Skip to content

Posts tagged ‘post-quantum cryptography’

Mar 24

Gartner’s $244.2B security forecast shows enterprises spend 17x more on AI tools than securing AI itself

Inside the $244.2 billion security market: agentic AI adoption outpaces defenses 8 to 1, cloud security grows at 28.8%, and enterprises spend 17x more on AI tools than on securing the AI itself

Gartner forecasts worldwide AI spending will reach $2.52 trillion in 2026, a 44% increase year-over-year. Worldwide IT spending will hit $6.15 trillion. Within that massive build-out, information security spending accelerates to $244.2 billion, up 13.3%.

The headline looks healthy. Look closer, and it isn’t. I’ve been tracking Gartner’s information security forecast through multiple quarterly updates, and the trajectory keeps steepening. But the spending acceleration is masking a deeper problem: enterprises are deploying AI agents into production far faster than they are securing them.

  1. The 40% / 6% gap

Gartner predicts 40% of enterprise applications will include task-specific AI agents by the end of 2026. Up from less than 5% in January. These are not chatbots. Gartner’s examples include autonomous cybersecurity response agents that scan network traffic, analyze system logs, and initiate responses without human intervention.

Only roughly 6% of organizations report having an advanced AI security strategy in place, according to vendor-sourced research from BigID’s 2025 AI Risk and Readiness study. Even adjusting for methodology differences between vendor and analyst research, the gap is stark. Agents are entering production at roughly 7-8x the rate organizations are building governance around them.

Gartner’s 4Q25 AI spending forecast created a dedicated agentic AI market segment for the first time. The spending lines are dramatic. Agentic AI overtakes chatbot and assistant spending by 2027. By 2029, agentic AI will reach $752.7 billion at a 119% compound annual growth rate. Chatbot spending peaks at $264.7 billion, then declines. That crossover point is where the security model breaks, because chatbots operate within human-supervised sessions. Agents don’t.

Gartner named agentic AI oversight the number-one cybersecurity trend for 2026 in its February report (my breakdown of all six trends here). A separate Gartner poll of 147 CIOs found 24% had already deployed AI agents and 50% were actively experimenting. Guardian agents, AI systems designed to monitor and govern other AI agents, are projected to capture 10-15% of the agentic AI market by 2030.

Forrester’s 2026 cybersecurity predictions go further: an agentic AI deployment will cause a publicly disclosed data breach this year, leading to employee dismissals. Senior analyst Paddy Harrington frames it as a cascade of failures, not a single point of error. That prediction landed in October 2025. Nothing since has made it less likely.

  1. $244.2 billion, and where it goes

Gartner’s 4Q25 information security forecast projects global spending reaching $244.2 billion in 2026, up 13.3% year-over-year. That is acceleration, not continuation. Gartner’s forecast trajectory has been steepening for multiple quarters. It follows a year where many CISOs focused on consolidating tools rather than buying new ones.

The allocation matters more than the total (please click on the graphic to expand for easier reading):

Cloud security at 28.8% growth is the fastest subsegment by a wide margin. CSPM alone carries a 31.3% CAGR. These represent organizations reacting to attack surfaces that expanded when workloads moved to the cloud faster than security controls followed.

Managed security services at 11.1% tells a workforce story the spending headline misses. The ISC2 documented a global cybersecurity workforce gap of 4.8 million professionals in October 2024. That gap grew 19% year-over-year while the active workforce flatlined at 5.5 million. A quarter of organizations reported cybersecurity layoffs. So they’re buying SOC capacity from managed providers instead. The spending growth in managed services is a staffing problem wearing a procurement mask.

The 17:1 spending asymmetry

Gartner’s 4Q25 AI spending forecast splits the AI cybersecurity market into two sub-segments for the first time. AI-amplified security, using AI to defend the enterprise, reached $49 billion in 2025. Securing AI itself, protecting the models, training data, inference pipelines, agent workflows, and decision outputs, stood at $2.8 billion. That is 5.5% of the AI cybersecurity market.

Enterprises are investing 17 times more in AI-powered security tools than in securing the AI on which those tools run. Gartner projects over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from less than 25% in 2025. The tools are getting funded. What the tools actually depend on to function is not.

