Skip to content

Posts tagged ‘vulnerability-management’

Apr 8

Top 10 security categories where VC funding trails Gartner’s 2026 growth forecast, Crunchbase data

Top 10 security categories where VC funding trails Gartner’s 2026 growth forecast, Crunchbase data

Two of Gartner’s 10 fastest-growing security categories have zero venture-backed startups. Firewall equipment, a $26.7 billion market by 2030, and pure-play cloud access security brokers, projected at $7.1 billion, are controlled entirely by incumbent vendors. No startup has raised a dollar in either category since January 2025.

I cross-referenced Gartner’s 1Q26 Information Security forecast against CB Insights, Crunchbase, and PitchBook funding data for every one of the 10 fastest-growing security categories. The question: where is venture capital following Gartner’s growth signal, and where is it missing?

The answer is stark. $93.2 billion in projected 2030 spending across these 10 categories. $11.2 billion in total VC raised by 59 funded startups. That is an 8.3:1 gap between where enterprise demand is heading and where startup capital is flowing. In 5 of 10 categories, the gap exceeds 12:1. As I detailed in last week’s analysis of the 10 fastest-growing categories, growth is concentrating in cloud infrastructure, proactive intelligence, and privacy compliance. The VC data tells you whether anyone is building what CISOs need to buy.

“Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change,” said Alex Michaels, Director at Gartner. The spending data confirms it. The startup funding data shows the supply side has not caught up.

