. “The inference layer, the exact moment an AI model interacts with people, data, or tools, is where we apply our most stringent controls. Every interaction includes authenticated tenant and role contexts, verified in real-time by an AI security gateway.”
Reputation’s multi-tiered approach has become a de facto gold standard, blending proactive and reactive defenses. “Real-time controls immediately take over,” Rees explained. “Our prompt firewall blocks unauthorized or off-topic inputs instantly, restricting tool and data access strictly to user permissions. Behavioral detectors proactively flag anomalies the moment they occur.”
This rigorous runtime security approach extends equally into customer-facing systems. “For natural language interactions, our AI only pulls from explicitly customer-approved sources,” Rees noted. “Each generated response must transparently cite its sources. We verify citations match both tenant and context, routing for human review if they do not.”
Quantum computing is quickly evolving from a theoretical concern into an immediate enterprise threat. Security leaders now face “harvest now, decrypt later” (HNDL) attacks, where adversaries store encrypted data for future quantum-enabled decryption. Widely used encryption methods like 2048-bit RSA risk compromise once quantum processors reach operational scale with tens of thousands of reliable qubits.
TheNational Institute of Standards and Technology (NIST)finalized three critical Post-Quantum Cryptography (PQC) standards in August 2024, mandating encryption algorithm retirement by 2030 and full prohibition by 2035. Global agencies, includingAustralia’s Signals Directorate, require PQC implementation by 2030.
Forrester urges organizations to prioritize PQC adoption for protecting sensitive data at rest, in transit, and in use. Security leaders should leverage cryptographic inventory and discovery tools, partnering with cryptoagility providers such asEntrust,IBM,Keyfactor,Palo Alto Networks,QuSecure,SandboxAQ, andThales. Given quantum’s rapid progression, CISOs need to factor in how they’ll update encryption strategies to avoid obsolescence and vulnerability.
Explosion of identities is fueling an AI-driven credential crisis
Machine identities now outnumber human users by a staggering45:1 ratio, fueling a credential crisis beyond human management. Forrester’sguideunderscores scalingmachine identity managementas mission-critical to mitigating emerging threats. Gartner forecasts identity security spending to nearly double, reaching$47.1 billion by 2028.
Traditional endpoint approaches aren’t capable of slowing down a growing onslaught of adversarial AI attacks. Ivanti’s Daren Goeson recently told VentureBeat: “As these endpoints multiply, so does their vulnerability. Combining AI withUnified Endpoint Management(UEM) is increasingly essential.”Ivanti’sAI-drivenVulnerability Risk Rating (VRR)illustrates this benefit, enabling organizations to patch vulnerabilities 85% faster by identifying threats traditional scoring methods overlook, making AI-driven credential intelligence enterprise security at scale.
“Endpoint devices such as laptops, desktops, smartphones, and IoT devices are essential to modern business operations. However, as their numbers grow, so do the opportunities for attackers to exploit endpoints and their applications, ”Goeson explained. “Factors like an expanded attack surface, insufficient security resources, unpatched vulnerabilities, and outdated software contribute to this rising risk. By adopting a comprehensive approach that combines UEM solutions with AI-powered tools, businesses significantly reduce their cyber risk and the impact of attacks,” Goeson advised VentureBeat during a recent interview.
Forrester saves their immediate call to action in the guide for advising security leaders to begin divesting legacy security tools immediately, with a specific focus on interactive application security testing (IAST), standalone cybersecurity risk-rating (CRR) products, and fragmented Security Service Edge (SSE), SD-WAN, and Zero Trust Network Access (ZTNA) solutions.
Instead, Forrester advises, security leaders need to prioritize more integrated platforms that enhance visibility and streamline management. Unified Secure Access Service Edge (SASE) solutions fromPalo Alto NetworksandNetskopenow provide essential consolidation. At the same time, integrated Third-Party Risk Management (TPRM) and continuous monitoring platforms fromUpGuard,PanoraysandRiskReconreplace standalone CRR tools the consulting firm advises.
Additionally, automated remediation powered byMicrosoft’s MDVMwithIntune,Tanium’s endpoint management, and DevOps-focused solutions likeMondoohas emerged as a critical capability for real-time threat neutralization.
CISOs must consolidate security at AI’s inference edge or risk losing control
Consolidating tools at inference’s edge is the future of cybersecurity, especially as AI threats intensify. “For CISOs, the playbook is crystal clear,” Rees concluded. “Consolidate controls decisively at the inference edge. Introduce robust behavioral anomaly detection. Strengthen Retrieval-Augmented Generation (RAG) systems with provenance checks and defined abstain paths. Above all, invest heavily in runtime defenses and support the specialized teams who operate them. Execute this playbook, and you achieve secure AI deployments at true scale.”
Source: Venturebeat
