Skip to content

Posts tagged ‘quantum security’

Mar 24

Gartner’s $244.2B security forecast shows enterprises spend 17x more on AI tools than securing AI itself

Inside the $244.2 billion security market: agentic AI adoption outpaces defenses 8 to 1, cloud security grows at 28.8%, and enterprises spend 17x more on AI tools than on securing the AI itself

Gartner forecasts worldwide AI spending will reach $2.52 trillion in 2026, a 44% increase year-over-year. Worldwide IT spending will hit $6.15 trillion. Within that massive build-out, information security spending accelerates to $244.2 billion, up 13.3%.

The headline looks healthy. Look closer, and it isn’t. I’ve been tracking Gartner’s information security forecast through multiple quarterly updates, and the trajectory keeps steepening. But the spending acceleration is masking a deeper problem: enterprises are deploying AI agents into production far faster than they are securing them.

  1. The 40% / 6% gap

Gartner predicts 40% of enterprise applications will include task-specific AI agents by the end of 2026. Up from less than 5% in January. These are not chatbots. Gartner’s examples include autonomous cybersecurity response agents that scan network traffic, analyze system logs, and initiate responses without human intervention.

Only roughly 6% of organizations report having an advanced AI security strategy in place, according to vendor-sourced research from BigID’s 2025 AI Risk and Readiness study. Even adjusting for methodology differences between vendor and analyst research, the gap is stark. Agents are entering production at roughly 7-8x the rate organizations are building governance around them.

Gartner’s 4Q25 AI spending forecast created a dedicated agentic AI market segment for the first time. The spending lines are dramatic. Agentic AI overtakes chatbot and assistant spending by 2027. By 2029, agentic AI will reach $752.7 billion at a 119% compound annual growth rate. Chatbot spending peaks at $264.7 billion, then declines. That crossover point is where the security model breaks, because chatbots operate within human-supervised sessions. Agents don’t.

Gartner named agentic AI oversight the number-one cybersecurity trend for 2026 in its February report (my breakdown of all six trends here). A separate Gartner poll of 147 CIOs found 24% had already deployed AI agents and 50% were actively experimenting. Guardian agents, AI systems designed to monitor and govern other AI agents, are projected to capture 10-15% of the agentic AI market by 2030.

Forrester’s 2026 cybersecurity predictions go further: an agentic AI deployment will cause a publicly disclosed data breach this year, leading to employee dismissals. Senior analyst Paddy Harrington frames it as a cascade of failures, not a single point of error. That prediction landed in October 2025. Nothing since has made it less likely.

  1. $244.2 billion, and where it goes

Gartner’s 4Q25 information security forecast projects global spending reaching $244.2 billion in 2026, up 13.3% year-over-year. That is acceleration, not continuation. Gartner’s forecast trajectory has been steepening for multiple quarters. It follows a year where many CISOs focused on consolidating tools rather than buying new ones.

The allocation matters more than the total (please click on the graphic to expand for easier reading):

Cloud security at 28.8% growth is the fastest subsegment by a wide margin. CSPM alone carries a 31.3% CAGR. These represent organizations reacting to attack surfaces that expanded when workloads moved to the cloud faster than security controls followed.

Managed security services at 11.1% tells a workforce story the spending headline misses. The ISC2 documented a global cybersecurity workforce gap of 4.8 million professionals in October 2024. That gap grew 19% year-over-year while the active workforce flatlined at 5.5 million. A quarter of organizations reported cybersecurity layoffs. So they’re buying SOC capacity from managed providers instead. The spending growth in managed services is a staffing problem wearing a procurement mask.

The 17:1 spending asymmetry

Gartner’s 4Q25 AI spending forecast splits the AI cybersecurity market into two sub-segments for the first time. AI-amplified security, using AI to defend the enterprise, reached $49 billion in 2025. Securing AI itself, protecting the models, training data, inference pipelines, agent workflows, and decision outputs, stood at $2.8 billion. That is 5.5% of the AI cybersecurity market.

Enterprises are investing 17 times more in AI-powered security tools than in securing the AI on which those tools run. Gartner projects over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from less than 25% in 2025. The tools are getting funded. What the tools actually depend on to function is not.

  1. Quantum crosses the 5% budget threshold

Forrester predicts quantum security spending will exceed 5% of overall IT security budgets in 2026. Five percent sounds modest until you consider what it represents: the shift from research line items to actual procurement.

That means consulting engagements for quantum migration planning. Cryptographic discovery tools to figure out which systems need replacing first. Post-quantum algorithm testing across live production environments. Gartner calls post-quantum cryptography a force that demands organizations identify, manage, and replace traditional encryption methods now. Not eventually. The encryption market is growing at 2.0x according to the 4Q25 forecast, and the planning horizon is 2030. Starting migration in 2028 means compounding rip-and-replace costs every quarter of delay.

Forrester also predicts the EU will establish its own known exploited vulnerability database in 2026. Regulatory fragmentation adds cost. For enterprises operating across jurisdictions, quantum migration planning cannot be separated from compliance architecture.

