Posts from the ‘Enterprise software’ Category

Feb 16

Gartner forecasts agentic AI will overtake chatbot spending by 2027

Agentic AI spending grows 141% in 2026 to $201.9 billion. By 2027, it will overtake chatbot and assistant spending for the first time. Then chatbot spending starts declining. I’ve tracked Gartner’s AI forecasts through multiple iterations. This crossover changes where security risk concentrates for every security professional reading this.

The crossover is in the segment-level data tables of Gartner’s Forecast: AI Spending, Worldwide, 2024–2029, 4Q25. The headline number is well known: $2.53 trillion in 2026, $4.7 trillion by 2029 at 33% CAGR. The segment breakdowns are not. Eight markets. Nineteen sub-segments. The sub-segment data tells a different story than the top line.

This is Gartner’s first dedicated AI spending forecast, and I’ve been waiting for it. Gartner states that comparisons to previous AI estimates are not meaningful because the scope widened, adding AI cybersecurity, agentic AI as a separate segment from chatbots, AI data technology, and expanded infrastructure coverage. Gartner writes, “This is the first iteration of the forecast on AI spending that Gartner has published. Gartner has significantly expanded and modified its AI forecast coverage. Spending comparisons to previous iterations are therefore not meaningful as the scope has widened. This includes both coverage of new markets and broadened definitions of the types of AI spending that are reflected in some market segments.”

Forrester’s Predictions 2026: Cybersecurity and Risk arrives at the same warning from a different angle: an agentic AI deployment will cause a publicly disclosed breach in 2026, leading to employee dismissals. Two firms. Same conclusion. The spending data explains why.

CAPTION: Total worldwide AI spending, 2024–2029. $1.14T to $4.71T. 33% CAGR. Growth decelerates from 54% (2025) to 16% (2029) as the base expands. Source: Gartner Forecast: AI Spending, 4Q25 (December 2025).

The full market breakdown

AI infrastructure dominates at $1.37 trillion, 54% of the total. AI software follows at $452.5 billion, growing 60% year-over-year. AI services add $588.6 billion. AI cybersecurity and AI data are the outliers: growing at 74% and 155% CAGR, respectively, rates that dwarf everything else in the forecast.

Source: Gartner Forecast: AI Spending, Worldwide, 2024–2029, 4Q25 (December 19, 2025). All figures in U.S. dollars. CAGR = 2024–2029. Gartner press release: https://www.gartner.com/en/newsroom/press-releases/2026-1-15-gartner-says-worldwide-ai-spending-will-total-2-point-5-trillion-dollars-in-2026

Infrastructure takes 54% of every AI dollar

AI-optimized servers alone account for $421.6 billion in 2026, growing to $699.7 billion by 2029. AI processing semiconductors add $289.4 billion. AI-optimized IaaS hits $38.3 billion at 71% CAGR, the fastest-growing infrastructure sub-segment. AI network fabric, a new category in this forecast, reaches $28.7 billion.

Infrastructure’s share drops from 54% to 48% by 2029 as software and services scale faster. The capital-intensive build-out phase is not over.

The agentic crossover nobody is planning for

Gartner now splits AI software into chatbots/assistants and agentic AI. The spending lines cross in 2027.

CAPTION: Agentic AI spending overtakes chatbot/assistant spending by 2027. Chatbots peak at $264.7B then decline. Agentic AI grows at 119% CAGR to $752.7B by 2029. Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). AI Software segment, Table 1-2.

Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). CAGR = 2024–2029.

Chatbots talk to people. Agents act on behalf of people. They access databases, execute transactions, chain multi-step workflows without human approval at each step. The attack surface has moved well beyond conversation windows. Agents are autonomous decision engines with production access.

Gartner’s Top Trends in Cybersecurity for 2026 lists agentic AI oversight as the number-one trend. Forrester’s Predictions 2026: Cybersecurity and Risk goes further: an agentic AI deployment will cause a public breach this year, and employees will lose their jobs for it. Forrester senior analyst Paddy Harrington calls it a “cascade of failures,” not a single point of error. Two analyst firms. Different methodologies. Same conclusion. Security strategies built for chatbot-era risk have a shelf life measured in quarters, not years.

AI cybersecurity is two markets, not one

Gartner created a dedicated AI cybersecurity market for the first time in this forecast. It nearly doubles in 2026. But the category name hides a structural split that matters more than the growth rate.

Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). CAGR = 2024–2029.

Two sub-segments. Two very different problems.

AI-amplified security ($48.5 billion, 94.5% of the market) is what most enterprises mean when they say “AI cybersecurity.” This is AI working for your security team. Machine learning models that analyze network traffic patterns and flag anomalies faster than a human analyst can. Natural language processing that reads threat intelligence feeds and correlates indicators of compromise across millions of data points in seconds. Automated triage systems that prioritize which of the 11,000 daily alerts actually need a human response. AI-powered endpoint detection that identifies malware variants that signature-based tools miss. Behavioral analytics that learn what normal looks like for each user and flag deviations. Security orchestration platforms that automate incident response playbooks, reducing mean time to containment from hours to minutes.

This is the category where enterprises are spending aggressively. And for good reason. The math on analyst workloads demands it. Security operations centers are drowning in alerts, facing a persistent talent shortage, and defending attack surfaces that expand every quarter. AI-amplified tools address all three.

Securing AI ($2.8 billion, 5.5% of the market) is the other problem. AI-amplified security puts AI to work defending the enterprise. Securing AI reverses the relationship entirely — defending the AI itself. Protecting the models, the training data, the inference pipelines, the agent workflows, and the decision outputs that enterprises are deploying at $2.53 trillion in 2026. Prompt injection defenses. Model access controls. Training data poisoning detection. Output validation. Agent permission boundaries. Audit trails for autonomous decisions.

The distinction matters because they protect different things. AI-amplified security protects your enterprise using AI. Securing AI protects the AI itself. One is a tool. The other is the thing that needs protecting. Enterprises are investing 17 times more in the tool than in protecting the thing the tool runs on.

Shadow AI is not just employees using ChatGPT

Gartner names the mechanism driving AI software growth: vendor push. Software providers are integrating GenAI and agentic AI into existing product lines. AI software grows from $143 billion in 2024 to $981 billion by 2029 at 47% CAGR.

For CISOs, vendor push changes the equation. AI capabilities are being added to tools already in production. Often without explicit procurement decisions. The AI features embedded in your existing ERP, CRM, and developer platforms may already exceed what your security team has inventoried. Shadow AI is vendors activating AI inside products you already own.

The smallest market with the biggest growth rate

AI data technology: $134 million in 2024. $3.1 billion in 2026. $14.6 billion by 2029. The 155% CAGR is the highest in the forecast. The 277% year-over-year growth in 2026 is the steepest single-year jump of any segment.

Synthetic data generation is the standout sub-segment, going from $41 million to $6.8 billion by 2029. Gartner is direct: enterprises need AI-ready data with proper labeling, quality checks, and compliance. For organizations running AI projects on ungoverned data, the readiness gap compounds every quarter.

CAPTION: AI spending markets ranked by five-year CAGR. AI Data (155%) and AI Cybersecurity (74%) lead. AI Infrastructure is the largest by absolute dollars. Source: Gartner Forecast: AI Spending, 4Q25 (December 2025).

Indirect services are the governance blind spot

Indirect AI services, where AI is a supporting component in a larger project, grow from $78.4 billion in 2024 to $255.9 billion in 2026 at 50% CAGR. Direct AI services hit $332.8 billion. By 2028, indirect overtakes direct.

Indirect AI means capabilities embedded in consulting and implementation projects that procurement does not classify as AI. If you cannot see it in your AI inventory, you cannot govern it.

Servers are a bigger market than AI software

AI-optimized servers alone hit $421.6 billion in 2026, just below the entire AI software market at $452.5 billion. By 2029, servers reach $699.7 billion. Cloud providers are building capacity for AI workloads that have not materialized at scale. The infrastructure is ahead of the applications.

The enterprise agentic stack is showing up in spending data

Gartner’s DSML segment includes a dedicated agent builder platforms sub-segment at $5.0 billion in 2026, reaching $13.7 billion by 2029. AI observability and governance adds $1.3 billion, growing to $4.0 billion. The xOps sub-segment (MLOps, DataOps, ModelOps) is the largest at $15.0 billion.

Together, these form the tooling layer for building, monitoring, and governing agents in production. The enterprise agentic stack is materializing in the spending data. Most organizations have not formalized it in their architecture.

The numbers that belong in your next board deck

If you take one thing from this forecast into a budget meeting, take this table. I built it from the raw spreadsheet data. Six years of AI deployment spending next to AI security spending. The bottom row is the one that gets the questions.

Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). All percentages derived from Gartner’s published data tables (Tables 1-1 and 1-2).

The ratio improves over time. Securing AI goes from 0.07% in 2024 to 0.25% by 2029. But watch the absolute numbers. In 2029, enterprises will spend $4.71 trillion deploying AI and $11.6 billion securing it. The percentage gets better. The dollar gap gets wider. Every year, the market grows its way into a larger exposure.

Where I think this lands

Three things worth tracking from the segment data:

The agentic crossover. Agentic AI overtakes chatbot spending in 2027. The enterprise risk profile shifts from conversational data leakage to autonomous decision-making at scale. CISOs who build agentic governance frameworks in 2026 position themselves before the inflection. The spending curve says the window is narrowing.

The securing-AI gap. $2.8 billion to protect AI systems in a year when $2.53 trillion deploys them. Enterprises are enthusiastic about using AI for defense. The investment in defending AI itself has not caught up.

Data readiness is the bottleneck. The 277% growth in AI data spending confirms that AI without governed data delivers diminished returns. Data classification investments directly enable or constrain AI ROI.

If your security budget is growing at 12% and AI deployment inside your enterprise is growing at 44%, the gap compounds every quarter. You cannot close it by holding steady. The organizations getting this right treat AI security as a proportion of AI deployment, not a fixed line item.

—

Sources

Gartner, Forecast: AI Spending, Worldwide, 2024–2029, 4Q25, December 19, 2025, ID G00843179.