  1. Quantum crosses the 5% budget threshold

Forrester predicts quantum security spending will exceed 5% of overall IT security budgets in 2026. Five percent sounds modest until you consider what it represents: the shift from research line items to actual procurement.

That means consulting engagements for quantum migration planning. Cryptographic discovery tools to figure out which systems need replacing first. Post-quantum algorithm testing across live production environments. Gartner calls post-quantum cryptography a force that demands organizations identify, manage, and replace traditional encryption methods now. Not eventually. The encryption market is growing at 2.0x according to the 4Q25 forecast, and the planning horizon is 2030. Starting migration in 2028 means compounding rip-and-replace costs every quarter of delay.

Forrester also predicts the EU will establish its own known exploited vulnerability database in 2026. Regulatory fragmentation adds cost. For enterprises operating across jurisdictions, quantum migration planning cannot be separated from compliance architecture.

  1. 57% of employees are already using shadow AI

A smaller Gartner survey of 175 employees conducted between May and November 2025 found that 57% use personal GenAI accounts for work. A third admitted to uploading sensitive information to tools their organizations have not sanctioned.

I keep coming back to this stat because it reframes the entire agentic AI security conversation. The firewalls most enterprises rely on were built for human-to-application communication. Protocols like MCP now enable agent-to-agent interaction at a scale and speed those tools were never designed to see. Machine identities outnumber human employees by more than 80 to 1 in most enterprises, according to CyberArk. Traditional IAM was not built for nonhuman actors operating autonomously.

Gartner’s cybersecurity trends report identifies IAM adaptation for AI agents as a top-six trend for 2026, specifically calling out identity registration, credential automation, and policy-driven authorization for machine actors. Failure to address these issues will lead to greater access-related cybersecurity incidents as autonomous agents become more prevalent.

The investment context: AI in the trough, security in the gap

Gartner places AI in the Trough of Disillusionment throughout 2026. AI will most often be sold by incumbent software providers rather than bought as part of new moonshot projects. ROI predictability has to improve before enterprises scale their deployments.

Forrester’s 2026 predictions reinforce this: enterprises will defer 25% of planned AI spending into 2027 as financial rigor slows production deployments and kills proofs of concept. Fewer than one-third of decision-makers can tie AI value to their organization’s financial growth.

Yet Gartner’s IT spending forecast shows server spending accelerating at 36.9% year-over-year and data center spending surging 31.7% past $650 billion. GenAI model spending grows at 80.8%. The infrastructure build-out is not slowing even as enterprise application adoption pauses.

Infrastructure spending runs hot. Application-layer AI spending cools. Security spending accelerates into the gap between adoption speed and governance readiness. The $244.2 billion flowing into information security is the cost of operating in an environment where AI agents are proliferating faster than the controls designed to govern them.

What these numbers add up to

For two decades, enterprise security assumed a human on the other end of every session, every credential request, every decision. That assumption is collapsing. The autonomous agent accessing your production database at 3 AM doesn’t authenticate the way your SOC analyst does, doesn’t respect the same governance boundaries, and operates at speeds no human reviewer can match.

What makes this moment different from previous security inflection points is the speed asymmetry. When cloud migration created new attack surfaces, enterprises had years to adapt. The shift from on-prem to cloud took a decade. The shift from human-operated to agent-operated environments is measured in quarters. Gartner didn’t even have a dedicated agentic AI spending segment until this forecast cycle. By the next one, the crossover will have already happened.

The practical question for 2026 is not whether to invest in AI security. That decision has been made by the spending trajectory. It is whether to govern AI agents proactively, before the first publicly disclosed agentic breach forces a reactive scramble, or to wait and pay the premium that every late mover in cybersecurity history has paid. Forrester has already predicted which outcome is more likely this year. The 17:1 ratio suggests most enterprises are betting on the wrong side of that question.

