Security management
Insights
Blog
Quantum Negligence On The Clock: The US Just Set The Egg Timer On Quantum Migration As An Enterprise Risk
The question is no longer whether organizations should prepare for the quantum era, but how they will prove that they acted in time. New US guidance elevates post-quantum cryptography migration from a technology initiative to a board-level risk management responsibility.
Blog
Identiverse 2026 Recap: Identity Security For Agentic AI Dominates
Last week’s Identiverse conference in Las Vegas left no doubt that the scope and importance of identity security is now magnified. Identiverse 2026 underscored the current transition in identity security as organizations grapple with an expanding universe of identities beyond humans. As Ping Identity CEO Andre Durand framed it in his opening keynote, the industry […]
Secure AI Agents Before You Scale
Scaling AI agents shouldn’t mean scaling exposure. Download Forrester’s AEGIS playbook to set guardrails on intent, authority, and access so that adoption stays accountable, auditable, and defensible.
Blog
Announcing The Forrester Wave™ On Extended Detection And Response Platforms: Platformization, AI, And … AI
Last week, Forrester released The Forrester Wave™: Extended Detection And Response Platforms, Q2 2026. This is the third iteration of the extended detection and response (XDR) Wave, with prior versions published in 2021 and 2024. This Wave differs significantly from the past, especially because of: The number of vendors. This year, only seven vendors were […]
Blog
Use The New Executive Order As A Canary For Enterprise PQC Migration And Procurement
On June 22, 2026, the White House issued a new executive order (EO), Securing the Nation Against Advanced Cryptographic Attacks. While it has direct implications for federal agencies, there are parts that are worth paying attention to for enterprise security and risk leaders. Here’s what’s worth your attention, whether or not you hold a federal […]
Blog
New Executive Order Makes PQC Migration A Multiyear Operational Program For Federal Security Leaders
For a private-sector CISO, a new US executive order (EO), Securing the Nation Against Advanced Cryptographic Attacks, is an additional signal and call to action. For federal security leaders, it’s an order with your name on it. The recap on what to do is short: Inventory your cryptography, name someone to run the migration, and […]
Blog
AI Is Moving Fast, But Trust Is Struggling To Keep Up: Why Security And Risk Leaders Can’t Miss Forrester’s AI Forum
AI adoption is accelerating, but confidence in its outcomes isn’t. At Forrester’s AI Forum 2026, security and risk leaders will learn how to shift from traditional protection to a trust-and-assurance mandate — with practical frameworks, real-world perspectives, and strategies to secure an increasingly agentic enterprise while enabling innovation.
Blog
The EU’s Digital Markets Act Meets The Mobile OS, Round Two
Tensions between regulators and mobile platform leaders are raising a critical question: How far should openness go when it could expose users to new risks? This blog explores the trade-offs between device freedom, platform safeguards, and the growing security implications of AI-powered assistants.
Save 10% On Our Technology & Innovation Forums This Summer
Register by July 31 to lock in summer advantage savings — 10% off your ticket to our Technology & Innovation Forums in Austin, New York City, or London. Turn ideas into action with frameworks and strategies you can use immediately.
Blog
Total Recall: A Cautionary Fable Of Anthropic And The US Government
On Friday, June 12, the same model class covered by our previous blog post went dark. Anthropic suspended Fable 5 and Mythos 5 worldwide after the US Department of Commerce issued an export control directive, which led to requests from prominent cybersecurity pros to undo the action. The bypass that triggered the export controls, per […]
Blog
How Fable 5 And Mythos 5 Change AI Security, Data Retention, And Vendor Risk
Anthropic’s Fable 5 and Mythos 5 is the most 2026 product launch you’ll read this year. The same model can find nation-state zero days, design novel drug candidates, and play FireRed on a Gameboy Advance with nothing but screenshots. And for the gaming fans out there, yes, we got Fable 5 before Fable 4. These […]
Blog
Announcing The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026
Our latest evaluation of workforce identity security providers, The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026 is now available! Workforce identity security is now a strategic pillar of modern cybersecurity, driven by the expansion of nonhuman identities, increasingly sophisticated identity‑based attacks, and the operational demands of Zero Trust. Organizations already grappling with identity sprawl across […]
Blog
Announcing Forrester’s 2026 Security & Risk Enterprise Leadership Award
Have a great story about leveraging security, privacy, and risk management to drive trust, resilience, and responsible innovation? We'd love to hear from you.