Gartner press release (January 15, 2026): https://www.gartner.com/en/newsroom/press-releases/2026-1-15-gartner-says-worldwide-ai-spending-will-total-2-point-5-trillion-dollars-in-2026

Gartner, Top Trends in Cybersecurity for 2026 (February 5, 2026): https://www.gartner.com/en/newsroom/press-releases/2026-02-05-gartner-identifies-the-top-cybersecurity-trends-for-2026

Gartner, IT Spending Forecast 1Q26 (February 3, 2026): https://www.gartner.com/en/newsroom/press-releases/2026-02-03-gartner-forecasts-worldwide-it-spending-to-grow-10-point-8-percent-in-2026-totaling-6-point-15-trillion-dollars

Forrester, Predictions 2026: Cybersecurity and Risk (October 2025): https://www.forrester.com/blogs/predictions-2026-cybersecurity-and-risk/

All dollar figures in U.S. dollars. Growth rates and CAGR derived from Gartner’s published data tables (Tables 1-1 and 1-2).

Feb 10

Top 6 cybersecurity trends from Gartner’s 2026 Security Forecast

Over 57% of employees are using personal GenAI accounts for work. A third of them admit to uploading sensitive data into tools their security teams haven’t approved. Meanwhile, agentic AI is proliferating through no-code platforms and vibe coding, creating attack surfaces most CISOs can’t see, let alone govern. And quantum computing? No longer a 10-year planning horizon. It’s a 2030 action deadline.

Gartner’s Top Trends in Cybersecurity for 2026 report, released February 5, 2026, identifies six forces reshaping how CISOs must operate. These cut across governance, AI adoption, identity, workforce, and cryptographic strategy simultaneously. None of them is incremental.

The trends report lands alongside Gartner’s updated Forecast: Information Security, Worldwide, 2023–2029, 4Q25 (G00843183, December 18, 2025) and the Forecast Analysis: Information Security, Worldwide, 2026 (G00838442, February 5, 2026), which together project global information security spending reaching $244.2 billion in 2026, up 13.3% in current U.S. dollars. I’ve tracked this forecast through multiple quarterly updates. The trajectory keeps steepening. The six trends below explain where that money is going and why.

“Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change,” said Alex Michaels, Director Analyst at Gartner. “This demands new approaches to cyber risk management, resilience, and resource allocation.”

The spending backdrop: $244 billion and accelerating

Before getting into the six trends, context matters. Gartner’s 4Q25 forecast shows the three major security segments all growing at double-digit constant currency rates in 2026:

Source: Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 Update (G00843183). Constant currency rates.

Cloud security remains the fastest-growing subsegment at 28.8% growth in 2026. Nothing else comes close. The combined cloud security market (cloud security posture management, cloud access security brokers, and cloud workload protection platforms) is projected to reach $32.4 billion by 2029, with a 25% CAGR in constant currency. I’ve been watching this subsegment accelerate for three quarters straight. CSPM alone is growing at a 31.30% CAGR.

Cloud security spending reaches $32.4 billion by 2029. CSPM leads at 31.30% CAGR. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

Trend 1: Agentic AI demands cybersecurity oversight

This is the trend that touches everything else on this list. Employees and developers are deploying AI agents through no-code/low-code platforms and “vibe coding” at a pace that outstrips security governance. Unmanaged AI agent proliferation. Unsecured code. Compliance violations that most security teams don’t even have visibility into yet. That’s the picture Gartner is painting.

Gartner’s recommendation is blunt: cybersecurity leaders must identify both sanctioned and unsanctioned AI agents operating within their environments, enforce access controls and data guardrails, and develop incident response playbooks specific to agent-driven threats.

“While AI agents and automation tools are becoming increasingly accessible and practical for organizations to adopt, strategic cybersecurity planning for these technologies is essential,” said Michaels. “Cybersecurity leaders must work cross-functionally to manage agentic AI adoption, identifying sanctioned and unsanctioned AI agents, enforcing data access controls, and developing incident response playbooks.”

The spending data backs this up. Gartner’s 4Q25 forecast projects the AI-amplified security market reaching $160 billion by 2029, up from $49 billion in 2025. Gartner is clear that this isn’t additive spending. It represents the portion of existing security products that now embed AI capabilities. But the expectation tells the story: over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from less than 25% in 2025. Vendors that don’t embed AI will lose shelf space. (For more on AI security platforms, see Gartner’s Top Strategic Technology Trends for 2026, which predicts that over 50% of enterprises will use AI security platforms to protect their AI investments by 2028.)

Trend 2: Global regulatory volatility drives cyber resilience efforts

Regulators are getting personal. Boards and executives now face direct liability for compliance failures. Not just organizational fines, but individual accountability. The penalties for inaction have moved from theoretical to career-ending. Across multiple jurisdictions simultaneously.

Gartner advises cybersecurity leaders to formalize collaboration across legal, business, and procurement teams to establish clear accountability for cyber risk. Align control frameworks to recognized standards. Address data sovereignty concerns before they become enforcement actions. The organizations doing this well are treating regulatory preparedness as a core security function, not an annual compliance checkbox.

This is where the spending data gets interesting. Gartner’s forecast shows security consulting services growing from $24.2 billion (2024) to $36.6 billion (2029), adding $12.4 billion in five years. Security professional services follow a similar trajectory: $27.3 billion to $40.8 billion, adding $13.5 billion. Organizations are buying outside expertise because they can’t build regulatory competence fast enough in-house. I’ve been covering these numbers for three quarters, and the services growth is the part of the forecast that keeps surprising me.

Infrastructure protection adds $26.4 billion between 2024 and 2029, the largest absolute growth of any subsegment. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

Trend 3: Post-quantum computing moves into action plans

Gartner predicts advances in quantum computing will render the asymmetric cryptography that organizations rely on unsafe by 2030. Four years. That’s the window to adopt post-quantum cryptography alternatives before “harvest now, decrypt later” attacks start cashing in on data that adversaries are collecting today.

Organizations need to identify their cryptographic deployments, assess data sensitivity and lifespan, and prioritize cryptographic agility. That last phrase keeps coming up in my conversations with CISOs. The ability to swap encryption methods without re-architecting entire systems. Swapping an algorithm is one thing. Doing it across a production environment without downtime is an entirely different problem.

“Post-quantum cryptography is reshaping cybersecurity strategies by prompting organizations to identify, manage, and replace traditional encryption methods, while prioritizing cryptographic agility,” said Michaels. “By investing in these capabilities and prioritizing migration now, assets will be secured when quantum threats become a reality.“

The encryption market in Gartner’s 4Q25 forecast grows from $1.04 billion in 2023 to $2.04 billion by 2029 at an 11.95% CAGR. A 2.0x increase. For what has historically been one of the slower-growing security subsegments, that’s a significant acceleration. Quantum urgency is changing the math.

Trend 4: Identity and access management adapts to AI agents

AI agents are breaking traditional IAM models. Plain and simple. Identity registration and governance, credential automation, and policy-driven authorization weren’t designed for autonomous machine actors that can initiate actions, access data, and interact with systems without human intervention. The scale problem compounds fast: when every employee can deploy dozens of AI agents, the identity surface area explodes.

Gartner recommends a targeted, risk-based approach. Invest where gaps and risks are greatest. Leverage automation where possible. The practical starting point is understanding which AI agents carry the most privilege and the least oversight. Those are your highest-risk identities right now, and most organizations haven’t inventoried them.

The identity market is already significant. Gartner’s 4Q25 forecast shows identity access management growing from $18.7 billion (2024) to $29.0 billion (2029), adding $10.3 billion in five years. That’s before the full scale of agentic AI identity requirements hits the market. IAM vendors that solve machine-actor identity at scale will capture a disproportionate share of that $10.3 billion growth.

Trend 5: AI-driven SOC solutions destabilize operational norms

AI-enabled security operations centers are enhancing alert triage and investigation workflows. The technology works. But deploying AI into a SOC doesn’t automatically reduce headcount needs. It changes the skill mix. Analysts who excelled at manual triage need different capabilities to oversee AI-driven workflows. Organizations are discovering this the hard way. That’s an organizational transformation challenge, and throwing more technology at it doesn’t help.

“To realize the full potential of AI in security operations, cybersecurity leaders must prioritize people as much as technology,” said Michaels. “Strengthening workforce capabilities, implementing human-in-the-loop frameworks into AI-supported processes and aligning adoption with clear strategic objectives will be critical to maintaining resilience as SOCs evolve.”

The talent dimension makes this harder than it already sounds. ISC2’s 2024 Cybersecurity Workforce Study, published in October 2024, documented a global workforce gap of 4.8 million professionals, a 19% year-over-year increase. The active workforce flatlined at 5.5 million (up just 0.1%). The numbers are brutal: 25% of organizations reported cybersecurity layoffs in 2024. 37% faced budget cuts. 90% report skills shortages. 58% believe the shortage puts their organization at significant risk. On the spending side, managed security services are growing at 11.1% in 2026, the fastest rate in the services segment. Organizations can’t hire fast enough, so they’re buying managed SOC capacity instead.

Trend 6: GenAI breaks traditional cybersecurity awareness tactics

Existing security awareness programs are failing. Full stop. A Gartner survey of 175 employees conducted between May and November 2025 found that 57% use personal GenAI accounts for work purposes, while 33% admit to uploading sensitive information to tools their organizations haven’t sanctioned. Those numbers should alarm every CISO reading this. A third of your workforce is actively feeding proprietary data into tools you can’t audit.

Gartner recommends shifting from general awareness training to adaptive behavioral programs that include AI-specific tasks. Generic compliance videos won’t cut it here. The organizations getting this right are making approved GenAI tools easy to access and unsanctioned tools hard to justify. Trying to ban GenAI outright just drives usage underground and costs you talent.

Strengthening governance, embedding secure practices, and establishing clear policies for authorized GenAI use will reduce exposure to privacy breaches and intellectual property loss. The governance gap on GenAI usage is, in my view, the most underestimated risk on this entire list. Every other trend has a spending line item attached to it. This one requires behavioral change, which is harder to buy.

Total market trajectory: $173.5 billion to $323.5 billion

Gartner’s year-by-year spending trajectory shows the acceleration curve these six trends are riding:

Source: Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 Update (G00843183, December 18, 2025). Current U.S. dollars.