Sources

Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 (December 18, 2025)

Gartner Forecast Analysis: Information Security, Worldwide, 2026 (February 5, 2026)

Gartner Forecast: AI Spending, Worldwide, 2024–2029, 4Q25 (December 2025)

Gartner, Top Trends in Cybersecurity for 2026 (February 5, 2026)

Gartner, Worldwide AI Spending Will Total $2.52 Trillion in 2026 (January 15, 2026)

Gartner, Worldwide IT Spending to Grow 10.8% in 2026 (March 2026)

Gartner, 40% of Enterprise Apps Will Feature AI Agents by 2026 (August 26, 2025)

Gartner, Guardian Agents Will Capture 10-15% of Agentic AI Market by 2030 (June 11, 2025)

Forrester Predictions 2026: Cybersecurity and Risk (October 28, 2025)

Forrester, Global Tech Spend Will Grow 7.8% in 2026 (February 2, 2026)

Forrester, 2026 Technology & Security Predictions (October 28, 2025)

ISC2, 2024 Cybersecurity Workforce Study (October 2024)

CyberArk, Machine Identities Report (April 2025)

BigID, AI Risk & Readiness in the Enterprise (2025)

Feb 10

Top 6 cybersecurity trends from Gartner’s 2026 Security Forecast

Over 57% of employees are using personal GenAI accounts for work. A third of them admit to uploading sensitive data into tools their security teams haven’t approved. Meanwhile, agentic AI is proliferating through no-code platforms and vibe coding, creating attack surfaces most CISOs can’t see, let alone govern. And quantum computing? No longer a 10-year planning horizon. It’s a 2030 action deadline.

Gartner’s Top Trends in Cybersecurity for 2026 report, released February 5, 2026, identifies six forces reshaping how CISOs must operate. These cut across governance, AI adoption, identity, workforce, and cryptographic strategy simultaneously. None of them is incremental.

The trends report lands alongside Gartner’s updated Forecast: Information Security, Worldwide, 2023–2029, 4Q25 (G00843183, December 18, 2025) and the Forecast Analysis: Information Security, Worldwide, 2026 (G00838442, February 5, 2026), which together project global information security spending reaching $244.2 billion in 2026, up 13.3% in current U.S. dollars. I’ve tracked this forecast through multiple quarterly updates. The trajectory keeps steepening. The six trends below explain where that money is going and why.

“Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change,” said Alex Michaels, Director Analyst at Gartner. “This demands new approaches to cyber risk management, resilience, and resource allocation.”

The spending backdrop: $244 billion and accelerating

Before getting into the six trends, context matters. Gartner’s 4Q25 forecast shows the three major security segments all growing at double-digit constant currency rates in 2026:

Source: Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 Update (G00843183). Constant currency rates.

Cloud security remains the fastest-growing subsegment at 28.8% growth in 2026. Nothing else comes close. The combined cloud security market (cloud security posture management, cloud access security brokers, and cloud workload protection platforms) is projected to reach $32.4 billion by 2029, with a 25% CAGR in constant currency. I’ve been watching this subsegment accelerate for three quarters straight. CSPM alone is growing at a 31.30% CAGR.

 

Cloud security spending reaches $32.4 billion by 2029. CSPM leads at 31.30% CAGR. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

Trend 1: Agentic AI demands cybersecurity oversight

This is the trend that touches everything else on this list. Employees and developers are deploying AI agents through no-code/low-code platforms and “vibe coding” at a pace that outstrips security governance. Unmanaged AI agent proliferation. Unsecured code. Compliance violations that most security teams don’t even have visibility into yet. That’s the picture Gartner is painting.

Gartner’s recommendation is blunt: cybersecurity leaders must identify both sanctioned and unsanctioned AI agents operating within their environments, enforce access controls and data guardrails, and develop incident response playbooks specific to agent-driven threats.

“While AI agents and automation tools are becoming increasingly accessible and practical for organizations to adopt, strategic cybersecurity planning for these technologies is essential,” said Michaels. Cybersecurity leaders must work cross-functionally to manage agentic AI adoption, identifying sanctioned and unsanctioned AI agents, enforcing data access controls, and developing incident response playbooks.

The spending data backs this up. Gartner’s 4Q25 forecast projects the AI-amplified security market reaching $160 billion by 2029, up from $49 billion in 2025. Gartner is clear that this isn’t additive spending. It represents the portion of existing security products that now embed AI capabilities. But the expectation tells the story: over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from less than 25% in 2025. Vendors that don’t embed AI will lose shelf space. (For more on AI security platforms, see Gartner’s Top Strategic Technology Trends for 2026, which predicts that over 50% of enterprises will use AI security platforms to protect their AI investments by 2028.)

