Uncertainty and change aren’t new for cybersecurity; they are its operating system. Security leaders must now handle a threat landscape influenced by two forces that don’t politely take turns: breakneck AI innovations and geopolitical volatility. This report lays out the five threats that will impact security teams the most in 2026: near-autonomous attacks from nation-states, concerns over AI agent threats, non-negotiable AI software supply chains, provenance and IAM risks of AI agents, and digital sovereignty spanning regions and tech stacks. Security and risk professionals can use this report to understand, prioritize, and respond to these threats in 2026.

We’ve identified the eight most important identity and access management (IAM) trends in 2026. They include the elevation of AI agent identities, accelerating digital identity adoption, advances in agentic AI-driven authorization, the convergence of IAM practices due to the explosion in nonhuman identities, and the increasing pressure for IAM crypto agility. This report provides security and risk leaders with actionable guidance on how to respond to these key trends in 2026.

A request for information (RFI) document serves to obtain consistent information across multiple services, solution partners, or vendors. The purpose of an RFI is to identify differences, assess the best fit for the organization’s specific needs, and facilitate an informed decision-making process. This template is meant to streamline your process to request information from identity and access management (IAM) consulting services firms.

Our latest evaluation of workforce identity security providers, The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026 is now available! Workforce identity security is now a strategic pillar of modern cybersecurity, driven by the expansion of nonhuman identities, increasingly sophisticated identity‑based attacks, and the operational demands of Zero Trust. Organizations already grappling with identity sprawl across […]

In our evaluation of workforce identity security platform providers, we identified the most significant ones and researched, analyzed, and scored them. This report shows how each provider measures up and helps you select the right one for your needs.

On May 1, 2026, six national cybersecurity agencies — CISA, the NSA, Australia’s ASD ACSC, and their counterparts in Canada, New Zealand, and the UK — published “Careful adoption of agentic AI services.” This joint guidance is the first coordinated multigovernment security guidance specifically targeting agentic AI systems, and it carries the full weight of […]

Anthropic is now requiring select users to successfully complete a physical government-issued ID document verification (PIDV) process “for a few use cases,” although those use cases are not currently specified. Anthropic is the data controller in the process and will be using identify verification (IDV) provider Persona Identities to conduct the IDV process. IDV prompts […]

Supply chain challenges and changes, new partnership-first customer acquisition models, and the infiltration of AI agents and the security they require are increasing the importance of effective and scalable human and machine identity and access management for business partners (B2B IAM). In this report, we review best practices for B2B IAM and review architectural options for delegated administration and authentication.

A cascading supply chain attack did not start with a zero-day exploit, an unpatched vulnerability, or a brute-force attack. It started with a bored employee wanting to get ahead in an online game. A Context.ai employee downloaded a Roblox game cheat, an unofficial script for an online game that came bundled with Lumma Stealer malware […]

Today’s organizations utilize service accounts, certificates, API keys, and other nonhuman identities (NHIs) that far outnumber human users but remain inconsistently governed and poorly inventoried. To contain this expanding risk surface, security leaders must elevate machine identity management to a strategic priority, embed rigorous governance, and enforce lifecycle controls that match cloud and DevOps velocity. This report outlines best practices for machine identity management.