Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders.<\/em> Subscribe Now<\/em><\/p>\n\n\n\n \u201cWith volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities,\u201d states Forrester\u2019s 2026 Budget Planning Guide, revealing a fundamental shift in how organizations allocate cybersecurity resources.<\/p>\n\n\n\n Software now commands 40% of cybersecurity spending, exceeding hardware at 15.8%, outsourcing at 15% and surpassing personnel costs at 29% by 11 percentage points while organizations defend against gen AI attacks executing in milliseconds versus a Mean Time to Identify (MTTI) of 181 days according to IBM\u2019s latest Cost of a Data Breach Report.<\/p>\n\n\n\n Three converging threats are flipping cybersecurity on its head: what once protected organizations is now working against them. Generative AI (gen AI) is enabling attackers to craft 10,000 personalized phishing emails per minute using scraped LinkedIn profiles and corporate communications. NIST\u2019s 2030 quantum deadline threatens retroactive decryption of $425 billion in currently protected data. Deepfake fraud that surged 3,000% in 2024 now bypasses biometric authentication in 97% of attempts, forcing security leaders to reimagine defensive architectures fundamentally.<\/p>\n\n\n\n Caption: Software now commands 40% of cybersecurity budgets in 2025, representing an 11 percentage point premium over personnel costs at 29%, as organizations layer security solutions to combat gen AI threats executing in milliseconds. Source: Forrester\u2019s 2026 Budget Planning Guide<\/p>\n\n\n\n Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:<\/p>\n\n\n\n Secure your spot to stay ahead<\/strong>: https:\/\/bit.ly\/4mwGngO<\/p>\n\n\n\n Enterprise security teams managing 75 or more tools lose $18 million annually to integration and overhead alone. The average detection time remains 277 days, while attacks execute within milliseconds.<\/p>\n\n\n\n Gartner forecasts that interactive application security testing (IAST) tools will lose 80% of market share by 2026. Security Service Edge (SSE) platforms that promised streamlined convergence now add to the complexity they intended to solve. Meanwhile, standalone risk-rating products flood security operations centers with alerts that lack actionable context, leading analysts to spend 67% of their time on false positives, according to IDC\u2019s Security Operations Study.<\/p>\n\n\n\n The operational math doesn\u2019t work. Analysts require 90 seconds to evaluate each alert, but they receive 11,000 alerts daily. Each additional security tool deployed reduces visibility by 12% and increases attacker dwell time by 23 days, as reported in Mandiant\u2019s 2024 M-Trends Report. Complexity itself has become the enterprise\u2019s greatest cybersecurity vulnerability.<\/p>\n\n\n\n Platform vendors have been selling consolidation for years, capitalizing on the chaos and complexity that app and tool sprawl create. As George Kurtz, CEO of CrowdStrike, explained in a recent VentureBeat interview about competing with a platform in today\u2019s mercurially changing market conditions: \u201cThe difference between a platform and platformization is execution. You need to deliver immediate value while building toward a unified vision that eliminates complexity.\u201d<\/p>\n\n\n\n CrowdStrike\u2019s Charlotte AI automates alert triage and saves SOC teams over 40 hours every week by classifying millions of detections at 98% accuracy; that equals the output of five seasoned analysts and is fueled by Falcon Complete\u2019s expert-labeled incident corpus.<\/p>\n\n\n\n \u201cWe couldn\u2019t have done this without our Falcon Complete team,\u201d Elia Zaitsev, CTO at CrowdStrike, told VentureBeat in a recent interview. \u201cThey do triage as part of their workflow, manually handling millions of detections. That high-quality, human-annotated dataset is what made over 98% accuracy possible. We recognized that adversaries are increasingly leveraging AI to accelerate attacks. With Charlotte AI, we\u2019re giving defenders an equal footing, amplifying their efficiency and ensuring they can keep pace with attackers in real time.\u201d<\/p>\n\n\n\n CrowdStrike, Microsoft\u2019s Defender XDR with MDVM\/Intune, Palo Alto Networks, Netskope, Tanium and Mondoo now bundle XDR, SIEM and auto-remediation, transforming SOCs from delayed forensics sessions to the ability to perform real-time threat neutralization.