CSPM and CASB lead all security categories with 31% and 26% CAGR through 2029. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

What this means for CISOs

Three of the six trends (agentic AI oversight, IAM for machine actors, and GenAI awareness) are fundamentally about the same problem: autonomous AI systems operating inside enterprise environments without adequate governance. The other three (regulatory volatility, post-quantum readiness, and AI-driven SOCs) are the structural forces those governance failures will collide with. That convergence is the signal about where 2026 budgets need to go.

The organizations that will navigate this environment successfully are doing three things simultaneously:

Mapping their AI agent footprint now. If you don’t know how many AI agents are operating across your environment, sanctioned and unsanctioned, you can’t govern what you can’t see. Gartner’s 75% AI-amplified product adoption projection by 2028 means this window for establishing control is narrow.

Building cryptographic agility into their architecture. The 2030 quantum deadline means migration planning starts in 2026, not 2028. The encryption market’s 2.0x growth reflects early movers. Late movers face rip-and-replace costs that compound every quarter they wait.

Investing in people alongside AI tooling. AI-enabled SOCs work when human operators have the skills to oversee them. The ISC2 data is unambiguous: a 4.8 million professional gap growing at 19% year-over-year. Managed security services growth at 11.1% tells you where CISOs are finding capacity.

Gartner’s numbers aren’t projections anymore. They’re procurement trends already hitting finance systems. The $244.2 billion flowing into information security this year will fund agentic AI governance, quantum migration, and SOC transformation, whether your organization participates or not.

Bottom line: CISOs planning for 2027 are watching their competitors buy the tools they’ll be scrambling for in 18 months. The data says move now.

Jan 22

Gartner 4Q25: $4.71T AI market proves agentic AI and data readiness are the only race that matters

Only 43% of organizations say their data is ready for AI. Meanwhile, AI Data spending is compounding at 155% annually. That’s six times faster than the infrastructure buildouts grabbing headlines. That disconnect defines the enterprise AI landscape in 2025.

Gartner’s 4Q25 AI Spending Forecast (December 17, 2025) projects $4.71 trillion by 2029. But I’ve been digging through the segment data, and the story isn’t the topline number. Four subsegments within Gartner’s AI Data market are growing between 136% and 178% CAGR. AI Infrastructure? Just 29.25%. The money is following the bottlenecks.

“Nearly everything today, from the way we work to how we make decisions, is directly or indirectly influenced by AI,” says Carlie Idoine, VP Analyst at Gartner. “But it doesn’t deliver value on its own. AI needs to be tightly aligned with data, analytics, and governance to enable intelligent, adaptive decisions and actions across the organization.”

McKinsey’s 2025 State of AI survey (1,993 participants, 105 countries) found 88% of organizations now use AI in at least one business function. But two-thirds remain stuck in pilot mode. Just 6% qualify as “AI high performers,” meaning organizations where more than 5% of EBIT comes from AI. The gap between adoption and value creation is where the real spending story unfolds.

Where the bottlenecks are breaking

Every high-growth segment in the forecast eliminates a constraint that stalls production of AI.

Synthetic data generation addresses the labeled data shortage. You can’t train models without it, and real world data comes with privacy constraints, bias problems, and collection costs that don’t scale. Data governance enforces quality standards because ungoverned data produces ungoverned outputs. Hallucinations, compliance violations, and bias incidents trace directly back to data quality failures. Data integration software connects fragmented sources. Most enterprise data sits across dozens of systems that don’t communicate.

“With AI investment remaining strong this year, a sharper emphasis is being placed on using AI for operational scalability and real-time intelligence,” says Haritha Khandabattu, Senior Director Analyst at Gartner. “This has led to a gradual pivot from generative AI as a central focus toward the foundational enablers that support sustainable AI delivery, such as AI-ready data and AI agents.” Infrastructure enables these capabilities. Data readiness and agentic AI determine whether they generate returns.

The $14.6 billion data readiness bet

Gartner tracks AI Data as a unified market with four subsegments. The aggregate grows from $134.35 million in 2024 to $14.59 billion by 2029. That’s 109x, making it the fastest-growing major category in the forecast.

Synthetic Data Generation: 178.29% CAGR, $40.71M to $6.80B. The fastest-growing subsegment adds $6.76 billion in new spending by 2029. A 167x increase from a small 2024 base. Gartner predicts 60% of data and analytics leaders will encounter failures in managing synthetic data by 2027, which explains why governance spending is accelerating in parallel.

AI Data Governance: 163.75% CAGR, $14.82M to $1.89B. Starting from just $14.82 million in 2024, this subsegment grows 128x by 2029. Legal and compliance teams won’t accept the alternative. When AI systems produce ungoverned outputs, the liability exposure is unacceptable.

AI Data Integration Software: 137.13% CAGR, $71.73M to $5.38B. The largest AI Data subsegment by 2029. Connects fragmented data sources, delivering context that transforms generic models into systems that understand specific business operations.

AI Ready Datasets: 136.16% CAGR, $7.09M to $520.45M. These are prepackaged, curated datasets structured for AI and ML workflows. Think labeled image libraries for computer vision, cleaned financial datasets for forecasting, and domain-specific corpora for fine-tuning LLMs. Organizations buy them to skip the months of data collection, cleaning, and annotation that delay projects. Smallest subsegment by revenue, but 73x growth signals enterprises are willing to pay for time to production shortcuts.

The 2027 crossover: When agents overtake chatbots

Agentic AI: 118.73% CAGR, $15.04B to $752.73B. This is the single most dramatic dollar growth in the forecast. Agentic AI expands from $15 billion to $753 billion by 2029. That’s 50x. Nothing else comes close.

Gartner predicts the crossover will happen in 2027. Chatbots peak at $264.75 billion that year, while Agentic AI surges to $371.40 billion. By 2029, Agentic AI is 3.3x larger ($752.73B vs. $228.50B).

McKinsey’s data reinforces the trajectory: 62% of organizations are experimenting with AI agents, 23% report scaling them in at least one function. But scaling remains limited. Most organizations deploying agents are only doing so in one or two functions, primarily IT service desk and knowledge management.

Organizations building chatbot-only strategies should note that the category dominating 2025 and 2026 is projected to decline after 2027.

The Security Tax on Agentic AI

AI Cybersecurity: 73.90% CAGR, $10.82B to $172.01B. AI agents introduce attack surfaces that traditional security architectures weren’t built for. Gartner’s Hype Cycle for Application Security, 2025 (July 2025) projects that through 2029, over 50% of successful attacks against AI agents will exploit access control issues via direct or indirect prompt injection. The 16x growth in AI Cybersecurity spending reflects enterprises grappling with that exposure.

Production AI deployment requires security architectures designed for agentic systems. That’s a capability most organizations don’t have yet.

Infrastructure: Dominant but decelerating

AI Infrastructure remains the largest absolute spending category: $624.76 billion in 2024, growing to $2.25 trillion by 2029. McKinsey (August 2025) projects hyperscalers alone will spend $300 billion in capex over 2025. Their April 2025 analysis projects $5.2 trillion in data center investment by 2030.

But at 29.25% CAGR, infrastructure grows slower than every other major AI market except Services (26.93%). Market share drops from 54.6% of total AI spending in 2024 to 47.8% by 2029. The buildout is real. Differentiation happens elsewhere.

The 6% problem

Only 6% of organizations qualify as AI high performers despite 88% adoption. McKinsey’s analysis shows high performers are 3x more likely to redesign workflows around AI rather than layering it onto existing processes. They’re also 3x more likely to have committed executive leadership driving AI as a strategic priority.

The 155% CAGR for AI Data reflects organizations investing to close that gap. The 2027 chatbot-to-agent crossover marks the inflection point when autonomous capabilities surpass conversational interfaces in market size.

Gareth Herschel, VP Analyst at Gartner, frames the pressure: “D&A is going from the domain of the few to ubiquity. At the same time, D&A leaders are under pressure not to do more with less, but to do a lot more with a lot more, and that can be even more challenging because the stakes are being raised.”

Where the value accrues

Organizations positioned to capture value from this transformation may not be the ones building the biggest data centers. The Gartner data suggests they’re investing in capabilities that make AI systems work at enterprise scale: data readiness, governance, integration, and security.

AI Data Market (aggregate): 155% CAGR, $134M to $14.6B (109x)

Synthetic Data Generation: 178% CAGR, $41M to $6.8B (167x)
AI Data Governance: 164% CAGR, $15M to $1.9B (128x)
AI Data Integration: 137% CAGR, $72M to $5.4B (75x)
AI Ready Datasets: 136% CAGR, $7M to $520M (73x)

Other High-Growth Segments:

Agentic AI: 119% CAGR, $15B to $753B (50x)
AI Cybersecurity: 74% CAGR, $11B to $172B (16x)
AI Infrastructure: 29% CAGR, $625B to $2.25T (4x)

Gartner’s 4Q25 data points to a directional shift: AI spending is moving from infrastructure-first to data and capabilities-first architectures. The organizations treating data readiness as an afterthought are the ones most likely to stay stuck in the 94% that never make it past pilot.

Jan 13

Gartner’s 4Q25 Information Security forecast shows 15 categories capturing half of all new security spending through 2029

Fifteen cybersecurity categories are growing up to three times faster than the overall market, capturing $48.7 billion in new spending by 2029.

That’s nearly half of the $98.4 billion the entire security market will add over the next four years. Cloud Security Posture Management leads the pack at 29.36% CAGR. Cloud Access Security Brokers follow at 24.81%.

Enterprises are fundamentally restructuring their security budgets, and the driver is brutal in its simplicity. Organizations now manage an average of 112 SaaS applications across multiple cloud providers. 82% of misconfigurations are caused by human error, according to Exabeam’s analysis. And Gartner estimates 99% of cloud security failures through 2025 will be the customer’s fault, primarily from these misconfigurations. Manual oversight breaks under this kind of scale. Enterprises are responding by investing in automation that manages what people can’t across hundreds of cloud accounts, thousands of APIs, and millions of attack vectors.