Trend 2: Global regulatory volatility drives cyber resilience efforts

Regulators are getting personal. Boards and executives now face direct liability for compliance failures. Not just organizational fines, but individual accountability. The penalties for inaction have moved from theoretical to career-ending. Across multiple jurisdictions simultaneously.

Gartner advises cybersecurity leaders to formalize collaboration across legal, business, and procurement teams to establish clear accountability for cyber risk. Align control frameworks to recognized standards. Address data sovereignty concerns before they become enforcement actions. The organizations doing this well are treating regulatory preparedness as a core security function, not an annual compliance checkbox.

This is where the spending data gets interesting. Gartner’s forecast shows security consulting services growing from $24.2 billion (2024) to $36.6 billion (2029), adding $12.4 billion in five years. Security professional services follow a similar trajectory: $27.3 billion to $40.8 billion, adding $13.5 billion. Organizations are buying outside expertise because they can’t build regulatory competence fast enough in-house. I’ve been covering these numbers for three quarters, and the services growth is the part of the forecast that keeps surprising me.

Infrastructure protection adds $26.4 billion between 2024 and 2029, the largest absolute growth of any subsegment. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

Trend 3: Post-quantum computing moves into action plans

Gartner predicts advances in quantum computing will render the asymmetric cryptography that organizations rely on unsafe by 2030. Four years. That’s the window to adopt post-quantum cryptography alternatives before “harvest now, decrypt later” attacks start cashing in on data that adversaries are collecting today.

Organizations need to identify their cryptographic deployments, assess data sensitivity and lifespan, and prioritize cryptographic agility. That last phrase keeps coming up in my conversations with CISOs. The ability to swap encryption methods without re-architecting entire systems. Swapping an algorithm is one thing. Doing it across a production environment without downtime is an entirely different problem.

“Post-quantum cryptography is reshaping cybersecurity strategies by prompting organizations to identify, manage, and replace traditional encryption methods, while prioritizing cryptographic agility,” said Michaels. “By investing in these capabilities and prioritizing migration now, assets will be secured when quantum threats become a reality.

The encryption market in Gartner’s 4Q25 forecast grows from $1.04 billion in 2023 to $2.04 billion by 2029 at an 11.95% CAGR. A 2.0x increase. For what has historically been one of the slower-growing security subsegments, that’s a significant acceleration. Quantum urgency is changing the math.

Trend 4: Identity and access management adapts to AI agents

AI agents are breaking traditional IAM models. Plain and simple. Identity registration and governance, credential automation, and policy-driven authorization weren’t designed for autonomous machine actors that can initiate actions, access data, and interact with systems without human intervention. The scale problem compounds fast: when every employee can deploy dozens of AI agents, the identity surface area explodes.

Gartner recommends a targeted, risk-based approach. Invest where gaps and risks are greatest. Leverage automation where possible. The practical starting point is understanding which AI agents carry the most privilege and the least oversight. Those are your highest-risk identities right now, and most organizations haven’t inventoried them.

The identity market is already significant. Gartner’s 4Q25 forecast shows identity access management growing from $18.7 billion (2024) to $29.0 billion (2029), adding $10.3 billion in five years. That’s before the full scale of agentic AI identity requirements hits the market. IAM vendors that solve machine-actor identity at scale will capture a disproportionate share of that $10.3 billion growth.

Trend 5: AI-driven SOC solutions destabilize operational norms

AI-enabled security operations centers are enhancing alert triage and investigation workflows. The technology works. But deploying AI into a SOC doesn’t automatically reduce headcount needs. It changes the skill mix. Analysts who excelled at manual triage need different capabilities to oversee AI-driven workflows. Organizations are discovering this the hard way. That’s an organizational transformation challenge, and throwing more technology at it doesn’t help.

“To realize the full potential of AI in security operations, cybersecurity leaders must prioritize people as much as technology,” said Michaels. “Strengthening workforce capabilities, implementing human-in-the-loop frameworks into AI-supported processes and aligning adoption with clear strategic objectives will be critical to maintaining resilience as SOCs evolve.”

The talent dimension makes this harder than it already sounds. ISC2’s 2024 Cybersecurity Workforce Study, published in October 2024, documented a global workforce gap of 4.8 million professionals, a 19% year-over-year increase. The active workforce flatlined at 5.5 million (up just 0.1%). The numbers are brutal: 25% of organizations reported cybersecurity layoffs in 2024. 37% faced budget cuts. 90% report skills shortages. 58% believe the shortage puts their organization at significant risk. On the spending side, managed security services are growing at 11.1% in 2026, the fastest rate in the services segment. Organizations can’t hire fast enough, so they’re buying managed SOC capacity instead.