<\/p>\n\n\n\n Forrester\u2019s guide finds 55% of global security technology decision-makers expect significant budget increases in the next 12 months. 15% anticipate jumps exceeding 10% while 40% expect increases between 5% and 10%. This spending surge reflects an asymmetric battlefield where attackers deploy gen AI to simultaneously target thousands of employees with personalized campaigns crafted from real-time scraped data.<\/p>\n\n\n\n Attackers are making the most of the advantages they\u2019re getting from adversarial AI, with speed, stealth and highly personalized, target attacks becoming the most lethal. \u201cFor years, attackers have been utilizing AI to their advantage,\u201d Mike Riemer, Field CISO at Ivanti, told VentureBeat. \u201cHowever, 2025 will mark a turning point as defenders begin to harness the full potential of AI for cybersecurity purposes.\u201d<\/p>\n\n\n\n Caption: 55% of security leaders expect budget increases above 5% in 2026, with Asia Pacific organizations leading at 22% expecting increases above 10% versus just 9% in North America. Source: Forrester\u2019s 2026 Budget Planning Guide<\/p>\n\n\n\n Regional spending disparities reveal threat landscape variations and how CISOs are responding to them. Asia Pacific organizations lead with 22% expecting budget increases above 10% versus just 9% in North America. Cloud security, on-premises technology and security awareness training top investment priorities globally.<\/p>\n\n\n\n VentureBeat continues to hear from security leaders about how crucial protecting the inference layer of AI model development is. Many consider it the new frontline of the future of cybersecurity. Inference layers are vulnerable to prompt injection, data exfiltration, or even direct model manipulation. These are all threats that demand millisecond-scale responses, not delayed forensic investigations.<\/p>\n\n\n\n Forrester\u2019s latest CISO spending guide underscores a profound shift in cybersecurity spending priorities, with cloud security leading all spending increases at 12%, closely followed by investments in on-premises security technology at 11%, and security awareness initiatives at 10%. These priorities reflect the urgency CISOs feel to strengthen defenses precisely at the critical moment of AI model inference.<\/p>\n\n\n\n \u201cAt Reputation, security is baked into our core architecture and enforced rigorously at runtime,\u201d Carter Rees, Vice President of Artificial Intelligence at Reputation, recently told VentureBeat. \u201cThe inference layer, the exact moment an AI model interacts with people, data, or tools, is where we apply our most stringent controls. Every interaction includes authenticated tenant and role contexts, verified in real-time by an AI security gateway.\u201d<\/p>\n\n\n\n Reputation\u2019s multi-tiered approach has become a de facto gold standard, blending proactive and reactive defenses. \u201cReal-time controls immediately take over,\u201d Rees explained. \u201cOur prompt firewall blocks unauthorized or off-topic inputs instantly, restricting tool and data access strictly to user permissions. Behavioral detectors proactively flag anomalies the moment they occur.\u201d<\/p>\n\n\n\n This rigorous runtime security approach extends equally into customer-facing systems. \u201cFor natural language interactions, our AI only pulls from explicitly customer-approved sources,\u201d Rees noted. \u201cEach generated response must transparently cite its sources. We verify citations match both tenant and context, routing for human review if they do not.\u201d<\/p>\n\n\n\n Quantum computing is quickly evolving from a theoretical concern into an immediate enterprise threat. Security leaders now face \u201charvest now, decrypt later\u201d (HNDL) attacks, where adversaries store encrypted data for future quantum-enabled decryption. Widely used encryption methods like 2048-bit RSA risk compromise once quantum processors reach operational scale with tens of thousands of reliable qubits.<\/p>\n\n\n\n The National Institute of Standards and Technology (NIST) finalized three critical Post-Quantum Cryptography (PQC) standards in August 2024, mandating encryption algorithm retirement by 2030 and full prohibition by 2035. Global agencies, including Australia\u2019s Signals Directorate, require PQC implementation by 2030.<\/p>\n\n\n\n Forrester urges organizations to prioritize PQC adoption for protecting sensitive data at rest, in transit, and in use. Security leaders should leverage cryptographic inventory and discovery tools, partnering with cryptoagility providers such as Entrust, IBM, Keyfactor, Palo Alto Networks, QuSecure, SandboxAQ, and Thales. Given quantum\u2019s rapid progression, CISOs need to factor in how they\u2019ll update encryption strategies to avoid obsolescence and vulnerability.<\/p>\n\n\n\n Machine identities now outnumber human users by a staggering 45:1 ratio, fueling a credential crisis beyond human management. Forrester\u2019s guide underscores scaling machine identity management as mission-critical to mitigating emerging threats. Gartner forecasts identity security spending to nearly double, reaching $47.1 billion by 2028.<\/p>\n\n\n\n Traditional endpoint approaches aren\u2019t capable of slowing down a growing onslaught of adversarial AI attacks. Ivanti\u2019s Daren Goeson recently told VentureBeat: \u201cAs these endpoints multiply, so does their vulnerability. Combining AI with Unified Endpoint Management (UEM) is increasingly essential.\u201d Ivanti\u2019s AI-driven Vulnerability Risk Rating (VRR) illustrates this benefit, enabling organizations to patch vulnerabilities 85% faster by identifying threats traditional scoring methods overlook, making AI-driven credential intelligence enterprise security at scale.<\/p>\n\n\n\n \u201cEndpoint devices such as laptops, desktops, smartphones, and IoT devices are essential to modern business operations. However, as their numbers grow, so do the opportunities for attackers to exploit endpoints and their applications, \u201dGoeson explained. \u00a0\u201cFactors like an expanded attack surface, insufficient security resources, unpatched vulnerabilities, and outdated software contribute to this rising risk. By adopting a comprehensive approach that combines UEM solutions with AI-powered tools, businesses significantly reduce their cyber risk and the impact of attacks,\u201d Goeson advised VentureBeat during a recent interview.<\/p>\n\n\n\n\n\n\n\n Forrester saves their immediate call to action in the guide for advising security leaders to begin divesting legacy security tools immediately, with a specific focus on interactive application security testing (IAST), standalone cybersecurity risk-rating (CRR) products, and fragmented Security Service Edge (SSE), SD-WAN, and Zero Trust Network Access (ZTNA) solutions.<\/p>\n\n\n\n Instead, Forrester advises, security leaders need to prioritize more integrated platforms that enhance visibility and streamline management. Unified Secure Access Service Edge (SASE) solutions from Palo Alto Networks and Netskope now provide essential consolidation. At the same time, integrated Third-Party Risk Management (TPRM) and continuous monitoring platforms from UpGuard, Panorays and RiskRecon replace standalone CRR tools the consulting firm advises.<\/p>\n\n\n\n Additionally, automated remediation powered by Microsoft\u2019s MDVM with Intune, Tanium\u2019s endpoint management, and DevOps-focused solutions like Mondoo has emerged as a critical capability for real-time threat neutralization.<\/p>\n\n\n\n Consolidating tools at inference\u2019s edge is the future of cybersecurity, especially as AI threats intensify. \u201cFor CISOs, the playbook is crystal clear,\u201d Rees concluded. \u201cConsolidate controls decisively at the inference edge. Introduce robust behavioral anomaly detection. Strengthen Retrieval-Augmented Generation (RAG) systems with provenance checks and defined abstain paths. Above all, invest heavily in runtime defenses and support the specialized teams who operate them. Execute this playbook, and you achieve secure AI deployments at true scale.\u201d<\/p>\n\n\n\n\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>![\"\"](\"https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/08\/figure-1.jpg?w=800\")
<\/figure>\n\n\n\n
\n\n\n\n\n
\n<\/div>\n\n\n\nSecurity budgets surge 10% as gen AI attacks outpace human defense<\/strong><\/h2>\n\n\n\n
![\"\"](\"https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/08\/figure-2.jpg?w=800\")
<\/figure>\n\n\n\nSoftware dominates budgets as runtime defenses become critical in 2026<\/strong><\/h2>\n\n\n\n
Quantum computing\u2019s accelerating risk<\/strong><\/h2>\n\n\n\n
Explosion of identities is fueling an AI-driven credential crisis<\/strong><\/h2>\n\n\n\n
CISOs must consolidate security at AI\u2019s inference edge or risk losing control<\/strong><\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n