Two of Gartner’s 10 fastest-growing security categories have zero venture-backed startups. Firewall equipment, a $26.7 billion market by 2030, and pure-play cloud access security brokers, projected at $7.1 billion, are controlled entirely by incumbent vendors. No startup has raised a dollar in either category since January 2025. I cross-referenced Gartner’s 1Q26 Information Security forecast against CB Insights, Crunchbase, and PitchBook funding data for every one of the 10 fastest-growing security categories. The question: where is venture capital following Gartner’s growth signal, and where is it missing? The answer is stark. $93.2 billion in projected 2030 spending across these 10 categories. $11.2 billion in total VC raised by 59 funded startups. That is an 8.3:1 gap between where enterprise demand is heading and where startup capital is flowing. In 5 of 10 categories, the gap exceeds 12:1. As I detailed in last week’s analysis of the 10 fastest-growing categories, growth is concentrating in cloud infrastructure, proactive intelligence, and privacy compliance. The VC data tells you whether anyone is building what CISOs need to buy. “Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change,” said Alex Michaels, Director at Gartner. The spending data confirms it. The startup funding data shows the supply side has not caught up. ▼ GRAPHIC: GRAPHIC 2 — Paired bar chart: Gartner 2030 projection vs. VC raised (insert before master table) ▼ Figure 2: Gartner 2030 projections (dark) vs. total VC raised (light) for each of the 10 categories. The master table: Gartner forecast vs. startup funding by category I mapped each Gartner category against every cybersecurity startup that raised equity or debt since January 2025. Each company is assigned to one primary category to avoid double-counting. Gap Ratio is the Gartner 2030 market projection divided by total VC raised. Higher means wider gap. # Gartner Security Category 2025-26 GR 5yr CAGR 2030 Proj Startups Total VC Gap Ratio Verdict 1 Cloud Access Security Brokers (CASB) 27.2% 24.3% $7.1B 4 $182M 39:1 Critical Gap 2 Firewall Equipment (NGFW/FWaaS) 15.9% 9.1% $26.7B 0 $0 ∞ Incumbent Lock 3 Cloud Security Posture Mgmt (CSPM) 33.4% 27.6% $16.2B 6 $752M 21.5:1 Underfunded 4 Vulnerability Assessment 15.7% 12.0% $6.4B 6 $306M 20.9:1 Underfunded 5 Cloud Workload Protection (CWPP) 25.9% 21.0% $16.1B 8 $1.28B 12.6:1 Underfunded 6 Subject Rights Request Automation 16.2% 12.3% $2.3B 2 $240M 9.6:1 M&A Absorbed 7 Network Detection & Response (NDR) 15.6% 12.4% $4.1B 4 $701M 5.9:1 Moderate Gap 8 Zero Trust Network Access (ZTNA) 23.0% 20.9% $6.4B 10 $1.94B 3.3:1 VC Ahead 9 Threat Intelligence 27.3% 21.1% $6.9B 12 $3.16B 2.2:1 Oversupplied 10 Consent & Preference Mgmt 22.1% 18.6% $2.0B 7 $2.61B 0.8:1 Oversupplied Source: Gartner 1Q26 Information Security Market Current Outlook (G00846158, March 2026). Growth rates in constant currency. Funding data from CB Insights, Crunchbase, PitchBook. Analysis by Software Strategies Blog, April 2026. The table splits cleanly into three tiers. Five categories are underfunded or locked out (Gap Ratio above 9:1). Two sit in the middle. Three are oversupplied or ahead of the Gartner signal. I update this comparison every quarter as Gartner releases new forecast data. Get the next one in your inbox. The 3 widest gaps Gap #1: CASB — 39:1, and the category is disappearing Gartner projects cloud access security brokers reaching $7.1 billion by 2030 at a 24.3% CAGR. Total startup funding since January 2025: $182 million across just 4 companies. Company Total Funding Last Round Lead Investor HQ Founded Reco $85M $30M Series B Zeev Ventures New York 2020 Seraphic Security $44M $29M Series A GreatPoint Ventures Palo Alto / Israel 2020 Nudge Security $35M $22.5M Series A Cerberus Ventures Austin, TX 2021 Spin.AI $18M+ Undisclosed (K1) K1 Investment Mgmt Palo Alto 2017 The gap is structural, not cyclical. Pure-play CASB startups no longer exist as a standalone category. The buying motion has shifted to SASE platforms. Cato Networks raised $409 million in a Series G in June 2025, but that money funds a unified SASE platform spanning CASB, ZTNA, and SD-WAN. For CISOs, the implication is direct. If your CASB requirement is standalone, your vendor options are Netskope, Skyhigh, Forcepoint, and a handful of sub-$50 million startups. Expect fewer competitive bids and less pricing leverage than in categories where VC is abundant. Gap #2: CSPM — 21.5:1, the fastest-growing category is still starved Cloud security posture management is the single fastest-growing category in Gartner’s entire information security forecast. 33.4% growth in 2026. $16.2 billion by 2030 at a 27.6% five-year CAGR. Total startup funding: $752 million across 6 companies. Company Total Funding Last Round Lead Investor HQ Founded Upwind Security $430M $250M Series B Bessemer Venture Partners San Francisco 2022 Noma Security $132M $100M Series B Evolution Equity Partners New York / Tel Aviv 2023 Sentra $100M+ $50M Series B Key1 Capital New York / Tel Aviv 2021 Native Security $42M $31M Series A Ballistic Ventures Tel Aviv / Seattle 2024 Mondoo $32.5M $17.5M Series A Ext HV Capital San Francisco 2020 AccuKnox $15M $4M Venture DreamIt Ventures Menlo Park 2020 Upwind alone accounts for 57% of all CSPM startup capital. It hit unicorn status at a $1.5 billion valuation in January 2026. But one company cannot fill a $16.2 billion market. Alphabet’s $32 billion acquisition of Wiz in March 2026 