Gartner’s 4Q25 update delivers the clearest signal yet about where enterprise security budgets are heading. The overall information security market grows from $213.5 billion in 2025 to $311.9 billion by 2029 at 10.03% CAGR. These fifteen high-growth categories are expanding at 10.30% to 29.36% CAGR, capturing investment dollars at rates that dwarf legacy security spending patterns.

What makes these categories different

Every high-growth category eliminates manual bottlenecks that break under cloud-native workloads. CSPM scans configurations continuously. CASB provides visibility into unauthorized SaaS usage. ZTNA verifies every connection rather than trusting the network location. With 79% of organizations using multiple cloud providers, according to Spacelift’s research, manual processes create mathematical impossibilities.

These technologies prevent problems rather than clean up after them. CSPM catches misconfigurations before breaches. ZTNA eliminates the attack surface that VPNs create. Tokenization protects data even when systems get compromised. Security teams are finally getting ahead of threats instead of constantly playing catch-up.

And the ROI is quantifiable. IBM’s 2025 Cost of a Data Breach Report shows organizations using AI and automation extensively save $1.9 million per breach and reduce breach lifecycles by 80 days. U.S. breach costs average $10.22 million. These investments pay for themselves with a single prevented incident—a calculation CFOs understand.

The 15 categories reshaping enterprise security

1. Cloud Security Posture Management (CSPM) — 29.36% CAGR — $4.68B → $12.76B

CSPM platforms scan infrastructure continuously across AWS, Azure, and Google Cloud, automatically remediating misconfigurations before they become breaches. The 82% human error rate isn’t going to improve through training. Organizations managing 100+ cloud accounts need automation. CSPM adds $8.09 billion in new spending by 2029, the single largest dollar contribution among high-growth segments.

2. Cloud Access Security Brokers (CASB) — 24.81% CAGR — $2.30B → $5.58B

Here’s the brutal reality. Enterprises average 112 SaaS applications, but shadow IT accounts for 42% of all applications per JumpCloud’s data. IT stays blind to roughly 78 apps out of an average 187-app environment. The damage? 65% of shadow IT deployments result in data loss, and 52% lead to breaches, according to Mimecast research. CASBs restore visibility and control, growing to $5.58 billion by 2029.

3. Zero Trust Network Access (ZTNA) — 21.95% CAGR — $2.48B → $5.43B

ZTNA replaces the VPN model with application-specific access controls. Instead of network-level access, it provides application-specific connections verified for every request. Gartner predicts 70% of new remote access deployments will use ZTNA by 2025, up from less than 10% at the end of 2021. And 65% of companies plan to retire VPNs within one year per Cybersecurity Insiders data. This represents a wholesale rethinking of secure access. The perimeter-based model is dying. Good riddance.

4. Threat Intelligence — 21.73% CAGR — $2.58B → $5.69B

Modern threat intelligence platforms fuse telemetry from open-source intelligence, dark-web monitoring, vendor feeds, and internal logs. Machine learning prioritizes indicators based on organizational relevance. IBM data shows organizations integrating threat intelligence reduce detection and escalation costs while cutting incidents by 30%. The market reaches $5.69 billion by 2029 as enterprises shift from passive threat feeds to automated response integration.

5. Cloud Workload Protection Platforms (CWPP) — 21.53% CAGR — $5.98B → $13.11B

Traditional endpoint security can’t protect containers that spin up and vanish in seconds. Serverless functions executing for milliseconds? Legacy tools weren’t designed for that. CWPP solutions instrument workloads directly at the kernel or hypervisor level, monitoring system calls, file access, and network connections in real-time. The 21.53% CAGR reflects the rapid shift toward microservices and Kubernetes. As workloads migrate into container clusters, protecting them becomes a survival-level priority.

6. Consent and Preference Management — 20.22% CAGR — $0.81B → $1.64B

GDPR fines surpassed €5.88 billion by January 2025, according to DLA Piper’s annual survey. California’s CCPA penalties keep climbing. The California Privacy Protection Agency recently fined Todd Snyder $345,178 for inadequate opt-out and privacy request processes. Manual consent workflows can’t meet regulatory deadlines across jurisdictions. Automated platforms centralize preferences across web, mobile, and API endpoints while providing auditable logs for regulators.

7. Subject Rights Request (SRR) Automation — 14.26% CAGR — $1.24B → $2.01B

When users demand “delete my data,” these platforms automate orchestration across internal systems and third-party vendors. Privacy laws grant individuals rights to access, correct, and delete personal data with strict compliance timelines. SRR automation prevents the penalties that result from manual processing failures at scale, especially as more jurisdictions implement data privacy regulations.

8. Network Detection and Response (NDR) — 13.44% CAGR — $2.15B → $3.37B

NDR platforms establish behavioral baselines using statistical analysis and machine learning. When anomalies appear (unusual lateral movement, data exfiltration attempts, command-and-control traffic), they raise alerts or automatically isolate systems. The mindset shift matters here. Rather than hoping to prevent all attacks, sophisticated organizations invest in rapid detection that minimizes damage when attackers inevitably breach perimeters. Prevention alone isn’t sufficient anymore.

9. Vulnerability Assessment — 13.02% CAGR — $3.48B → $5.60B

Quarterly vulnerability scans are obsolete in CI/CD pipelines deploying multiple times daily. Modern assessment platforms provide continuous scanning integrated with exploit intelligence to prioritize patches based on real-world risk. DevOps teams need vulnerability detection that keeps pace with their deployment cadence. Anything less creates unacceptable exposure windows.

10. Tokenization — 12.68% CAGR — $1.34B → $2.11B

Tokenization replaces sensitive data with non-reversible tokens that can’t be mathematically decoded. The urgency comes from quantum computing advances. NIST finalized post-quantum encryption standards in August 2024, including ML-KEM (formerly CRYSTALS-Kyber) and ML-DSA (formerly CRYSTALS-Dilithium). Attackers already practice “harvest now, decrypt later”—collecting encrypted data today for quantum decryption within five to ten years. Organizations must begin quantum-safe transitions now.

11. Endpoint Protection Platform (EPP) — 12.51% CAGR — $17.68B → $28.36B

The largest single category adds $10.68 billion in new spending as ransomware attacks surge. U.S. ransomware attacks increased 149% year-over-year—from 152 incidents in early 2024 to 378 in the same period of 2025, according to Cyble analysis. Next-generation EPP platforms use behavioral analytics and signatureless detection to stop ransomware before encryption begins, catching what traditional antivirus misses.

12. Secure Web Gateway (SWG) — 11.63% CAGR — $4.44B → $6.74B

Malicious sites appear and disappear in hours. Cloud-delivered SWGs update threat intelligence in real-time, protecting remote and hybrid workforces wherever they connect. Integration with ZTNA creates comprehensive security that follows users across devices and locations without relying on network perimeters that no longer exist.

13. Web Application Firewalls (WAF) — 10.92% CAGR — $2.48B → $3.74B

Organizations expose hundreds of APIs and microservices—each a potential attack vector. Traditional network firewalls can’t inspect application-layer attacks like SQL injection, cross-site scripting, or API abuse. Modern WAFs use machine learning to differentiate legitimate user behavior from attack traffic without blocking customers. Getting that balance right is harder than it sounds.

14. Encryption — 10.64% CAGR — $1.35B → $1.98B

NIST’s standardization of quantum-resistant algorithms signals the urgency that organizations can no longer ignore. With quantum computing advances accelerating, encrypted data collected today faces decryption within a decade. Enterprises must transition to post-quantum cryptography now because full integration across complex environments takes years. This isn’t theoretical risk anymore.

15. Security Information and Event Management (SIEM) — 10.30% CAGR — $7.60B → $11.15B

AI transforms SIEM from reactive log collection to proactive threat hunting. The latest platforms embed unsupervised machine learning to detect zero-day attacks and automatically enrich alerts with context. Organizations using AI-powered automation save $1.9 million per breach and cut incident lifecycles by 80 days—turning security operations into a competitive advantage rather than a cost center.

Why this matters

Cloud complexity has proven exponential. With 79% of organizations using multiple cloud providers and managing hundreds of accounts, manual security processes break under the load. The 29.36% CAGR for CSPM isn’t market optimism. It’s organizational survival.

Shadow AI joins shadow IT as a core threatscape element. Shadow AI breaches cost $4.63 million—$670,000 more than standard incidents, according to IBM data. But AI also powers the best defenses, with automated security tools reducing breach lifecycles by 80 days. The same technology that creates vulnerabilities offers the most effective countermeasures.

Compliance costs keep accelerating. Between GDPR, CCPA, and emerging global regulations, manual compliance processes create escalating liability. Automated platforms turn regulatory requirements into competitive advantages by reducing fine exposure and accelerating data subject request responses.

Bottom Line

The organizations winning this transformation aren’t those with the largest security budgets. They’re the ones investing in the right categories at the right time. These fifteen segments define what modern security architecture looks like and capture nearly half of all new security spending through 2029.

Gartner’s 4Q25 data delivers a clear message. Security spending is shifting to automation-driven, zero-trust, cloud-native architectures. Organizations still relying on legacy approaches aren’t just falling behind. They’re accepting risks the market has already priced as unacceptable.

Source: Gartner Forecast: Information Security, Worldwide, 2023-2029, 4Q25 Update (Document G00843183, published December 18, 2025), showing overall market growth from $213.5B (2025) to $311.9B (2029) at 10.03% CAGR in constant currency.

Dec 30

1 Comment

AI Security market 2025 funding data, top startups, and the ServiceNow factor

ServiceNow dropped $11.6 billion on security acquisitions in 2025 alone. Armis for $7.75 billion. Moveworks for $2.85 billion. Veza for roughly $1 billion. In 2025, just one company, ServiceNow, spent more on acquiring security startups than 175 startups raised in two years. Meanwhile, the entire AI security startup ecosystem raised $8.5 billion across 175 companies over 24 months. That single data point should reshape how security leaders think about vendor consolidation and how AI builders think about their exit paths.

I analyzed Crunchbase data covering every AI security startup that raised Series A, B, or C funding between January 2024 and December 2025. The patterns are striking.

The acceleration is real

Q1 2024: $274 million across 8 deals. Q4 2025: $2.17 billion across 28 deals. That’s 8x growth in quarterly funding over two years.