Trend 6: GenAI breaks traditional cybersecurity awareness tactics

Existing security awareness programs are failing. Full stop. A Gartner survey of 175 employees conducted between May and November 2025 found that 57% use personal GenAI accounts for work purposes, while 33% admit to uploading sensitive information to tools their organizations haven’t sanctioned. Those numbers should alarm every CISO reading this. A third of your workforce is actively feeding proprietary data into tools you can’t audit.

Gartner recommends shifting from general awareness training to adaptive behavioral programs that include AI-specific tasks. Generic compliance videos won’t cut it here. The organizations getting this right are making approved GenAI tools easy to access and unsanctioned tools hard to justify. Trying to ban GenAI outright just drives usage underground and costs you talent.

Strengthening governance, embedding secure practices, and establishing clear policies for authorized GenAI use will reduce exposure to privacy breaches and intellectual property loss. The governance gap on GenAI usage is, in my view, the most underestimated risk on this entire list. Every other trend has a spending line item attached to it. This one requires behavioral change, which is harder to buy.

Total market trajectory: $173.5 billion to $323.5 billion

Gartner’s year-by-year spending trajectory shows the acceleration curve these six trends are riding:

Source: Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 Update (G00843183, December 18, 2025). Current U.S. dollars.

 

CSPM and CASB lead all security categories with 31% and 26% CAGR through 2029. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

What this means for CISOs

Three of the six trends (agentic AI oversight, IAM for machine actors, and GenAI awareness) are fundamentally about the same problem: autonomous AI systems operating inside enterprise environments without adequate governance. The other three (regulatory volatility, post-quantum readiness, and AI-driven SOCs) are the structural forces those governance failures will collide with. That convergence is the signal about where 2026 budgets need to go.

The organizations that will navigate this environment successfully are doing three things simultaneously:

Mapping their AI agent footprint now. If you don’t know how many AI agents are operating across your environment, sanctioned and unsanctioned, you can’t govern what you can’t see. Gartner’s 75% AI-amplified product adoption projection by 2028 means this window for establishing control is narrow.

Building cryptographic agility into their architecture. The 2030 quantum deadline means migration planning starts in 2026, not 2028. The encryption market’s 2.0x growth reflects early movers. Late movers face rip-and-replace costs that compound every quarter they wait.

Investing in people alongside AI tooling. AI-enabled SOCs work when human operators have the skills to oversee them. The ISC2 data is unambiguous: a 4.8 million professional gap growing at 19% year-over-year. Managed security services growth at 11.1% tells you where CISOs are finding capacity.

Gartner’s numbers aren’t projections anymore. They’re procurement trends already hitting finance systems. The $244.2 billion flowing into information security this year will fund agentic AI governance, quantum migration, and SOC transformation, whether your organization participates or not.

Bottom line: CISOs planning for 2027 are watching their competitors buy the tools they’ll be scrambling for in 18 months. The data says move now.

Nov 26

15 fastest-growing security categories in Gartner’s 3Q25 Information Security Forecast

15 fastest-growing security categories in Gartner's 3Q25 Information Security Forecast

Cloud Security Posture Management is growing at a 31.23% CAGR. Zero Trust Network Access at 23.25%. Threat Intelligence at 22.17%. The overall security market? Just 10.55%. Fifteen categories are outpacing the market by two to three times, collectively capturing $106 billion in new spending by 2029. Enterprise security budgets aren’t just expanding. They’re being redirected.

And the driver? Brutally simple.

Gartner estimates 99% of cloud security failures through 2025 will be the customer’s fault, primarily due to misconfigurations. Organizations are responding by investing aggressively in technologies that automate what humans simply can’t manage manually across hundreds of cloud accounts, thousands of APIs, and millions of potential attack vectors.