removed the largest independent cloud security company from the startup market entirely. In my analysis of $3.6 billion in agentic AI security funding, I tracked how M&A is filling gaps that VC has not. CSPM is a category where that pattern is accelerating. Gap #3: Vulnerability Assessment — 20.9:1, the most active seed-stage category Gartner projects vulnerability assessment at $6.4 billion by 2030. Total VC: $306 million across 6 companies. Company Total Funding Last Round Lead Investor HQ Founded Zafran Security $130M $60M Series C Menlo Ventures New York 2022 Seemplicity $82M+ $50M Series B Sienna Venture Capital Tel Aviv 2020 Cogent Security $53M $42M Series A Bain Capital Ventures San Francisco 2024 Nucleus Security $20M+ $20M Series C Undisclosed Tampa, FL 2018 Onit Security $11M $11M Seed Hetz Ventures Tel Aviv 2025 ZAST.AI ~$10M $6M Pre-A Hillhouse Capital Seattle 2024 ▼ GRAPHIC: GRAPHIC 3 — Top funded startups in underfunded categories (insert after Vuln Assess table) ▼ Figure 3: Total funding by startup across the three underfunded categories (CSPM, CWPP, Vulnerability Assessment). This is the category with the most active early-stage investment. Cogent Security and Onit Security both use AI agents for autonomous vulnerability remediation. Zafran tripled ARR since its prior round. The agentic AI thesis is landing hardest in vulnerability management, and the funding trail shows it. Balbix, which had raised $98.6 million, was acquired in November 2025. For CISOs evaluating this category, the vendor field is young and fragmented. Half of the funded companies were founded in 2024 or later. Where VC is ahead of Gartner Three categories show the opposite pattern. In Consent & Preference Management, OneTrust alone has raised $2.1 billion against a $2.0 billion Gartner projection. In Threat Intelligence, $3.16 billion in VC against a $6.9 billion projection, but Dataminr ($1.24B) and ReliaQuest ($1.13B) account for 75% of the total. In ZTNA, Cato Networks’ $1.1 billion alone represents 57% of all category funding. ▼ GRAPHIC: GRAPHIC 4 — Concentration risk donut charts (insert after VC-ahead section) ▼ Figure 4: Single-company concentration in CWPP, ZTNA, and Threat Intelligence funding. The concentration risk matters. Strip out the single largest company in each oversupplied category and the gap ratios invert. Consent without OneTrust: $510 million, Gap Ratio 3.9:1. Threat Intelligence without Dataminr and ReliaQuest: $790 million, Gap Ratio 8.7:1. ZTNA without Cato: $835 million, Gap Ratio 7.7:1. M&A is filling the gaps VC won’t When startups cannot fill the gap, platform vendors acquire. The $3.6 billion in agentic AI security funding and $96 billion in M&A I tracked in March tells this story at scale. Palo Alto Networks assembled $29 billion in acquisitions. ServiceNow spent $11.6 billion. Alphabet closed $32 billion for Wiz. Veeam acquired Securiti.ai for $1.725 billion, removing the leading subject rights automation vendor from the independent market. Forrester’s 2026 cybersecurity budget data confirms the same pattern from the buyer side. Security budgets are growing, but the spend is concentrating in fewer, larger platform purchases. What this means for CISOs In underfunded categories, build internally or accept platform vendor lock-in. CSPM, vulnerability assessment, and CWPP all have Gap Ratios above 12:1. Fewer funded startups means fewer competitive alternatives. If your preferred vendor gets acquired, as Wiz, Securiti.ai, and Balbix all were, your roadmap depends on the acquirer’s priorities, not yours. In oversupplied categories, use the competition for better pricing. ZTNA, threat intelligence, and consent management have abundant VC-backed alternatives. Negotiate harder. Run competitive evaluations with three or more vendors. The funding data tells you which categories give you leverage. Watch for single-company concentration. Chainguard holds 70% of all CWPP startup funding. Cato holds 57% of ZTNA. OneTrust holds 80% of consent management. If any of these companies pivots, gets acquired, or fails, the category funding picture changes overnight. Bottom line Gartner projects $93.2 billion in 2030 spending across the 10 fastest-growing security categories. Venture capital has funded $11.2 billion in startups since January 2025. The 8.3:1 blended gap tells you the overall story. The category-level ratios tell you where to act. Cloud security posture management, vulnerability assessment, and cloud workload protection are growing at 2x to 3x the market average but remain underfunded relative to Gartner’s projections. Two categories, firewall equipment and pure-play CASB, have no startup investment at all. Platform vendors are filling gaps through acquisition at a pace that is reshaping every competitive evaluation. This is the third quarter I have tracked Gartner’s security forecast against independent funding data. The gap between enterprise demand and startup supply keeps widening. Gartner’s 2Q26 forecast lands in July. I will break down the updated Gap Ratios the week it drops. I wrote a shorter editorial take on what these gaps mean for CISO budgets on my Substack. Source: Gartner, Information Security Market Current Outlook, Worldwide, 1Q26 (G00846158), March 2026. Growth rates in constant currency. Dollar figures in current U.S. dollars. Funding data from CB Insights, Crunchbase, PitchBook, Statista. Cross-referenced against company press releases. Analysis by Software Strategies Blog.