The full-year numbers tell the story more clearly. 2024 saw $2.16 billion in total funding. 2025 hit $6.34 billion, nearly tripling. Average deal sizes jumped from $34 million to $54 million. This isn’t a gentle upward trend. The market is restructuring in real time.

Where the money flows

Network and Zero Trust infrastructure captured $1.9 billion across 44 companies. Tailscale‘s $161 million Series C reflects what enterprises already know. VPN architectures are dying. Identity-based access is replacing them.

Threat Detection and SOC automation drew $1.2 billion across 28 companies. 7AI‘s $130 million Series A stands out as one of the largest A funding rounds in this category. The bet: AI agents can handle the full security operations lifecycle at a scale human analysts cannot match.

Identity and Access Management pulled $990 million. But here’s what matters: that money went to just 6 companies. Saviynt‘s $700 million Series B dominates the category. When one company captures 71% of a category’s funding at Series B, investors see platform consolidation ahead. ServiceNow’s Veza acquisition, three weeks later, validated that thesis.

Insights into deal sizes

Median tells a different story from average deal sizes. Series A median: $20 million. Series A average: $28 million. The gap widens at later stages. Series C median: $85 million. Series C average: $119 million.

Translation: mega-deals skew the data significantly. Eighteen companies raised $100 million or more. Those 18 deals represent 10% of companies but 40% of total funding. For every Saviynt raising $700 million, dozens of startups are raising $15-25 million Series A rounds.

The AI/LLM security gap

Only 13 companies focus specifically on securing AI systems, LLMs, and agentic applications. Total funding: $414 million. That’s less than 5% of the $8.5 billion total. For context: ServiceNow paid more for Veza alone than the entire AI/LLM security category raised in two years.

The players building in this space:

• Noma Security ($100M, Series B). Unified AI and agent security platform.

• Credo AI ($21M, Series B). AI governance and compliance automation.

• Lakera ($20M, Series A). Real-time GenAI security against LLM vulnerabilities.

• Prompt Security ($18M, Series A). Enterprise generative AI adoption platform.

• GetReal Security ($17.5M, Series A). Deepfake and AI-generated impersonation defense.

• Jericho Security ($15M, Series A). Training against generative AI-powered attacks.

Enterprises are deploying AI systems at unprecedented rates. Shadow AI breaches cost $4.63 million per incident. That’s $670,000 more than standard breaches, according to IBM’s 2025 Cost of a Data Breach Report. Model Context Protocol vulnerabilities. Prompt injection attacks. Data exfiltration through AI assistants. The attack surface expands while protection lags.

Either these 13 companies scale rapidly, established players acquire their way into the space, or CISOs face a protection gap without commercial solutions.

How spending breaks out geographically

The U.S. captured $6.1 billion across 119 companies. That’s 71% of total funding. Israel remains the second hub: 15 companies, $738 million. Germany, the UK, and Canada trail with single-digit percentages.

Within the U.S., California dominates: $2.7 billion across 62 companies. That’s more than all non-U.S. markets combined ($2.4 billion). Texas ($865M), New York ($667M), and Colorado ($295M) round out the top states.

The concentration creates vendor risk. Regulatory fragmentation between the U.S. and EU markets. Geopolitical tensions affecting Israeli companies. Single-region dependency in security infrastructure. These are fundamental considerations for enterprise security architects.

ServiceNow’s acquisitions signal large-scale consolidation

ServiceNow’s 2025 acquisition spree warrants its own analysis. Armis brings cyber-physical security and OT/IoT visibility. Moveworks adds agentic AI capabilities. Veza delivers identity security for the AI era. The company calls it an “AI control tower.” A unified security stack that sees, decides, and acts across the entire technology footprint.

The driver: ServiceNow’s Security and Risk business crossed $1 billion in annual contract value in Q3 2025. They expect Armis alone to triple their market opportunity. When a platform vendor invests $11.6 billion in its own security workflows, point solutions become acquisition targets or competitors.

What this means for 2026

For security leaders: Map your vendor portfolio against both funding momentum and M&A activity. Startups with strong backing will survive consolidation. Others won’t. Audit your AI deployment pipeline against available protections. The gap between AI adoption and AI security is widening. Accelerate zero-trust adoption while solutions mature.

For AI builders: Security isn’t a feature to add later. The $414 million flowing into AI/LLM security represents smart money recognizing that unprotected AI systems are enterprise liabilities. Build with guardrails or build vulnerabilities.

Analysis based on Crunchbase data covering 175 AI security startups that raised Series A, B, or C funding between January 2024 and December 2025. ServiceNow acquisition data from the company’s press releases dated December 2025.

Dec 22

Data readiness and security are driving AI’s $4.7 trillion run

Gartner Projects $4.7 Trillion AI Market by 2029 as Security and Data Drive Growth

Gartner’s most comprehensive AI spending forecast reveals the fundamental growth catalysts. AI-ready data predicted to deliver a 155% CAGR. Cybersecurity at 74%. Agentic capabilities crossing 50% of software spend by 2028.

Infrastructure gets the headlines. Hyperscalers are spending over $300 billion on data centers in 2025. McKinsey projects $5.2 trillion in data center investment by 2030. NVIDIA Blackwell deployments are driving 76% growth in accelerated server spending.

Gartner’s newly released Forecast Analysis: AI Spending, 4Q25 (December 17, 2025) tells a different story about where the acceleration is happening. Global AI spending reaches $1.8 trillion in 2025 and $4.7 trillion by 2029 at 33% CAGR. The growth catalysts:

AI Data. 155.4% CAGR. Spending increases 7x as enterprises recognize AI-ready data is non-negotiable for scaling.
AI Cybersecurity. 73.9% CAGR. From $26 billion to $172 billion. Over 50% of successful AI agent attacks will exploit prompt injection through 2029.
AI Models. 67.7% CAGR. Reasoning models underpin 70%+ of agentic AI applications by 2029.
AI Software. 47.0% CAGR. Agentic capabilities cross 50% of application software spend by the end of 2028. Non-agentic spending declines starting in 2027.

Infrastructure dominates absolute spending ($965 billion in 2025, growing to $2.25 trillion by 2029). At 29.2% CAGR, it’s the slower-growth segment. The acceleration is in data, security, and agentic capabilities.

The infrastructure buildout in context

The hyperscalers are building at a pace that strains global power grids. Dell’Oro Group’s Q2 2025 analysis shows worldwide data center capex up 43% year-over-year, with accelerated server spending surging 76% on NVIDIA Blackwell deployments. Amazon, Google, Meta, and Microsoft are collectively spending over $300 billion on data center infrastructure in 2025. CreditSights estimates aggregate hyperscaler capex reaches $602 billion in 2026, with approximately 75% earmarked for AI.

Gartner’s forecast aligns with infrastructure volume. AI-optimized server spending jumps 49% in 2026, representing 17% of total AI spending. GPUs account for over 90% of AI-optimized server spending on training throughout the forecast period. Infrastructure is table stakes. The differentiation is elsewhere.

Gartner’s bubble chart mapping 2026 growth rate (X-axis) against 2024-2029 CAGR (Y-axis), with bubble size representing 2025 spending. AI Data sits alone in the upper right quadrant. AI Cybersecurity and AI Models cluster at 70%+ CAGR. AI Infrastructure anchors the center as the dominant bubble. Source: Gartner Forecast Analysis: AI Spending, 4Q25, December 2025.

Gartner’s AI spending forecast by market, 2024-2029

The maturity gap

McKinsey’s 2025 State of AI survey explains why growth rates matter more than absolute spending for most organizations. 88% of organizations now use AI in at least one business function, up from 78% a year ago. Only 6% qualify as “AI high performers”, capturing meaningful enterprise-wide financial impact. Only 1% describe themselves as “mature” in AI deployment. Gartner’s CFO survey found just 11% of finance leaders from organizations implementing AI reported seeing actual financial returns.

The bottleneck is rarely compute. Gartner identifies three categories of readiness: infrastructure, data, and human. For every 100 days of AI implementation, 25 or more days may be consumed solely by change management and workforce resistance. Sharing work tasks with an AI agent, trusting results, and managing handoffs. That’s a fundamental shift in how employees work.

What the growth rates signal

AI cybersecurity’s 73.9% CAGR reflects a threat model shift. Security teams are spending because AI agents introduce attack surfaces that traditional security architectures weren’t designed to address. Gartner projects that over 50% of successful attacks against AI agents will exploit access control issues via prompt injection through 2029. By 2028, over 75% of enterprises will use AI-amplified cybersecurity products for most use cases, up from less than 25% in 2025.

AI data’s 155.4% CAGR signals enterprises are finally investing in foundations. The smallest segment by absolute spending is the fastest-growing because organizations scaling beyond pilots are discovering that AI-ready data isn’t optional. Labeled, annotated, quality-checked. By 2029, 61% of data integration software spend will focus on delivering GenAI-ready data, up from 8% in 2025. Synthetic data becomes dominant. 77% of data used for LLM training will be synthetic by 2029, up from 4% in 2025.

Agentic AI is reshaping software economics. By the end of 2028, software with agentic capabilities crosses 50% of total application software spend, up from 2% in 2024. Starting in 2027, non-agentic software spending declines. Investment in reasoning models underpins 70%+ of agentic AI applications by 2029. Open-source agentic frameworks will power more than 75% of enterprise AI agent deployments by 2028, eroding proprietary platform pricing power.

The inference shift is underway. By 2029, 66% of AI-optimized IaaS spending supports inference, not training. The balance shifts as embedded fine-tuned models become the norm in production applications.

Forecast assumptions by segment

AI Services. By 2029, 50% of all AI projects moving into production will be GenAI-centric, up from 12% in 2025. POC abandonment rates improve from 60% in 2024 to 35% in 2029. Specialized AI services command 20-30% price premiums.

AI Software. From 2027, spending on software without agentic capabilities starts declining. By 2027, one-third of agentic AI implementations will use combinations of agents with different skills for complex tasks.

AI Models. Starting in 2027, the shift toward in-house domain-specific language models constrains new spending in the specialized model market. Open-source model adoption erodes proprietary pricing power through 2029.