  1. 57% of employees are already using shadow AI

A smaller Gartner survey of 175 employees conducted between May and November 2025 found that 57% use personal GenAI accounts for work. A third admitted to uploading sensitive information to tools their organizations have not sanctioned.

I keep coming back to this stat because it reframes the entire agentic AI security conversation. The firewalls most enterprises rely on were built for human-to-application communication. Protocols like MCP now enable agent-to-agent interaction at a scale and speed those tools were never designed to see. Machine identities outnumber human employees by more than 80 to 1 in most enterprises, according to CyberArk. Traditional IAM was not built for nonhuman actors operating autonomously.

Gartner’s cybersecurity trends report identifies IAM adaptation for AI agents as a top-six trend for 2026, specifically calling out identity registration, credential automation, and policy-driven authorization for machine actors. Failure to address these issues will lead to greater access-related cybersecurity incidents as autonomous agents become more prevalent.

The investment context: AI in the trough, security in the gap

Gartner places AI in the Trough of Disillusionment throughout 2026. AI will most often be sold by incumbent software providers rather than bought as part of new moonshot projects. ROI predictability has to improve before enterprises scale their deployments.

Forrester’s 2026 predictions reinforce this: enterprises will defer 25% of planned AI spending into 2027 as financial rigor slows production deployments and kills proofs of concept. Fewer than one-third of decision-makers can tie AI value to their organization’s financial growth.

Yet Gartner’s IT spending forecast shows server spending accelerating at 36.9% year-over-year and data center spending surging 31.7% past $650 billion. GenAI model spending grows at 80.8%. The infrastructure build-out is not slowing even as enterprise application adoption pauses.

Infrastructure spending runs hot. Application-layer AI spending cools. Security spending accelerates into the gap between adoption speed and governance readiness. The $244.2 billion flowing into information security is the cost of operating in an environment where AI agents are proliferating faster than the controls designed to govern them.

What these numbers add up to

For two decades, enterprise security assumed a human on the other end of every session, every credential request, every decision. That assumption is collapsing. The autonomous agent accessing your production database at 3 AM doesn’t authenticate the way your SOC analyst does, doesn’t respect the same governance boundaries, and operates at speeds no human reviewer can match.

What makes this moment different from previous security inflection points is the speed asymmetry. When cloud migration created new attack surfaces, enterprises had years to adapt. The shift from on-prem to cloud took a decade. The shift from human-operated to agent-operated environments is measured in quarters. Gartner didn’t even have a dedicated agentic AI spending segment until this forecast cycle. By the next one, the crossover will have already happened.

The practical question for 2026 is not whether to invest in AI security. That decision has been made by the spending trajectory. It is whether to govern AI agents proactively, before the first publicly disclosed agentic breach forces a reactive scramble, or to wait and pay the premium that every late mover in cybersecurity history has paid. Forrester has already predicted which outcome is more likely this year. The 17:1 ratio suggests most enterprises are betting on the wrong side of that question.

Sources

Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 (December 18, 2025)

Gartner Forecast Analysis: Information Security, Worldwide, 2026 (February 5, 2026)

Gartner Forecast: AI Spending, Worldwide, 2024–2029, 4Q25 (December 2025)

Gartner, Top Trends in Cybersecurity for 2026 (February 5, 2026)

Gartner, Worldwide AI Spending Will Total $2.52 Trillion in 2026 (January 15, 2026)

Gartner, Worldwide IT Spending to Grow 10.8% in 2026 (March 2026)

Gartner, 40% of Enterprise Apps Will Feature AI Agents by 2026 (August 26, 2025)

Gartner, Guardian Agents Will Capture 10-15% of Agentic AI Market by 2030 (June 11, 2025)

Forrester Predictions 2026: Cybersecurity and Risk (October 28, 2025)

Forrester, Global Tech Spend Will Grow 7.8% in 2026 (February 2, 2026)

Forrester, 2026 Technology & Security Predictions (October 28, 2025)

ISC2, 2024 Cybersecurity Workforce Study (October 2024)

CyberArk, Machine Identities Report (April 2025)

BigID, AI Risk & Readiness in the Enterprise (2025)

Jul 7

GenAI and IoT security are core to Forrester's top 10 emerging technologies in 2024
1 Comment

GenAI and IoT security are core to Forrester’s top 10 emerging technologies in 2024

Predicting that generative AI (genAI) for visual content, genAI for language, TuringBots, and IoT security will be the four technologies that deliver the most immediate ROI in two years, Forrester’s Top 10 Emerging Technologies In 2024 reflects the urgency more businesses have for making AI pay while securing their most at-risk endpoints.

Rounding out Forrester’s ten emerging technologies are AI agents, autonomous mobility, edge intelligence, quantum security, extended reality (XR), and Zero Trust Edge (ZTE).

Forrester’s stack ranking of technologies by ROI potential

Advising clients to include ten emerging technologies on their radar and roadmap, Forrester has segmented them into short-term, medium-, and long-term groups based on their potential to deliver ROI. Three of the ten emerging technologies are cybersecurity related.