The master table: Gartner forecast vs. startup funding by category

I mapped each Gartner category against every cybersecurity startup that raised equity or debt since January 2025. Each company is assigned to one primary category to avoid double-counting. Gap Ratio is the Gartner 2030 market projection divided by total VC raised. Higher means wider gap.

# Gartner Security Category 2025-26 GR 5yr CAGR 2030 Proj Startups Total VC Gap Ratio Verdict
1 Cloud Access Security Brokers (CASB) 27.2% 24.3% $7.1B 4 $182M 39:1 Critical Gap
2 Firewall Equipment (NGFW/FWaaS) 15.9% 9.1% $26.7B 0 $0 Incumbent Lock
3 Cloud Security Posture Mgmt (CSPM) 33.4% 27.6% $16.2B 6 $752M 21.5:1 Underfunded
4 Vulnerability Assessment 15.7% 12.0% $6.4B 6 $306M 20.9:1 Underfunded
5 Cloud Workload Protection (CWPP) 25.9% 21.0% $16.1B 8 $1.28B 12.6:1 Underfunded
6 Subject Rights Request Automation 16.2% 12.3% $2.3B 2 $240M 9.6:1 M&A Absorbed
7 Network Detection & Response (NDR) 15.6% 12.4% $4.1B 4 $701M 5.9:1 Moderate Gap
8 Zero Trust Network Access (ZTNA) 23.0% 20.9% $6.4B 10 $1.94B 3.3:1 VC Ahead
9 Threat Intelligence 27.3% 21.1% $6.9B 12 $3.16B 2.2:1 Oversupplied
10 Consent & Preference Mgmt 22.1% 18.6% $2.0B 7 $2.61B 0.8:1 Oversupplied

Source: Gartner 1Q26 Information Security Market Current Outlook (G00846158, March 2026). Growth rates in constant currency. Funding data from CB Insights, Crunchbase, PitchBook. Analysis by Software Strategies Blog, April 2026.

The table splits cleanly into three tiers. Five categories are underfunded or locked out (Gap Ratio above 9:1). Two sit in the middle. Three are oversupplied or ahead of the Gartner signal.

I update this comparison every quarter as Gartner releases new forecast data. Get the next one in your inbox.

The 3 widest gaps

Gap #1: CASB — 39:1, and the category is disappearing

Gartner projects cloud access security brokers reaching $7.1 billion by 2030 at a 24.3% CAGR. Total startup funding since January 2025: $182 million across just 4 companies.

Company Total Funding Last Round Lead Investor HQ Founded
Reco $85M $30M Series B Zeev Ventures New York 2020
Seraphic Security $44M $29M Series A GreatPoint Ventures Palo Alto / Israel 2020
Nudge Security $35M $22.5M Series A Cerberus Ventures Austin, TX 2021
Spin.AI $18M+ Undisclosed (K1) K1 Investment Mgmt Palo Alto 2017

The gap is structural, not cyclical. Pure-play CASB startups no longer exist as a standalone category. The buying motion has shifted to SASE platforms. Cato Networks raised $409 million in a Series G in June 2025, but that money funds a unified SASE platform spanning CASB, ZTNA, and SD-WAN.

For CISOs, the implication is direct. If your CASB requirement is standalone, your vendor options are Netskope, Skyhigh, Forcepoint, and a handful of sub-$50 million startups. Expect fewer competitive bids and less pricing leverage than in categories where VC is abundant.

Gap #2: CSPM — 21.5:1, the fastest-growing category is still starved

Cloud security posture management is the single fastest-growing category in Gartner’s entire information security forecast. 33.4% growth in 2026. $16.2 billion by 2030 at a 27.6% five-year CAGR. Total startup funding: $752 million across 6 companies.