AI Platforms. By 2029, over 60% of enterprises will adopt AI agent development platforms to automate complex workflows. By 2030, enterprise application portfolios will include 40% custom applications built using AI-native development platforms, up from 2% in 2025.

AI Infrastructure. Export restrictions keep Chinese ASPs at about 50% of North American levels throughout the forecast. By 2026, NVL72 will become the de facto standard for large clusters. By the end of 2027, all hyperscalers will have reaffirmed Ethernet as their primary networking choice for AI workloads.

Devices. By 2029, more than 99% of PC microprocessors will have integrated on-device AI functionality, up from 15% in 2024. By 2027, efficient small language models will enable advanced GenAI to run locally on smartphones without cloud reliance.

The capital flow

The 2026 Gartner CIO Survey found GenAI and traditional AI among the most common technology areas selected for funding increases. 84% and 81% respectively. Nearly two-thirds of U.S. VC deal value went to AI companies in the first three quarters of 2025.

By 2027, the majority of AI buyers will define business outcomes from project launch. The market matures from technology-first experimentation to outcome-driven deployment. That shift from supply-push to demand-pull separates organizations capturing value from those still running pilots.

The infrastructure buildout continues. The growth signal is clear. Data readiness, security architecture, and agentic capabilities are where the acceleration is happening.

Nov 26

15 fastest-growing security categories in Gartner’s 3Q25 Information Security Forecast

Cloud Security Posture Management is growing at a 31.23% CAGR. Zero Trust Network Access at 23.25%. Threat Intelligence at 22.17%. The overall security market? Just 10.55%. Fifteen categories are outpacing the market by two to three times, collectively capturing $106 billion in new spending by 2029. Enterprise security budgets aren’t just expanding. They’re being redirected.

And the driver? Brutally simple.

Gartner estimates 99% of cloud security failures through 2025 will be the customer’s fault, primarily due to misconfigurations. Organizations are responding by investing aggressively in technologies that automate what humans simply can’t manage manually across hundreds of cloud accounts, thousands of APIs, and millions of potential attack vectors.

What these growth rates say about Gartner’s view of the market

These fifteen categories represent $106.4 billion in new spending by 2029, growing from today’s baseline. What do they have in common? Three characteristics that explain why enterprises are pouring money into them:

Automation at Scale. Every high-growth category automates processes that break when done manually, whether it’s scanning cloud configurations, managing consent across jurisdictions, or detecting behavioral anomalies in network traffic. There’s no other way to keep pace.
Proactive vs. Reactive. These technologies prevent problems rather than clean up after them. CSPM catches misconfigurations before breaches. ZTNA eliminates the attack surface that VPNs create. Tokenization protects data even if systems are compromised. Security teams are finally getting ahead of the threat curve instead of playing catch-up.
Measurable ROI. IBM’s 2025 Cost of a Data Breach Report shows organizations using AI and automation extensively save $1.9 million per breach and reduce breach lifecycle by 80 days. With U.S. breach costs hitting $10.22 million, these investments pay for themselves with a single prevented incident.

The 15 categories reshaping security architecture

1. Cloud Security Posture Management (CSPM) | 31.23% CAGR | $2.5B → $13.0B

CSPM tools continuously scan infrastructure across AWS, Azure, and Google Cloud. With 82% of misconfigurations caused by human error and organizations managing 100+ cloud accounts, CSPM automates what’s mathematically impossible to do manually. The market will reach $15.6 billion by 2032.

2. Cloud Access Security Brokers (CASB) | 25.82% CAGR | $1.5B → $5.8B

Here’s a reality check. Enterprises average 112 SaaS applications, but shadow IT, or unauthorized apps, accounts for 42% of all applications. IT remains unaware of one-third of the apps on its networks. The damage? 65% of shadow IT companies suffer data loss, and 52% experience breaches. CASBs transform this chaos into visibility and control.

3. Zero Trust Network Access (ZTNA) | 23.25% CAGR | $1.6B → $5.6B

ZTNA kills the VPN model. Instead of network access, it provides application-specific connections verified for every request. Gartner predicts 70% of new remote access deployments will use ZTNA by 2025. With 65% of companies planning to replace VPNs, this shift represents a wholesale rethinking of secure access. The perimeter-based model is dying. Good riddance.

4. Cloud Workload Protection Platforms (CWPP) | 22.78% CAGR | $3.9B → $13.5B

CWPP platforms secure everything from traditional VMs to containers that exist for milliseconds. Legacy endpoint security can’t protect ephemeral containers or serverless functions—it wasn’t designed for workloads that appear and disappear in seconds. The shift to microservices demands purpose-built security.

5. Consent and Preference Management | 22.39% CAGR | $0.5B → $1.7B

GDPR fines reached €5.88 billion by January 2025, according to the DLA Piper GDPR Fines and Data Breach Survey. California’s CCPA penalties continue climbing; the California Privacy Protection Agency fined Todd Snyder $345,178 for inadequate opt-out and privacy request processes. Manual handling can’t meet regulatory deadlines. Automation prevents massive fines.

6. Threat Intelligence | 22.17% CAGR | $1.8B → $5.8B

IBM data shows threat intelligence reduces detection and escalation costs by $1.63 million while cutting incidents by 30%. Modern platforms aggregate data about bad actors and vulnerabilities, transforming raw threat data into automated responses across security stacks. The days of threat feeds sitting in dashboards, unused, are over.

7. Subject Rights Request Automation | 16.53% CAGR | $0.8B → $2.1B

When users demand “delete my data,” these platforms automate the process across all systems. Manual handling doesn’t scale, not when you’re managing requests across multiple jurisdictions with different requirements and tight deadlines.

8. Tokenization | 14.26% CAGR | $1.0B → $2.2B

Tokenization replaces sensitive data with meaningless tokens that can’t be mathematically reversed. Why the urgency now? NIST standardized quantum-resistant algorithms, including ML-KEM (formerly CRYSTALS-Kyber), in August 2024. Organizations are preparing for quantum threats expected within five to ten years.

9. Network Detection and Response (NDR) | 14.05% CAGR | $1.6B → $3.5B

NDR platforms use AI to establish behavioral baselines and detect anomalies signaling compromise. Here’s the mindset shift: rather than hoping to prevent all attacks, innovative organizations invest in rapid detection that minimizes damage when sophisticated attackers inevitably get through. Prevention isn’t enough anymore.

10. Vulnerability Assessment | 13.98% CAGR | $2.6B → $5.7B

Cloud infrastructure changes constantly. Quarterly scans are obsolete before they finish. Modern platforms provide continuous scanning in CI/CD pipelines, prioritizing based on real-world exploit data. DevOps teams deploying daily need vulnerability detection that keeps pace. Anything less is theater.

11. Endpoint Protection Platform (EPP) | 13.61% CAGR | $13.5B → $29.1B

The largest category doubles to $29.1 billion as ransomware attacks surge. According to Cyble analysis cited by TechTarget, U.S. ransomware attacks increased by 149% year-over-year in the first five weeks of 2025. Manufacturing led targets with 638 attacks in 2023, per Statista data compiled by Fortinet. Next-gen EPP uses behavioral analytics to stop ransomware before encryption begins—catching what traditional antivirus misses.

12. Secure Web Gateway (SWG) | 13.26% CAGR | $3.3B → $7.0B

Malicious sites appear and disappear in hours. Cloud-delivered SWGs update threat intelligence in real-time, protecting remote workers wherever they connect. Integration with ZTNA creates comprehensive security that follows users across devices and locations. The old perimeter? It no longer exists.

13. Web Application Firewalls (WAF) | 11.93% CAGR | $2.0B → $3.8B

Organizations expose hundreds of APIs, each a potential attack vector. Traditional network firewalls can’t inspect application-layer attacks. Modern WAFs use machine learning to distinguish legitimate users from attackers without blocking customers. Getting that balance right is harder than it sounds.

14. Encryption | 11.90% CAGR | $1.0B → $2.0B

NIST’s standardization of quantum-resistant algorithms signals urgency. Attackers already practice “harvest now, decrypt later”—collecting encrypted data for future quantum decryption. Organizations must transition to post-quantum cryptography now, as full integration takes years. This isn’t theoretical risk anymore.

15. Security Information and Event Management (SIEM) | 11.74% CAGR | $5.8B → $11.3B

AI transforms SIEM from reactive to proactive. Organizations using AI-powered automation save $1.9 million per breach, according to IBM’s newsroom. Machine learning models identify attack patterns and detect zero-day threats before signatures exist, turning security operations into a competitive advantage.

The Investment Thesis behind the numbers

These growth rates reflect three converging realities:

Cloud Complexity Is Exponential. With 79% of organizations using multiple cloud providers and managing hundreds of accounts, manual security is mathematically impossible. The 31.23% CAGR for CSPM isn’t optimism, it’s survival.
AI Changes Everything. Shadow AI breaches cost $4.63 million, $670,000 more than standard incidents. But AI also powers the defense, with automated security tools reducing breach lifecycles by 80 days. The same technology that creates vulnerabilities offers the best defense.
Compliance Costs Are Skyrocketing. Between GDPR, CCPA, and emerging regulations, manual compliance is a liability that grows daily. Automation platforms turn regulatory requirements into competitive advantages.

The Bottom Line

The organizations winning this race aren’t those with the most significant security budgets; they’re those investing in the right categories at the right time. These fifteen segments aren’t just growing fast; they’re defining what modern security architecture looks like.

The message from Gartner’s data is unambiguous: security spending is shifting from reactive to proactive, from manual to automated, from perimeter-based to zero-trust. Organizations still relying on legacy approaches aren’t just falling behind; they’re accepting risks that the market has already priced as unacceptable.

Source: Gartner Information Security Forecast 3Q25 Update (Document G00839334), showing overall market growth from $215.8B (2025) to $322.2B (2029) at 10.55% CAGR

Nov 3

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report

“With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities,” states Forrester’s 2026 Budget Planning Guide.

The research firm’s planning guide for next year provides security leaders with new insights into how their clients are allocating budgets, which gives a helpful overview of the next 12 months of cybersecurity spending.

Implicit in the guide is the need for new technologies that enable organizations to be more adaptive to threats and take action on them before they become breaches. There’s also a strong focus on getting a head start on new technologies, anticipating the severity of threats new developments in AI, generative AI (genAI), deepfakes, and all other forms of weaponized technologies can pose to an organization.