Technologies predicted to deliver the most significant ROI over the next two years

GenAI for visual content and language. Given how quickly genAI’s adoption is accelerating across enterprises via a myriad of cloud-based apps and tools, especially in marketing, digital design, and communications, it’s clear why Forrester predicted that genAI for visual content, genAI for language have the potential to deliver ROI in two years. Forrester notes that “genAI for language is already delivering value in customer support and content creation but continues to advance at a blinding pace. It is accelerating many other technologies as it goes.”

TuringBots are predicted to accelerate app development. The report states that these AI-powered software robots “help developers build applications that deliver more than just code generation” thanks to advancements in genAI for language. TuringBots are defined as “AI-powered software that augments application development teams’ automation and semiautonomous capabilities to plan, analyze, design, code, test, deliver, and deploy while providing assistive intelligence on code, development processes, and applications.”

IoT Security to secure the proliferating number and variety of endpoint devices. Forrester defines IoT security technology as including components that are “familiar to endpoint management and security: asset management, identity and access management (IAM), data security management, Zero Trust networking, and attack surface risk management.” Forrester predicts that deploying IoT security solutions will deliver expected business value within a year as vendors increasingly offer capabilities as part of other cybersecurity platforms.

GenAI and IoT security are core to Forrester's top 10 emerging technologies in 2024

Source: Forrester’s Top 10 Emerging Technologies In 2024

Emerging technologies predicted to deliver ROI in two to five years

AI agents. Forrester is seeing AI agent technology stacks include advanced deep learning techniques, including generative, predictive, and reinforcement learning, that enable greater context, analysis, strategy, and planning. Forrester believes their full realization is two to five years away, predicting that “organizations with large amounts of information and sizable human workforces will likely see the biggest and most immediate benefits.”

Autonomous mobility. Manufacturing and logistics are two industries shifting workloads from initial pilots into production, according to Forrester. Both industries are facing continued labor shortages, regulatory pressures, and rising costs and see the potential to improve traffic and supply chain management results. Key benefits include greater operational efficiencies across shop floors, improved regulatory compliance, enhanced worker productivity and safety, and more accurate data to track environmental sustainability efforts.

Edge intelligence. Edge intelligence, according to Forrester, is “the ability to collect data, make assumptions based on that data, and link that data to relevant, distributed, orchestrated, and contextually driven responses in a network of application, device, and communication ecosystems.” The report further defines the tech stack for edge intelligence as including streaming analytics, edge ML, federated ML, and real-time data management on intelligent devices and edge servers.

Quantum security. Reducing the risk of “harvest now, decrypt later” quantum attacks, providing increased cryptographic agility for the future, and improving digital signatures are a few of the many benefits quantum security delivers. Asymmetric and symmetric key generation, symmetric key distribution via QKD, digital signatures and certificate management, and keeping an accurate list of cryptographic algorithms are some of the most common uses. These benefits and use cases form the basis of Forrestter’s assigning quantum security into the mid-segment of their stack ranking.

GenAI and IoT security are core to Forrester's top 10 emerging technologies in 2024

Source: Forrester’s Top 10 Emerging Technologies In 2024

Emerging technologies predicted to deliver ROI in over five years

Extended reality (XR). Forrester defines XR as “a technology that overlays computer imagery on a user’s field of vision, with augmented reality (AR), mixed reality, and virtual reality (VR) technologies that are supported by the same developer tools, sensors, cameras, and simulation engines.” Their report notes that only 8% of US online adults own a virtual-reality headset, and just 16% have used an augmented-reality device or app. While XR is advancing in training and onboarding, companies are resisting investing in tools like these until they see broad adoption.

Zero Trust Edge (ZTE). ZTE technology has the potential to protect remote workers, retail outlets, and branch offices with embedded local security. Highly distributed enterprises with little variation between sites are predicted to see the greatest benefit first.

Conclusion

Forrester sees security as core to any organization seeking to maximize the value and ROI of emerging technologies.

Three cybersecurity technologies, IoT security, quantum security, and zero trust edge (ZTE)—form the foundation of the ten emerging technologies. “The inclusion of these security technologies underscores a crucial point: the future belongs to those with the foresight and will to invest in security now. As AI capabilities expand, so do the potential vulnerabilities that malicious actors can exploit,” writes Brian Hopkins, vice president, emerging tech portfolio at Forrester.

Defending endpoints need to start with a zero-trust framework that enforces least privileged access and monitors everything happening on the network while also enabling microsegmentation to reduce the blast radius of a potential cyberattack. Relying on legacy account and identity and access management (IAM) systems that assume trust across systems and within identity management data structures is a breach waiting to happen.

Forrester’s top ten emerging technologies show a progression from already having significant use cases and adoption to newer technologies that are nascent in the market. All share a common characteristic with security, however. As technologies get more complex and remain unproven, security technologies need to step up the use of new technologies to counter threats. Quantum security and zero trust edge correspond with the direction of the ten emerging technologies. They reflect the need to keep improving security to protect the best ROI possible with new technologies on the horizon.