Company Total Funding Last Round Lead Investor HQ Founded
Upwind Security $430M $250M Series B Bessemer Venture Partners San Francisco 2022
Noma Security $132M $100M Series B Evolution Equity Partners New York / Tel Aviv 2023
Sentra $100M+ $50M Series B Key1 Capital New York / Tel Aviv 2021
Native Security $42M $31M Series A Ballistic Ventures Tel Aviv / Seattle 2024
Mondoo $32.5M $17.5M Series A Ext HV Capital San Francisco 2020
AccuKnox $15M $4M Venture DreamIt Ventures Menlo Park 2020

Upwind alone accounts for 57% of all CSPM startup capital. It hit unicorn status at a $1.5 billion valuation in January 2026. But one company cannot fill a $16.2 billion market.

Alphabet’s $32 billion acquisition of Wiz in March 2026 removed the largest independent cloud security company from the startup market entirely. In my analysis of $3.6 billion in agentic AI security funding, I tracked how M&A is filling gaps that VC has not. CSPM is a category where that pattern is accelerating.

Gap #3: Vulnerability Assessment — 20.9:1, the most active seed-stage category

Gartner projects vulnerability assessment at $6.4 billion by 2030. Total VC: $306 million across 6 companies.

Company Total Funding Last Round Lead Investor HQ Founded
Zafran Security $130M $60M Series C Menlo Ventures New York 2022
Seemplicity $82M+ $50M Series B Sienna Venture Capital Tel Aviv 2020
Cogent Security $53M $42M Series A Bain Capital Ventures San Francisco 2024
Nucleus Security $20M+ $20M Series C Undisclosed Tampa, FL 2018
Onit Security $11M $11M Seed Hetz Ventures Tel Aviv 2025
ZAST.AI ~$10M $6M Pre-A Hillhouse Capital Seattle 2024

 

This is the category with the most active early-stage investment. Cogent Security and Onit Security both use AI agents for autonomous vulnerability remediation. Zafran tripled ARR since its prior round. The agentic AI thesis is landing hardest in vulnerability management, and the funding trail shows it.

Balbix, which had raised $98.6 million, was acquired in November 2025. For CISOs evaluating this category, the vendor field is young and fragmented. Half of the funded companies were founded in 2024 or later.

Where VC is ahead of Gartner

Three categories show the opposite pattern. In Consent & Preference Management, OneTrust alone has raised $2.1 billion against a $2.0 billion Gartner projection. In Threat Intelligence, $3.16 billion in VC against a $6.9 billion projection, but Dataminr ($1.24B) and ReliaQuest ($1.13B) account for 75% of the total. In ZTNA, Cato Networks’ $1.1 billion alone represents 57% of all category funding.

The concentration risk matters. Strip out the single largest company in each oversupplied category and the gap ratios invert. Consent without OneTrust: $510 million, Gap Ratio 3.9:1. Threat Intelligence without Dataminr and ReliaQuest: $790 million, Gap Ratio 8.7:1. ZTNA without Cato: $835 million, Gap Ratio 7.7:1.

M&A is filling the gaps VC won’t

When startups cannot fill the gap, platform vendors acquire. The $3.6 billion in agentic AI security funding and $96 billion in M&A I tracked in March tells this story at scale. Palo Alto Networks assembled $29 billion in acquisitions. ServiceNow spent $11.6 billion. Alphabet closed $32 billion for Wiz. Veeam acquired Securiti.ai for $1.725 billion, removing the leading subject rights automation vendor from the independent market.

Forrester’s 2026 cybersecurity budget data confirms the same pattern from the buyer side. Security budgets are growing, but the spend is concentrating in fewer, larger platform purchases.

What this means for CISOs

In underfunded categories, build internally or accept platform vendor lock-in. CSPM, vulnerability assessment, and CWPP all have Gap Ratios above 12:1. Fewer funded startups means fewer competitive alternatives. If your preferred vendor gets acquired, as Wiz, Securiti.ai, and Balbix all were, your roadmap depends on the acquirer’s priorities, not yours.

In oversupplied categories, use the competition for better pricing. ZTNA, threat intelligence, and consent management have abundant VC-backed alternatives. Negotiate harder. Run competitive evaluations with three or more vendors. The funding data tells you which categories give you leverage.