Software is a solid 40% of cybersecurity spending, exceeding hardware at 15.8%, outsourcing at 15% and surpassing personnel costs at 29% by 11 percentage points. Meanwhile, security leaders face escalating threats, with generative AI attacks executing in milliseconds, a stark contrast to the average Mean Time to Identify (MTTI) of 181 days, according to IBM’s latest Cost of a Data Breach Report.

A fast-changing threatscape is changing spending priorities

Three converging threats are flipping cybersecurity on its head. What once protected organizations is now working against them. Generative AI (gen AI) is enabling attackers to craft 10,000 personalized phishing emails per minute using scraped LinkedIn profiles and corporate communications. NIST’s 2030 quantum deadline threatens retroactive decryption of $425 billion in currently protected data. Deepfake fraud that surged 3,000% in 2024 now bypasses biometric authentication in 97% of attempts, forcing security leaders to reimagine defensive architectures fundamentally.

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

1. Software now claims 40% of cybersecurity budgets, surpassing personnel spend. Forrester’s budget planning guide reports that software now accounts for approximately 40.2% of cybersecurity spending, eclipsing combined hardware and outsourcing budgets. It’s noteworthy that software spending is surpassing personnel costs by 11 percentage points.

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report — Source: Forrester Budget Planning Guide 2026: Security and Risk

2. Security budgets are accelerating, with 55% of global security and tech leaders forecasting significant increases next year. A robust 15% anticipate their budgets jumping more than 10%, and another 40% project hikes between 5% and 10%. Regional outlooks vary sharply: APAC is most bullish, with 22% expecting double-digit growth, compared to a cautious 9% in North America and just 12% in EMEA. However, nearly half (45%) remain reserved; 30% predict minimal budget bumps of 1%–4% or barely keeping pace with inflation, while another 10% expectSource: Forrester Budget Planning Guide 2026: Security and Risk no change, and 5% foresee cuts.

3. Cloud security, on-prem tech, and security awareness training are set to lead cybersecurity spending in 2026. Decision-makers are doubling down on cloud security, with 12% boosting budgets in this area by 10% or more, 11% doing the same for new on-premises solutions, and another 10% ramping up security awareness programs. Notably, investments in on-premises security technology appear twice among the top priorities, as 36% plan at least a 5% increase for both new deployments and upgrades to existing infrastructure. The numbers reflect an uneven global adoption of cloud strategies, driven by persistent concerns around cost, security, and data sovereignty. APAC is exceptionally bullish. 78% of companies there plan increased spending on new on-prem security, outpacing EMEA by 10% and North America by 8%.

4. Forrester recommends that security leaders broaden AI and ML security throughout the enterprise in 2026 as generative AI moves from standalone apps to essential business systems. Productivity suites, CRM platforms, and service tools now embed genAI natively, transforming workflows and widening potential attack surfaces. Enterprises urgently need comprehensive protection across AI models, data, applications, and user identities to counter risks such as model vulnerabilities, data leakage, and prompt jailbreaking. Hyperscalers like Google Cloud and Microsoft are responding quickly, while cybersecurity incumbents, notably Palo Alto Networks with its Protect AI acquisition, actively expand their footprint. Meanwhile, innovative startups, including Knostic and CalypsoAI, both featured at RSA’s Innovation Sandbox, target niche but critical genAI security gaps. Enterprises investing strategically now will securely scale genAI deployments and establish a clear competitive advantage.

5. Standalone SSE spending will sharply decline in 2026 as enterprises shift to unified SASE platforms, streamlining security operations and accelerating Zero Trust initiatives. Initially positioned to fill security gaps left by SD-WAN deployments and the surge in remote work, standalone SSE and isolated ZTNA solutions have now reached their functional limits. Leading companies increasingly adopt integrated platforms like Cato Networks’ cloud-native SASE, which consolidates SD-WAN, ZTNA, SWG, CASB, and firewall capabilities within a single, unified framework. As I’ve noted in VentureBeat, CISOs who pivot to unified SASE platforms benefit from simpler integration, superior AI-driven threat detection, and significant operational efficiencies that isolated solutions cannot deliver. Organizations proactively embracing integrated SASE from providers like Cato Networks will immediately enhance security resilience, improve operational agility, and significantly reduce vendor complexity.

6. Forrester predicts that by 2026, security leaders will seize a critical advantage by accelerating the adoption of post-quantum cryptography (PQC). With NIST’s landmark release of three core PQC standards in August 2024, organizations now have clear guidance to protect their data and applications against emerging quantum threats. Most governments align with NIST timelines, targeting legacy encryption deprecation by 2030, while Australia’s ASD urges adoption of approved PQC algorithms even sooner. Enterprises should immediately focus efforts on securing their most sensitive asymmetric cryptography, covering data at rest, data in transit, and data actively used within applications. Comprehensive cryptographic discovery and inventory tools provide the visibility required to assess readiness. Strategic partnerships with cryptoagility innovators, including Entrust, IBM, Keyfactor, Palo Alto Networks, QuSecure, SandboxAQ, and Thales, enable organizations to define a clear, secure migration path. Organizations acting decisively now will confidently navigate the quantum transition and fortify their competitive edge.

7. Machine identity management will become essential by 2026 as automated identities multiply rapidly across the IT infrastructure. Apps, AI agents, IoT devices, containers, cloud environments, and infrastructure scripts now generate identities faster than humans can manually track or manage. Enterprises urgently require solutions capable of managing these identities throughout their lifecycle, automating key rotations, and enforcing role-based access. Leading vendors, including Akeyless, BeyondTrust, CyberArk, Delinea, HashiCorp, Keyfactor, AppViewX, and emerging startups like Aembit, Astrix, Clutch, Entro, and Oasis Security, offer robust platforms to meet this challenge.

8. There will be a significant reallocation away from standalone interactive application security testing (IAST) in 2026, as operational hurdles continue to limit adoption. Originally designed to blend the runtime accuracy of dynamic application security testing (DAST) with static application security testing’s (SAST) code-level insights, standalone IAST has proven overly complex. Forrester recommends shifting budgets toward integrated IAST and DAST platforms, such as those from Invicti and HCLSoftware, that simplify deployment. Alternatively, APIs, microservices, and containers provide more transparent and consistent returns.

9. Consolidation of endpoint security and SIEM tools will accelerate in 2026. As extended detection and response (XDR) platforms gain momentum, security leaders have a clear opportunity to reduce agent sprawl, improve analyst efficiency, and lower the total cost of ownership. Vendors, including Microsoft, CrowdStrike, and Palo Alto Networks, now embed critical SIEM functions such as detection, correlation, third-party data ingestion (particularly from cloud, identity, and email), and response directly within their XDR offerings. While these integrated solutions currently don’t fully match standalone security analytics platforms, they deliver compelling advantages: simplified deployments, centralized threat context, and measurable operational savings. Organizations consolidating around unified XDR solutions today will streamline security operations and achieve faster, higher-quality threat detection.

10. By 2026, rapidly evolving generative AI will make deepfakes virtually indistinguishable from authentic media, rendering simplistic identity checks obsolete. Enterprises must proactively deploy sophisticated detection platforms using advanced ensemble modeling—spectral analysis, image artifacts, skin tone consistency, lighting anomalies, audio echo patterns, and device reputation, to ensure trusted employee verification and transaction authentication. Vendors such as GetReal Security, Sensity, and Reality Defender already offer real-time risk scoring, transparent reasoning, and integrated case management. Early adopters will safeguard identity security, sustain customer trust, and remain resilient against future deepfake threats.

Oct 28

Top ten cybersecurity startups to watch in 2025 according to $3.21B in investor bets

While the industry still debates whether AI will transform cybersecurity, investors have already made up their minds.

Based on an analysis of the latest Crunchbase data compiled recently that spans January 2024 to October 2025, ten standout startups captured $1.41 billion in new funding, signaling that machine-speed defense against AI-driven threats is no longer optional; it’s an operational reality. Together, these ten startups have raised $3.21 billion, which represents one of the heaviest capital concentrations in cybersecurity startups to date.

Investors are gravitating to cybersecurity startups that solve complex problems

CrowdStrike’s Falcon 2025 event, held earlier this year in Las Vegas, showcased a series of new agentic AI developments that, taken together, reflect how cross-platform and cross-competitor collaboration aimed at shutting down increasingly complex weaponized AI threats leads to faster innovation. VentureBeat’s analysis of the many announcements there explains how the cybersecurity company is betting on agentic AI to defeat adversaries.

Interested in quantifying how AI is impacting investors’ decisions, I completed an analysis using Crunchbase data covering 342 verified cybersecurity startups with active funding. Selection was weighted toward recent momentum, total funding scale, stage maturity, AI integration, and proof through multiple rounds.

The key takeaway: Institutional capital is consolidating around companies that make autonomous security practical, and agentic AI is at the core of that direction. But AI is not enough; investors are looking for the ability to scale in enterprises once they have AI integrated into their core platforms.

AI in cybersecurity: Tablestakes, not a ticket to premium valuation

Sixty percent of startups integrate AI into their core technology. Yet contrary to hype, that hasn’t bought them higher valuations.

AI-integrated startups average $283M in funding.
Non-AI specialists average $378M.

Crunchbase data shows investors reward defensible specialization as much as AI capability. Quantinuum’s $925M for post-quantum cryptography and Zama’s $139M for homomorphic encryption prove that solving foundational security problems often supersedes AI as a differentiator.

Still, AI holds weight in investment decisions. Six AI-driven startups pulled $1.70B (52.8%), while four non-AI companies captured $1.51B (47.2%). Both models earn trust by underscoring AI for operational speed and deep tech for architectural resilience. And with seven of ten now at Series B maturity, investors are backing platforms that have already demonstrated enterprise traction, not experiments.

1. Quantinuum ($925M, Series B) Post-Quantum Defense. Closed a $600M Series B in August 2025. The company is building the only mathematical safeguard against the inevitable collapse of RSA and ECC encryption under quantum computing.

