Security management
Insights
Blog
Total Recall: A Cautionary Fable Of Anthropic And The US Government
On Friday, June 12, the same model class covered by our previous blog post went dark. Anthropic suspended Fable 5 and Mythos 5 worldwide after the US Department of Commerce issued an export control directive, which led to requests from prominent cybersecurity pros to undo the action. The bypass that triggered the export controls, per […]
Blog
How Fable 5 And Mythos 5 Change AI Security, Data Retention, And Vendor Risk
Anthropic’s Fable 5 and Mythos 5 is the most 2026 product launch you’ll read this year. The same model can find nation-state zero days, design novel drug candidates, and play FireRed on a Gameboy Advance with nothing but screenshots. And for the gaming fans out there, yes, we got Fable 5 before Fable 4. These […]
Secure AI Agents Before You Scale
Scaling AI agents shouldn’t mean scaling exposure. Download Forrester’s AEGIS playbook to set guardrails on intent, authority, and access so that adoption stays accountable, auditable, and defensible.
Blog
Announcing The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026
Our latest evaluation of workforce identity security providers, The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026 is now available! Workforce identity security is now a strategic pillar of modern cybersecurity, driven by the expansion of nonhuman identities, increasingly sophisticated identity‑based attacks, and the operational demands of Zero Trust. Organizations already grappling with identity sprawl across […]
Blog
Announcing Forrester’s 2026 Security & Risk Enterprise Leadership Award
Have a great story about leveraging security, privacy, and risk management to drive trust, resilience, and responsible innovation? We'd love to hear from you.
Blog
OpenAI’s Daybreak Promises To Improve AppSec But Introduces A New Pricing Model: Five Buyer-Side Implications For CISOs
OpenAI recently announced Daybreak, its vision for making agentic application security faster and more capable. While promising, Daybreak will also make security more expensive per unit of work. In this model, customers will pay for tokens and multiagent workflows burn tokens. CISOs and CIOs should budget for application security (AppSec) line-item inflation, not deflation, with […]
Blog
Brussels Takes Seven Member States To Court Over CER, And The Consequences Land On You
If you are a CISO at a critical-infrastructure organization in Bulgaria, France, Luxembourg, the Netherlands, Poland, Spain, or Sweden, your Critical Entities Resilience (CER) Directive enforcement clock just shortened. On May 7, 2026, the European Commission referred all seven member states to the Court of Justice of the European Union for failing to transpose the CER Directive more […]
Blog
Anthropic’s Claude Rolls Out End-User Identity Verification
Anthropic is now requiring select users to successfully complete a physical government-issued ID document verification (PIDV) process “for a few use cases,” although those use cases are not currently specified. Anthropic is the data controller in the process and will be using identify verification (IDV) provider Persona Identities to conduct the IDV process. IDV prompts […]
Save 10% On Our Technology & Innovation Forums This Summer
Register by July 31 to lock in summer advantage savings — 10% off your ticket to our Technology & Innovation Forums in Austin, New York City, or London. Turn ideas into action with frameworks and strategies you can use immediately.
Blog
Game Over For Trust: A Roblox Cheat Gives Attackers The Advantage
A cascading supply chain attack did not start with a zero-day exploit, an unpatched vulnerability, or a brute-force attack. It started with a bored employee wanting to get ahead in an online game. A Context.ai employee downloaded a Roblox game cheat, an unofficial script for an online game that came bundled with Lumma Stealer malware […]
Blog
How CISOs Can Thrive Amid Geopolitical And Economic Uncertainty
Amid escalating geopolitical conflicts, economic turmoil, and ongoing tariff chaos, chief information security officers (CISOs) are operating in a prolonged state of uncertainty in which cyberattacks have become a new component of armed conflict, expanding the attack surface just as organizations are struggling to secure AI and critical infrastructure. Security leaders are also facing budget […]
Blog
Project Glasswing: The 10 Consequences Nobody’s Writing About Yet
Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.
Blog
CISOs Have Plenty Of Work To Do In An AI-Driven Future
As AI becomes more embedded in fundamental business processes, organizations can no longer settle for “secure enough.” Learn how AI is redefining the CISO role — and actions that they can take today.
Blog
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Save 10% On B2B Forum EMEA This Summer
Register by July 31 to lock in Summer Advantage savings — 10% off your ticket to B2B Forum EMEA (28–29 Sept, London). Leave with a plan to win in the GTM singularity as AI‑driven buyers rewrite the rules.
Blog
RSAC Innovation Sandbox 2026: Two Sides Of AI On Display
AI already runs inside most enterprises. Forrester’s Q4 2025 AI Pulse Survey shows that 50% of organizations are piloting agentic AI, while 24% have it in production. Security teams are catching up after the fact. The RSAC Innovation Sandbox (ISB) finalists — Charm Security, Clearly AI, Crash Override, Fig Security, Geordie AI, Glide Identity, Humanix, […]
Blog
RSAC 2026: An AI Coming-Of-Age Story Without The Romance
RSAC Conference 2026 has come and gone. Gone, too, are the petting zoos of yesteryear, replaced this year by — of all things — pop-up tattoo parlors. Or as one attendee observed, “We’ve traded livestock for live needles.” This year’s attendance of over 43,500 was flat compared to 2025, but the sessions and exhibit floor […]
Blog
Geopolitical Volatility Has Become A Technology Leadership Test
Geopolitical volatility is testing and redefining technology leadership, demanding sharper trade-offs, stronger resilience, and faster decisions from CIOs and CISOs. Read guidance from our new research to help navigate these challenges.
Blog
Prevent MDR-To-IR Handoff Chaos Before A Breach
Security leaders often assume that once they’ve invested in managed detection and response (MDR) services, the hardest parts of breach detection and response are behind them. Alerts are monitored. Playbooks exist. Someone is watching the environment 24/7. Then, they have a security incident. It escalates quickly. And the response feels less coordinated than expected. We […]
Blog
White House Announces The 2026 Cyber Strategy For America
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy released by the US in the last decade. The biggest challenge with the document […]
Save 10% On Security & Risk Forum This Summer
Register by July 31 to lock in summer advantage savings — 10% off your ticket to Security & Risk Forum (Nov 9–10, Washington, DC). Leave ready to act with real‑world security and risk frameworks.
Blog
Unified Financial Crime Management Is Not Just For Small And Regional Banks
Fraud management and anti-money laundering (AML) solutions share common traits and requirements: Both are about risk scoring of entities (names, phone numbers, email addresses, accounts) and routing and investigating alerts and cases to AI agents and human investigators. While smaller, regional financial institutions (FIs) and insurers have always been motivated to consolidate tools and resources […]
Blog
Announcing The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q1 2026
The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q1 2026 is now live, and it lands at a moment when security leaders are under real pressure to prove readiness and resilience. Automation and AI have compressed attacker timelines, blurred role boundaries across security teams, and exposed the limits of certification-first training models. What matters now […]
Blog
2026 Really Is This Risky: Our Top Recommendations For CISOs
Security leaders entered 2026 with little expectation that uncertainty will ease … ever. Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption. This is life now, and CISOs are being asked to move faster, support aggressive AI initiatives, and protect […]
More posts