Watch for single-company concentration. Chainguard holds 70% of all CWPP startup funding. Cato holds 57% of ZTNA. OneTrust holds 80% of consent management. If any of these companies pivots, gets acquired, or fails, the category funding picture changes overnight.

Bottom line

Gartner projects $93.2 billion in 2030 spending across the 10 fastest-growing security categories. Venture capital has funded $11.2 billion in startups since January 2025. The 8.3:1 blended gap tells you the overall story. The category-level ratios tell you where to act.

Cloud security posture management, vulnerability assessment, and cloud workload protection are growing at 2x to 3x the market average but remain underfunded relative to Gartner’s projections. Two categories, firewall equipment and pure-play CASB, have no startup investment at all. Platform vendors are filling gaps through acquisition at a pace that is reshaping every competitive evaluation.

This is the third quarter I have tracked Gartner’s security forecast against independent funding data. The gap between enterprise demand and startup supply keeps widening. Gartner’s 2Q26 forecast lands in July. I will break down the updated Gap Ratios the week it drops. I wrote a shorter editorial take on what these gaps mean for CISO budgets on my Substack.

Source: Gartner, Information Security Market Current Outlook, Worldwide, 1Q26 (G00846158), March 2026. Growth rates in constant currency. Dollar figures in current U.S. dollars. Funding data from CB Insights, Crunchbase, PitchBook, Statista. Cross-referenced against company press releases. Analysis by Software Strategies Blog.

 

Oct 29

Gartner: 60% of CISOs are piloting GenAI, but only 20% see results

Made with Imagen

The global threatscape is becoming dominated by all forms of weaponized LLMs, AI, and conversational agents, all aimed at launching lethal attacks that cripple companies and entire supply chains in minutes.

Nation‑state actors and organized eCrime groups now use artificial intelligence, including generative AI (GenAI), to automate reconnaissance, weaponize access, and strike faster than most defenses can respond. To keep pace, enterprises and the CISOs leading them are turning to GenAI as a defensive multiplier.

 CISOs are remaining optimistic

Gartner’s latest research quantifies that adoption is accelerating, but measurable results remain elusive. Approximately 60 % of organizations are piloting or planning GenAI cybersecurity initiatives. Only 20% of security leaders say these programs have delivered beneficial outcomes so far. These figures are from the research firm’s recent research note, What GenAI Use Cases Are Organizations Pursuing Within Cybersecurity? published earlier this month. Forrester predicts that the first agentic AI breach will happen in 2026.

Yet, despite early hurdles, cybersecurity leaders remain optimistic. Nearly every CISO I’ve spoken with sees GenAI as pivotal for transforming threat detection, proactive hunting, rapid incident response, and extracting actionable insights from terabytes of telemetry data streaming from endpoints and events. They recognize GenAI as crucial to decoding adversary tradecraft, particularly as identity-based threats and weaponized machine-learning attacks accelerate, reshaping the global threatscape in real time.

Key takeaways

  • Code Analysis leads the pack. GenAI‑assisted code analysis is the most mature use case: 22% of enterprises use it today, and another 30% are piloting it. It addresses a persistent gap, as 69% of software‑engineering leaders cite insecure code remediation as a critical skills bottleneck.
  • GenAI shows potential in helping SOC teams spot vulnerabilities faster. Currently, 21% of organizations actively leverage GenAI to enhance vulnerability detection and remediation, with another 26% piloting these capabilities. Adoption is driven by GenAI’s ability to automate vulnerability identification and prioritize remediation workflows, addressing longstanding security bottlenecks and resource constraints. Despite intense interest, widespread implementation remains challenged by integration complexity and skepticism about AI-generated accuracy, emphasizing the need for incremental deployment aligned with existing cybersecurity metrics.
  • CISOs Shift from Ambition to Execution Gartner finds that the leaders gaining traction are those adopting “bite‑sized” implementations or use cases that fit into current processes, deliver quantifiable ROI, and build trust among analysts and engineers.

CISOs are dealing with a threatscape moving at machine speed

Given how lethal machine-driven attacks are becoming, exacerbated by the growing sophistication of weaponized AI, going on the offensive with GenAI is a choice more CISOs are considering.