2. Saronic ($845M, Series B) Autonomous Maritime Security, Raised $175M in July 2024 for AI-powered unmanned surface vessels. With 90% of trade moving across exposed waterways, Saronic brings AI defense to the physical infrastructure that most enterprises overlook.

3. Auradine ($314M, Series B) AI Silicon for Security. Raised $80M to expand custom silicon that accelerates cryptographic workloads 10x faster than general-purpose hardware, eliminating bottlenecks in AI-driven security deployments.

4. Tines ($271M, Series B) No-Code Automation. Secured $50M Series B. Turns analysts into automation builders, saving 40+ hours weekly with drag-and-drop workflows that are proving critical for overextended SOC teams.

5. Dream Security ($198M, Series B) Critical Infrastructure Defense. Closed $100M in 2025. Their sovereign AI platform equips critical infrastructure with defenses calibrated to nation-state-level threats, providing a layer that traditional enterprise tools cannot reach.

6. Upwind Security ($180M, Series A) Runtime Cloud Visibility. Raised $100M in December 2024. Focused on runtime intelligence, detecting abnormal behavior live rather than flagging static misconfigurations. Reduces false positives, elevates real threats.

7. Zama ($139M, Series B) Homomorphic Encryption. Raised $57M in June 2025 after a $73M Series A in March 2024. Provides production-ready fully homomorphic encryption, enabling AI models to compute securely on encrypted data.

8. Noma Security ($132M, Series B) Securing AI Agents. Closed $100M in 2025. Built to harden AI systems against prompt injection and model poisoning as enterprises push decision-making into autonomous agents.

9. ZeroEyes ($107M, Series B) Firearm Detection AI. Raised $53M in 2025. Eleven rounds in, their AI models detect firearms on video feeds in seconds—cutting active shooter response time dramatically.

10. Upscale AI ($100M, Seed) AI Networking Infrastructure. Raised a $100M Seed round in 2025. Building AI-native networking with hardware-accelerated encryption, aimed at high-performance compute environments.

The Bottom Line

Series B dominance (70%) shows that capital is flowing into platforms with market traction, not speculative bets. Forty-six rounds across these ten companies demonstrate durability and enterprise validation. The signal to security leaders is becoming clear based on the escalating nature of weaponized AI attacks: manual security processes are now liabilities. Defending at human speed against AI-enabled attackers is untenable. Investors understand this. $1.41B in recent capital confirms it.

Jan 2

1 Comment

Top 10 fastest-growing segments from Gartner’s latest information security forecast Q4 2024

Gartner’s latest information security forecast reflects the optimism of most CISOs about their budgets increasing in 2025. Ninety percent of security and risk management leaders, including CISOs, told Forrester they expect a budget increase this year.

According to Gartner’s latest Q4 2024 forecast, end-user spending will surge from $183.7 billion in 2024 to $293.9 billion in 2028, reaching a 12.47% compound annual growth rate.

Information security spending will grow rapidly, driven by increasing investments in areas such as cloud security (25.9% CAGR) and managed security services (15.0% CAGR) as more enterprises face the many challenges of securing hybrid cloud environments.

Key segments, including infrastructure protection and professional services, underscore the urgency nearly all organizations have in securing their critical systems against increasingly lethal AI and generative AI (gen AI) attacks.

Below is a visual representation of the top 10 fastest-growing segments shaping the cybersecurity landscape.

Please click on the graphic below to expand it for easier reading.

The 10 fastest-growing information security market segments going into 2025

Infrastructure Protection

With spending projected to grow from $31.3 billion in 2024 to $51.2 billion in 2028 (CAGR: 13.1%), infrastructure protection leads the information security market. Securing infrastructure that will increasingly be used to manage model data, LLMs, and AI apps is one of the core drivers in this segment going into 2025. The latest Gartner forecast reflects the growing demand for infrastructure true protection as more organizations go all in on AI.

Security Professional Services

Spending on professional security services is expected to grow from $27.3 billion in 2024 to $42.3 billion in 2028, attaining a CAGR of 11.6%. These services are critical for implementing zero-trust policies and conducting proactive security assessments.

Managed Security Services

Managed security services spending will rise from $24.1 billion in 2024 to $42.1 billion in 2028, reflecting a CAGR of 15.0%. Outsourcing security to external providers has become essential as companies face a more lethal, AI-dominated threatscape while grappling with talent shortages.

Network Security Equipment

Spending on network security equipment will increase from $21.7 billion in 2024 to $32.8 billion in 2028, attaining a CAGR of 10.9%. This reflects the growing need to secure hybrid and multi-cloud networks as organizations expand their digital perimeters.

Security Consulting Services

Spending on security consulting services will grow from $23.0 billion in 2024 to $32.6 billion in 2028, delivering a CAGR of 9.1%. More organizations are looking outside for in-depth expert advice as they attempt to implement advanced security frameworks. Getting compliance right and ensuring consistency when reporting material events to the Security and Exchange Commission (SEC) are also drivers of this segment’s forecast.

Identity Access Management (IAM)

IAM spending will rise from $17.7 billion in 2024 to $25.4 billion in 2028, achieving a CAGR of 9.4% according to Gartner forecast. A key subsegment, Privileged Access Management (PAM), is projected to reach $2.9 billion by 2025 as growing regulatory compliance requirements on a global scale are expected to drive adoption.

Cloud Security

Cloud security spending will grow from $9.0 billion in 2024 to $22.6 billion in 2028, achieving a CAGR of 25.9%. As cloud environments become more complex, investments in Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) will continue to accelerate growth.

Other Security Software

Spending on niche and innovative security software solutions will grow from $9.0 billion in 2024 to $14.7 billion in 2028, attaining a CAGR of 13.0%. This category includes specialized tools and apps used for combating advanced social engineering and adversarial AI-based attacks.

Data Security and Privacy

Spending on data security and privacy will increase from $6.1 billion in 2024 to $10.3 billion in 2028, reflecting a CAGR of 14.0%. Stringent data protection regulations and growing cyber threats are driving investments in this segment.

Application Security

Application security spending is forecasted to rise from $6.3 billion in 2024 to $10.1 billion in 2028, driving a CAGR of 12.7%. This segment addresses vulnerabilities in software applications, which remain a primary target for attackers.

Conclusion

Organizations are prioritizing agility and the ability to anticipate new threats while doubling down on cloud security. Predicted to grow at a 25.9% CAGR, cloud security is the fastest-growing segment in the forecast.

Spending on new tools to detect emerging threats is projected to jump from $9 billion in 2024 to $14.7 billion in 2028, further indicating that organizations are willing to invest in new technologies to stop emerging threats.

Ultimately, cybersecurity has become a more crucial business decision than ever before. While other organization budgets are being slashed going into 2025, cybersecurity continues to see gains and is increasingly seen as an investment in business resiliency.

Researching the intersection of AI, machine learning and cybersecurity in the enterprise

Posts from the ‘Enterprise software’ Category

The full market breakdown

Infrastructure takes 54% of every AI dollar

The agentic crossover nobody is planning for

AI cybersecurity is two markets, not one

Shadow AI is not just employees using ChatGPT

The smallest market with the biggest growth rate

Indirect services are the governance blind spot

Servers are a bigger market than AI software

The enterprise agentic stack is showing up in spending data

The numbers that belong in your next board deck

Where I think this lands

Share this:

Like this:

The spending backdrop: $244 billion and accelerating

Trend 1: Agentic AI demands cybersecurity oversight

Trend 2: Global regulatory volatility drives cyber resilience efforts

Trend 3: Post-quantum computing moves into action plans

Trend 4: Identity and access management adapts to AI agents

Trend 5: AI-driven SOC solutions destabilize operational norms

Trend 6: GenAI breaks traditional cybersecurity awareness tactics

Total market trajectory: $173.5 billion to $323.5 billion

What this means for CISOs

Share this:

Like this:

Where the bottlenecks are breaking

The $14.6 billion data readiness bet

The 2027 crossover: When agents overtake chatbots

The Security Tax on Agentic AI

Infrastructure: Dominant but decelerating

The 6% problem

Where the value accrues

AI Data Market (aggregate): 155% CAGR, $134M to $14.6B (109x)

Other High-Growth Segments:

Share this:

Like this:

What makes these categories different

The 15 categories reshaping enterprise security

1. Cloud Security Posture Management (CSPM) — 29.36% CAGR — $4.68B → $12.76B

2. Cloud Access Security Brokers (CASB) — 24.81% CAGR — $2.30B → $5.58B

3. Zero Trust Network Access (ZTNA) — 21.95% CAGR — $2.48B → $5.43B

4. Threat Intelligence — 21.73% CAGR — $2.58B → $5.69B

5. Cloud Workload Protection Platforms (CWPP) — 21.53% CAGR — $5.98B → $13.11B

6. Consent and Preference Management — 20.22% CAGR — $0.81B → $1.64B

7. Subject Rights Request (SRR) Automation — 14.26% CAGR — $1.24B → $2.01B

8. Network Detection and Response (NDR) — 13.44% CAGR — $2.15B → $3.37B

9. Vulnerability Assessment — 13.02% CAGR — $3.48B → $5.60B

10. Tokenization — 12.68% CAGR — $1.34B → $2.11B

11. Endpoint Protection Platform (EPP) — 12.51% CAGR — $17.68B → $28.36B

12. Secure Web Gateway (SWG) — 11.63% CAGR — $4.44B → $6.74B

13. Web Application Firewalls (WAF) — 10.92% CAGR — $2.48B → $3.74B

14. Encryption — 10.64% CAGR — $1.35B → $1.98B

15. Security Information and Event Management (SIEM) — 10.30% CAGR — $7.60B → $11.15B

Why this matters

Bottom Line

Share this:

Like this:

The acceleration is real

Where the money flows

Insights into deal sizes

The AI/LLM security gap

How spending breaks out geographically

ServiceNow’s acquisitions signal large-scale consolidation

What this means for 2026

Share this:

Like this:

The infrastructure buildout in context

Gartner’s AI spending forecast by market, 2024-2029

The maturity gap

What the growth rates signal

Forecast assumptions by segment

The capital flow

Share this:

Like this:

What these growth rates say about Gartner’s view of the market

The 15 categories reshaping security architecture

The Investment Thesis behind the numbers

The Bottom Line

Share this: