Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.

As we move further into 2026, the security landscape continues to evolve in parallel with ongoing global uncertainty. Our latest report, “Top Recommendations For Your Security Program, 2026,” provides timely guidance for security leaders as they navigate another precarious year for their roles, programs, and organizations. Join us in this webinar to go over highlights from our 2026 recommendations and hear directly from the analysts making these calls.Key takeaways: Learn the most important recommendations for your security strategy in 2026 and our rationale behind them.Leverage our research and insights to guide your security program strategy.Understand how to prioritize changes in areas including AI and data governance, security budgets and staffing, post-quantum security, and critical infrastructure in the coming year.Target audience level: intermediate

In 1929, astronomer Edwin Hubble discovered something unsettling. The universe isn’t static; it’s expanding everywhere, simultaneously, at every scale. His simple equation (Hubble’s law) shows that galaxies are accelerating away from each other, and the farther they are, the faster they recede. Eventually, galaxies become so distant that they cross our observable horizon entirely — […]

Agentic AI expands your attack surface from apps and users to autonomous actors who plan, decide, and act across tools, data, and systems. Forrester’s Agentic AI Guardrails For Information Security (AEGIS) framework helps security leaders apply guardrails across six domains: governance, risk, and compliance; identity and access management; data security and privacy; application security; threat management; and Zero Trust architecture principles.In this webinar, we translate AEGIS from framework to technology reality. We walk through the technology control points and categories that security teams can deploy to enforce least agency, reduce Key takeaways: Reframe AI security from protecting apps and users to governing autonomous agents using AEGIS-aligned guardrails.Identify the critical technology control points, including AI runtime security, LLM gateways and firewalls, red teaming, model context protocol (MCP) security, and AI supply chain controls.Map AI security technology categories to the six AEGIS domains to clarify ownership, reduce overlap, and prioritize spend.Apply a phased, actionable roadmap that translates AEGIS from framework to deployable controls delivering continuous assurance.Target audience level: all levels

On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy released by the US in the last decade. The biggest challenge with the document […]

Our annual top security recommendations guide security leaders and their programs through 2026, a year of continued volatility, with advice on dealing with budget pressures, talent gaps, continued vendor consolidation and data sovereignty demands, and an intensifying threat landscape driven by geopolitical turmoil. We also provide recommendations for tackling challenges that are increasing in urgency, like AI governance and post-quantum security, to help leaders set a course before widespread adoption forces a scramble to respond.

This report uses data from Forrester’s Business Risk Survey, 2025 to examine the top three risk management technologies that enterprise organizations plan to implement in the next 12 months. Risk technologies are key to boosting risk management efforts, but priorities are nuanced by industry and region. Risk leaders can use these benchmarks to understand industry and regional risk technology trends.

Organizations struggle to make risk-informed decisions because traditional methods lack precision. Cyber risk quantification (CRQ) brings that precision, yet adoption lags due to cultural resistance and skepticism, data anxiety, and tool opacity. This report outlines a six-step approach to launch a successful CRQ initiative that anticipates these challenges. Use this report to pilot a CRQ initiative that delivers credible results without sacrificing momentum and prepares activities to scale it across the enterprise.

As enterprise risk management (ERM) shifts to a strategic advisory function that influences business decisions, most enterprises have a chief risk officer (CRO). However, accountability and reporting lines vary widely, which affects risk culture. Risk leaders should use this report to understand current trends for risk organizational model and reporting structure, benchmark their risk program, and modify their program accordingly.

The three lines of defense (3LOD) concept was first mentioned by the UK’s Financial Services Authority and then promoted by the Institute of Internal Auditors (IIA) in 2013; since then, the model has become ubiquitous among financial institutions. Although it’s often considered a pillar of enterprise risk management, make no mistake: 3LOD isn’t a framework for managing risk. Risk leaders must instead embrace a new way of managing risk using the Forrester Continuous Risk Management Model.