security architecture
As businesses compete to win and retain customers concerned about the privacy of their data, more firms are learning the value of a robust and effective security architecture. Get benchmarks and technical guidance here.
Insights
Blog
Announcing The Forrester Wave™ On Extended Detection And Response Platforms: Platformization, AI, And … AI
Last week, Forrester released The Forrester Wave™: Extended Detection And Response Platforms, Q2 2026. This is the third iteration of the extended detection and response (XDR) Wave, with prior versions published in 2021 and 2024. This Wave differs significantly from the past, especially because of: The number of vendors. This year, only seven vendors were […]
Blog
AI Is Moving Fast, But Trust Is Struggling To Keep Up: Why Security And Risk Leaders Can’t Miss Forrester’s AI Forum
AI adoption is accelerating, but confidence in its outcomes isn’t. At Forrester’s AI Forum 2026, security and risk leaders will learn how to shift from traditional protection to a trust-and-assurance mandate — with practical frameworks, real-world perspectives, and strategies to secure an increasingly agentic enterprise while enabling innovation.
Secure AI Agents Before You Scale
Scaling AI agents shouldn’t mean scaling exposure. Download Forrester’s AEGIS playbook to set guardrails on intent, authority, and access so that adoption stays accountable, auditable, and defensible.
Blog
Total Recall: A Cautionary Fable Of Anthropic And The US Government
On Friday, June 12, the same model class covered by our previous blog post went dark. Anthropic suspended Fable 5 and Mythos 5 worldwide after the US Department of Commerce issued an export control directive, which led to requests from prominent cybersecurity pros to undo the action. The bypass that triggered the export controls, per […]
Blog
How Fable 5 And Mythos 5 Change AI Security, Data Retention, And Vendor Risk
Anthropic’s Fable 5 and Mythos 5 is the most 2026 product launch you’ll read this year. The same model can find nation-state zero days, design novel drug candidates, and play FireRed on a Gameboy Advance with nothing but screenshots. And for the gaming fans out there, yes, we got Fable 5 before Fable 4. These […]
Blog
Announcing The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026
Our latest evaluation of workforce identity security providers, The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026 is now available! Workforce identity security is now a strategic pillar of modern cybersecurity, driven by the expansion of nonhuman identities, increasingly sophisticated identity‑based attacks, and the operational demands of Zero Trust. Organizations already grappling with identity sprawl across […]
Blog
AI Is Turning Unified Storage Into A Strategic Decision
Unified storage has long been treated as a pragmatic, commodity storage investment: Balance cost, simplify operations, move on. In a world of AI enablement and, consequently, downside AI risk, that mindset no longer holds. Agentic, autonomous AI use cases are making storage a strategic decision point to address capability needs, performance requirements, and GRC concerns. AI systems increasingly operate directly on live enterprise data, […]
Blog
Why Scaling Products Without Architecture Slows You Down
Product-centric operating models are now the default aspiration for digital organizations. Agile adoption continues to rise. Our data shows that 55% of firms in North America and Europe now use agile or product-centric ways of working, up double digits since 2023, while APAC adoption is approaching 50%. The promise is compelling: faster value delivery, empowered […]
Blog
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Blog
The Four EA Archetypes: A Story Of How EA Finds Its True Place
In nearly every enterprise architecture (EA) leadership conversation I’ve had this year, the same tension surfaces: The practice is doing real work, but stakeholders can’t describe what it delivers. Expectations have surged, roles have expanded, and transformation pressures are multiplying. Yet the practice remains invisible where it matters most. EA leaders need a clear anchor: […]
Blog
When Every Enterprise Architecture Tool Looks The Same …
The demos all blurred together — another week, another vendor pitch. Slide after slide promised a “single source of truth,” “360-degree visibility,” and “seamless collaboration across the enterprise.” The names and interfaces changed, but to the enterprise architecture (EA) leader in the room, it all felt like the same story with a different logo on […]
Blog
White House Announces The 2026 Cyber Strategy For America
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy released by the US in the last decade. The biggest challenge with the document […]
Blog
Unified Financial Crime Management Is Not Just For Small And Regional Banks
Fraud management and anti-money laundering (AML) solutions share common traits and requirements: Both are about risk scoring of entities (names, phone numbers, email addresses, accounts) and routing and investigating alerts and cases to AI agents and human investigators. While smaller, regional financial institutions (FIs) and insurers have always been motivated to consolidate tools and resources […]
Blog
How Philip Morris International’s Outcome‑Driven EA Practice Won The 2025 Forrester EA Award In EMEA
Philip Morris International (PMI) won Forrester’s 2025 Enterprise Architecture Award in the EMEA region by redesigning its operating model to make AI scalable, governed, and reusable from day one.
Blog
Claude Code Security Causes A SaaS-pocalypse In Cybersecurity
We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]
Blog
Enterprise Architects Have Stepped Out Of The Ivory Tower
For years, many enterprise architecture (EA) teams operated in isolation, building elaborate frameworks that few understood and even fewer used. Then something shifted: Architects started solving actual business problems instead of perfecting abstract models. Our research captures this turnaround. In 2023, only 35% of digital and IT professionals said architects add value; by 2025, that figure […]
Blog
Think Hardware Security Modules Aren’t Exciting? Think Post-Quantum Migration!
Hardware security modules (HSMs) are a key foundational security component of public key infrastructure. HSMs hold the crown-jewel keys for encryption and digital signatures and perform encryption and decryption operations on protected data and payment information. While HSMs have been in use for decades, they now play an oversized role in migrating to post-quantum security […]
Blog
The Success Of Your Proactive Security Strategy Depends On Your Answer To Six Questions
Proactive security has always been based on three principles: visibility, prioritization, and remediation. But in the age of AI, each principle will continue to experience challenges. In our latest research, The Future Of Proactive Security, we found that the future of proactive security hinges on how well teams answer six foundational questions across each principle: what, when, where, why, how, and who. Since AI accelerates […]
Blog
The Enterprise Architecture Management Suites Landscape, Q4 2025, Is Out!
Enterprise architecture (EA) leaders face unprecedented pressure to cut through complexity. Technology portfolios are sprawling, operating models are in flux, and the mandate for strategic alignment has never been more urgent.
Blog
MITRE ATT&CK Evaluations Return: More Coverage, More Nuance
There were many big changes in this latest round. Read our breakdown and what we learned.
Blog
AI Vendor Threat Research And Cybersecurity’s Cynicism Problem
For years, the security community decried the lack of transparency in public breach disclosure and communication. But when AI vendors break with old norms and publish how attackers exploit their platforms, that same community’s reaction is split. Some are treating this intelligence as a learning opportunity. Others are dismissing it as marketing noise. Unfortunately, some […]
More posts