  • Nearly every cybersecurity team wants to have a Gen AI pilot either complete or in process to see how it integrates with their planned arsenal for 2026. Most CISOs want some form of AI in their arsenals going into the new year, as many expect the intensity, ingenuity, and lethal impact of automated attacks will reach new levels next year. One told me confidentially she fully expects machine-on-machine breach attempts to grow six times over in 2026 as her financial services firm handles highly speculative assets, including cryptocurrency ETFs and investment products.
  • Breakout speed hits critical mass. CrowdStrike’s 2025 Global Threat Report reveals the alarming acceleration of attacks: the fastest observed eCrime intrusion took just 51 seconds to escalate from initial access to lateral movement, virtually eliminating defenders’ window to respond.
  • Living-off-the-Land tactics dominate and often evade legacy cyberdefense systems: Malware-free intrusions surged significantly, now comprising 81% of interactive attacks in 2025. This trend is corroborated by findings from Mandiant and IBM X-Force, indicating adversaries are bypassing traditional signature-based controls by exploiting legitimate tools native to the enterprise environment.
  • Nation-state activity reaching new record levels as weaponized tradecraft gains stealth and sophistication: CrowdStrike, Mandiant have documented triple-digit increases in operations linked to China, Iran, and North Korea. These attacks predominantly target telecommunications and critical infrastructure, reflecting geopolitical tensions and nation-states’ strategic prioritization of cyber-espionage.
  • Global threat consensus is clear and compelling: ENISA’s Threat Landscape 2025 report aligns precisely with intelligence from CrowdStrike, Mandiant, and IBM X-Force, verifying that nation-state actors now leverage AI-driven automation to execute attacks faster than enterprises can detect, let alone defend.

CrowdStrike Founder and CEO George Kurtz underscored the urgency clearly in a recent CNBC interview on October 23rd, stating, “Well, this is something that we’ve really been focused on for the last number of years is being able to protect agentic AI. And if you think about agentic AI, it has the capabilities to interact with data. It has the capabilities to interact with Compute. It has identities, non-human identities, but it operates at superhuman speed. So all of the challenges that we’ve seen over the many years of humans getting themselves into trouble is only going to be exasperated by agentic AI, and we need security like CrowdStrike is delivering to protect it”.

Practical guidance from CISOs adding GenAI to their arsenals

Gartner’s latest research, combined with interviews and discussions with CISOs, security leaders, and SOC leaders who are piloting and in some cases using GenAI-based platforms today, offers this advice:

  • Go deep on integration on pilots to see how strong the GenAI solution is as a contributor to your security tech stack: CISOs and SOC leaders tell me that this is the most reliable test of whether a GenAI platform or app will make the cut and get to production on their tech stack. Solid APIs that have been battle-tested by vendors who have a strong API management history have the inside track.
  • Outcome-driven use cases are a must-have:At its core, cybersecurity is a business decision. And in a digital-first world, protecting your brand is essential. Any Gen AI pilot needs to contribute to a use case that makes a solid contribution to solidifying a business’s ability to compete.
  • Start with time-tested, established metrics: Getting to a level of trust in GenAI is core to seeing if it is ready to progress from pilot into production. Evaluating GenAI effectiveness using established KPIs, including mean time to detect (MTTD) and mean time to respond (MTTR), at table stakes. CISOs and others running pilots caution about creating entirely new metrics just for GenAI. It obfuscates the total business impact of the technology.
  • Parallel human trust and governance: Gartner emphasizes investing in employee enablement and robust governance frameworks like NIST’s AI Risk Management Framework to foster confidence in GenAI adoption. Human oversight remains a vital layer of control. Human-in-the-middle is essential for any workflow.

Bottom Line

Nation-state adversaries measure their innovation in how lethal their attacks are, how stealth their tradecraft is, and how easily they can evade legacy security techniques. It’s a full cyberwar just a few steps away from a full-on kinetic war. Research from CrowdStrike, IBM, Mandiant, and many other companies shows machine-to-machine attacks orchestrated with Gen AI are accelerating, so much so that Forrester predicts an imminent AI breach next year. GenAI’s ability to identify new threats and stop them makes the technology work a look.