Blog
OpenAI’s Daybreak Promises To Improve AppSec But Introduces A New Pricing Model: Five Buyer-Side Implications For CISOs
OpenAI recently announced Daybreak, its vision for making agentic application security faster and more capable. While promising, Daybreak will also make security more expensive per unit of work. In this model, customers will pay for tokens and multiagent workflows burn tokens. CISOs and CIOs should budget for application security (AppSec) line-item inflation, not deflation, with […]
Save 10% On B2B Forum EMEA This Summer
Register by July 31 to lock in Summer Advantage savings — 10% off your ticket to B2B Forum EMEA (28–29 Sept, London). Leave with a plan to win in the GTM singularity as AI‑driven buyers rewrite the rules.
Blog
Brussels Takes Seven Member States To Court Over CER, And The Consequences Land On You
If you are a CISO at a critical-infrastructure organization in Bulgaria, France, Luxembourg, the Netherlands, Poland, Spain, or Sweden, your Critical Entities Resilience (CER) Directive enforcement clock just shortened. On May 7, 2026, the European Commission referred all seven member states to the Court of Justice of the European Union for failing to transpose the CER Directive more […]
Blog
Anthropic’s Claude Rolls Out End-User Identity Verification
Anthropic is now requiring select users to successfully complete a physical government-issued ID document verification (PIDV) process “for a few use cases,” although those use cases are not currently specified. Anthropic is the data controller in the process and will be using identify verification (IDV) provider Persona Identities to conduct the IDV process. IDV prompts […]
Blog
Game Over For Trust: A Roblox Cheat Gives Attackers The Advantage
A cascading supply chain attack did not start with a zero-day exploit, an unpatched vulnerability, or a brute-force attack. It started with a bored employee wanting to get ahead in an online game. A Context.ai employee downloaded a Roblox game cheat, an unofficial script for an online game that came bundled with Lumma Stealer malware […]
Blog
How CISOs Can Thrive Amid Geopolitical And Economic Uncertainty
Amid escalating geopolitical conflicts, economic turmoil, and ongoing tariff chaos, chief information security officers (CISOs) are operating in a prolonged state of uncertainty in which cyberattacks have become a new component of armed conflict, expanding the attack surface just as organizations are struggling to secure AI and critical infrastructure. Security leaders are also facing budget […]
Blog
Project Glasswing: The 10 Consequences Nobody’s Writing About Yet
Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.
Save 10% On Security & Risk Forum This Summer
Register by July 31 to lock in summer advantage savings — 10% off your ticket to Security & Risk Forum (Nov 9–10, Washington, DC). Leave ready to act with real‑world security and risk frameworks.
Blog
CISOs Have Plenty Of Work To Do In An AI-Driven Future
As AI becomes more embedded in fundamental business processes, organizations can no longer settle for “secure enough.” Learn how AI is redefining the CISO role — and actions that they can take today.
Blog
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Blog
RSAC Innovation Sandbox 2026: Two Sides Of AI On Display
AI already runs inside most enterprises. Forrester’s Q4 2025 AI Pulse Survey shows that 50% of organizations are piloting agentic AI, while 24% have it in production. Security teams are catching up after the fact. The RSAC Innovation Sandbox (ISB) finalists — Charm Security, Clearly AI, Crash Override, Fig Security, Geordie AI, Glide Identity, Humanix, […]
More posts