What these growth rates say about Gartner’s view of the market 

These fifteen categories represent $106.4 billion in new spending by 2029, growing from today’s baseline. What do they have in common? Three characteristics that explain why enterprises are pouring money into them:

  • Automation at Scale. Every high-growth category automates processes that break when done manually, whether it’s scanning cloud configurations, managing consent across jurisdictions, or detecting behavioral anomalies in network traffic. There’s no other way to keep pace.
  • Proactive vs. Reactive. These technologies prevent problems rather than clean up after them. CSPM catches misconfigurations before breaches. ZTNA eliminates the attack surface that VPNs create. Tokenization protects data even if systems are compromised. Security teams are finally getting ahead of the threat curve instead of playing catch-up.
  • Measurable ROI. IBM’s 2025 Cost of a Data Breach Report shows organizations using AI and automation extensively save $1.9 million per breach and reduce breach lifecycle by 80 days. With U.S. breach costs hitting $10.22 million, these investments pay for themselves with a single prevented incident.

15 fastest-growing security categories in Gartner's 3Q25 Information Security Forecast

The 15 categories reshaping security architecture

1. Cloud Security Posture Management (CSPM) | 31.23% CAGR | $2.5B → $13.0B

CSPM tools continuously scan infrastructure across AWS, Azure, and Google Cloud. With 82% of misconfigurations caused by human error and organizations managing 100+ cloud accounts, CSPM automates what’s mathematically impossible to do manually. The market will reach $15.6 billion by 2032.

2. Cloud Access Security Brokers (CASB) | 25.82% CAGR | $1.5B → $5.8B

Here’s a reality check. Enterprises average 112 SaaS applications, but shadow IT, or unauthorized apps, accounts for 42% of all applications. IT remains unaware of one-third of the apps on its networks. The damage? 65% of shadow IT companies suffer data loss, and 52% experience breaches. CASBs transform this chaos into visibility and control.

3. Zero Trust Network Access (ZTNA) | 23.25% CAGR | $1.6B → $5.6B

ZTNA kills the VPN model. Instead of network access, it provides application-specific connections verified for every request. Gartner predicts 70% of new remote access deployments will use ZTNA by 2025. With 65% of companies planning to replace VPNs, this shift represents a wholesale rethinking of secure access. The perimeter-based model is dying. Good riddance.

4. Cloud Workload Protection Platforms (CWPP) | 22.78% CAGR | $3.9B → $13.5B

CWPP platforms secure everything from traditional VMs to containers that exist for milliseconds. Legacy endpoint security can’t protect ephemeral containers or serverless functions—it wasn’t designed for workloads that appear and disappear in seconds. The shift to microservices demands purpose-built security.

5. Consent and Preference Management | 22.39% CAGR | $0.5B → $1.7B

GDPR fines reached €5.88 billion by January 2025, according to the DLA Piper GDPR Fines and Data Breach Survey. California’s CCPA penalties continue climbing; the California Privacy Protection Agency fined Todd Snyder $345,178 for inadequate opt-out and privacy request processes. Manual handling can’t meet regulatory deadlines. Automation prevents massive fines.

6. Threat Intelligence | 22.17% CAGR | $1.8B → $5.8B

IBM data shows threat intelligence reduces detection and escalation costs by $1.63 million while cutting incidents by 30%. Modern platforms aggregate data about bad actors and vulnerabilities, transforming raw threat data into automated responses across security stacks. The days of threat feeds sitting in dashboards, unused, are over.

7. Subject Rights Request Automation | 16.53% CAGR | $0.8B → $2.1B

When users demand “delete my data,” these platforms automate the process across all systems. Manual handling doesn’t scale, not when you’re managing requests across multiple jurisdictions with different requirements and tight deadlines.

8. Tokenization | 14.26% CAGR | $1.0B → $2.2B

Tokenization replaces sensitive data with meaningless tokens that can’t be mathematically reversed. Why the urgency now? NIST standardized quantum-resistant algorithms, including ML-KEM (formerly CRYSTALS-Kyber), in August 2024. Organizations are preparing for quantum threats expected within five to ten years.

9. Network Detection and Response (NDR) | 14.05% CAGR | $1.6B → $3.5B

NDR platforms use AI to establish behavioral baselines and detect anomalies signaling compromise. Here’s the mindset shift: rather than hoping to prevent all attacks, innovative organizations invest in rapid detection that minimizes damage when sophisticated attackers inevitably get through. Prevention isn’t enough anymore.

10. Vulnerability Assessment | 13.98% CAGR | $2.6B → $5.7B

Cloud infrastructure changes constantly. Quarterly scans are obsolete before they finish. Modern platforms provide continuous scanning in CI/CD pipelines, prioritizing based on real-world exploit data. DevOps teams deploying daily need vulnerability detection that keeps pace. Anything less is theater.

11. Endpoint Protection Platform (EPP) | 13.61% CAGR | $13.5B → $29.1B

The largest category doubles to $29.1 billion as ransomware attacks surge. According to Cyble analysis cited by TechTarget, U.S. ransomware attacks increased by 149% year-over-year in the first five weeks of 2025. Manufacturing led targets with 638 attacks in 2023, per Statista data compiled by Fortinet. Next-gen EPP uses behavioral analytics to stop ransomware before encryption begins—catching what traditional antivirus misses.

12. Secure Web Gateway (SWG) | 13.26% CAGR | $3.3B → $7.0B

Malicious sites appear and disappear in hours. Cloud-delivered SWGs update threat intelligence in real-time, protecting remote workers wherever they connect. Integration with ZTNA creates comprehensive security that follows users across devices and locations. The old perimeter? It no longer exists.

13. Web Application Firewalls (WAF) | 11.93% CAGR | $2.0B → $3.8B

Organizations expose hundreds of APIs, each a potential attack vector. Traditional network firewalls can’t inspect application-layer attacks. Modern WAFs use machine learning to distinguish legitimate users from attackers without blocking customers. Getting that balance right is harder than it sounds.

14. Encryption | 11.90% CAGR | $1.0B → $2.0B

NIST’s standardization of quantum-resistant algorithms signals urgency. Attackers already practice “harvest now, decrypt later”—collecting encrypted data for future quantum decryption. Organizations must transition to post-quantum cryptography now, as full integration takes years. This isn’t theoretical risk anymore.

15. Security Information and Event Management (SIEM) | 11.74% CAGR | $5.8B → $11.3B

AI transforms SIEM from reactive to proactive. Organizations using AI-powered automation save $1.9 million per breach, according to IBM’s newsroom. Machine learning models identify attack patterns and detect zero-day threats before signatures exist, turning security operations into a competitive advantage.

The Investment Thesis behind the numbers

These growth rates reflect three converging realities:

  • Cloud Complexity Is Exponential. With 79% of organizations using multiple cloud providers and managing hundreds of accounts, manual security is mathematically impossible. The 31.23% CAGR for CSPM isn’t optimism, it’s survival.
  • AI Changes Everything. Shadow AI breaches cost $4.63 million, $670,000 more than standard incidents. But AI also powers the defense, with automated security tools reducing breach lifecycles by 80 days. The same technology that creates vulnerabilities offers the best defense.
  • Compliance Costs Are Skyrocketing. Between GDPR, CCPA, and emerging regulations, manual compliance is a liability that grows daily. Automation platforms turn regulatory requirements into competitive advantages.

The Bottom Line

The organizations winning this race aren’t those with the most significant security budgets; they’re those investing in the right categories at the right time. These fifteen segments aren’t just growing fast; they’re defining what modern security architecture looks like.

The message from Gartner’s data is unambiguous: security spending is shifting from reactive to proactive, from manual to automated, from perimeter-based to zero-trust. Organizations still relying on legacy approaches aren’t just falling behind; they’re accepting risks that the market has already priced as unacceptable.

Source: Gartner Information Security Forecast 3Q25 Update (Document G00839334), showing overall market growth from $215.8B (2025) to $322.2B (2029) at 10.55% CAGR

Oct 28

Top ten cybersecurity startups to watch in 2025 according to $3.21B in investor bets

Top Ten Cybersecurity Startups to Watch in 2025 According to $3.21B in Investor Bets

While the industry still debates whether AI will transform cybersecurity, investors have already made up their minds.

Based on an analysis of the latest Crunchbase data compiled recently that spans January 2024 to October 2025, ten standout startups captured $1.41 billion in new funding, signaling that machine-speed defense against AI-driven threats is no longer optional; it’s an operational reality. Together, these ten startups have raised $3.21 billion, which represents one of the heaviest capital concentrations in cybersecurity startups to date.

Investors are gravitating to cybersecurity startups that solve complex problems

CrowdStrike’s Falcon 2025 event, held earlier this year in Las Vegas, showcased a series of new agentic AI developments that, taken together, reflect how cross-platform and cross-competitor collaboration aimed at shutting down increasingly complex weaponized AI threats leads to faster innovation. VentureBeat’s analysis of the many announcements there explains how the cybersecurity company is betting on agentic AI to defeat adversaries.

Interested in quantifying how AI is impacting investors’ decisions, I completed an analysis using Crunchbase data covering 342 verified cybersecurity startups with active funding. Selection was weighted toward recent momentum, total funding scale, stage maturity, AI integration, and proof through multiple rounds.

The key takeaway: Institutional capital is consolidating around companies that make autonomous security practical, and agentic AI is at the core of that direction. But AI is not enough; investors are looking for the ability to scale in enterprises once they have AI integrated into their core platforms.

AI in cybersecurity: Tablestakes, not a ticket to premium valuation

Sixty percent of startups integrate AI into their core technology. Yet contrary to hype, that hasn’t bought them higher valuations.

  • AI-integrated startups average $283M in funding.
  • Non-AI specialists average $378M.

Crunchbase data shows investors reward defensible specialization as much as AI capability. Quantinuum’s $925M for post-quantum cryptography and Zama’s $139M for homomorphic encryption prove that solving foundational security problems often supersedes AI as a differentiator.

Still, AI holds weight in investment decisions. Six AI-driven startups pulled $1.70B (52.8%), while four non-AI companies captured $1.51B (47.2%). Both models earn trust by underscoring AI for operational speed and deep tech for architectural resilience. And with seven of ten now at Series B maturity, investors are backing platforms that have already demonstrated enterprise traction, not experiments.

1. Quantinuum ($925M, Series B) Post-Quantum Defense. Closed a $600M Series B in August 2025. The company is building the only mathematical safeguard against the inevitable collapse of RSA and ECC encryption under quantum computing.

2. Saronic ($845M, Series B) Autonomous Maritime Security, Raised $175M in July 2024 for AI-powered unmanned surface vessels. With 90% of trade moving across exposed waterways, Saronic brings AI defense to the physical infrastructure that most enterprises overlook.

3. Auradine ($314M, Series B) AI Silicon for Security. Raised $80M to expand custom silicon that accelerates cryptographic workloads 10x faster than general-purpose hardware, eliminating bottlenecks in AI-driven security deployments.

4. Tines ($271M, Series B) No-Code Automation. Secured $50M Series B. Turns analysts into automation builders, saving 40+ hours weekly with drag-and-drop workflows that are proving critical for overextended SOC teams.

5. Dream Security ($198M, Series B) Critical Infrastructure Defense. Closed $100M in 2025. Their sovereign AI platform equips critical infrastructure with defenses calibrated to nation-state-level threats, providing a layer that traditional enterprise tools cannot reach.

6. Upwind Security ($180M, Series A)  Runtime Cloud Visibility. Raised $100M in December 2024. Focused on runtime intelligence, detecting abnormal behavior live rather than flagging static misconfigurations. Reduces false positives, elevates real threats.

7. Zama ($139M, Series B)  Homomorphic Encryption. Raised $57M in June 2025 after a $73M Series A in March 2024. Provides production-ready fully homomorphic encryption, enabling AI models to compute securely on encrypted data.

8. Noma Security ($132M, Series B)  Securing AI Agents. Closed $100M in 2025. Built to harden AI systems against prompt injection and model poisoning as enterprises push decision-making into autonomous agents.

9. ZeroEyes ($107M, Series B)  Firearm Detection AI. Raised $53M in 2025. Eleven rounds in, their AI models detect firearms on video feeds in seconds—cutting active shooter response time dramatically.

10. Upscale AI ($100M, Seed)  AI Networking Infrastructure. Raised a $100M Seed round in 2025. Building AI-native networking with hardware-accelerated encryption, aimed at high-performance compute environments.

The Bottom Line

Series B dominance (70%) shows that capital is flowing into platforms with market traction, not speculative bets. Forty-six rounds across these ten companies demonstrate durability and enterprise validation. The signal to security leaders is becoming clear based on the escalating nature of weaponized AI attacks: manual security processes are now liabilities. Defending at human speed against AI-enabled attackers is untenable. Investors understand this. $1.41B in recent capital confirms it.