Security management

Insights

Blog

Quantum Negligence On The Clock: The US Just Set The Egg Timer On Quantum Migration As An Enterprise Risk

Alla Valente July 2, 2026
The question is no longer whether organizations should prepare for the quantum era, but how they will prove that they acted in time. New US guidance elevates post-quantum cryptography migration from a technology initiative to a board-level risk management responsibility.
Blog

Identiverse 2026 Recap: Identity Security For Agentic AI Dominates

Andras Cser June 25, 2026
Last week’s Identiverse conference in Las Vegas left no doubt that the scope and importance of identity security is now magnified. Identiverse 2026 underscored the current transition in identity security as organizations grapple with an expanding universe of identities beyond humans. As Ping Identity CEO Andre Durand framed it in his opening keynote, the industry […]

Secure AI Agents Before You Scale

Scaling AI agents shouldn’t mean scaling exposure. Download Forrester’s AEGIS playbook to set guardrails on intent, authority, and access so that adoption stays accountable, auditable, and defensible.

Blog

Announcing The Forrester Wave™ On Extended Detection And Response Platforms: Platformization, AI, And … AI

Allie Mellen June 25, 2026
Last week, Forrester released The Forrester Wave™: Extended Detection And Response Platforms, Q2 2026. This is the third iteration of the extended detection and response (XDR) Wave, with prior versions published in 2021 and 2024. This Wave differs significantly from the past, especially because of: The number of vendors. This year, only seven vendors were […]
Blog

Use The New Executive Order As A Canary For Enterprise PQC Migration And Procurement

Heidi Shey June 24, 2026
On June 22, 2026, the White House issued a new executive order (EO), Securing the Nation Against Advanced Cryptographic Attacks. While it has direct implications for federal agencies, there are parts that are worth paying attention to for enterprise security and risk leaders. Here’s what’s worth your attention, whether or not you hold a federal […]
Blog

New Executive Order Makes PQC Migration A Multiyear Operational Program For Federal Security Leaders

Heidi Shey June 24, 2026
For a private-sector CISO, a new US executive order (EO), Securing the Nation Against Advanced Cryptographic Attacks, is an additional signal and call to action. For federal security leaders, it’s an order with your name on it. The recap on what to do is short: Inventory your cryptography, name someone to run the migration, and […]
Blog

AI Is Moving Fast, But Trust Is Struggling To Keep Up: Why Security And Risk Leaders Can’t Miss Forrester’s AI Forum

Jinan Budge June 24, 2026
AI adoption is accelerating, but confidence in its outcomes isn’t. At Forrester’s AI Forum 2026, security and risk leaders will learn how to shift from traditional protection to a trust-and-assurance mandate — with practical frameworks, real-world perspectives, and strategies to secure an increasingly agentic enterprise while enabling innovation.
Blog

The EU’s Digital Markets Act Meets The Mobile OS, Round Two

Paddy Harrington June 24, 2026
Tensions between regulators and mobile platform leaders are raising a critical question: How far should openness go when it could expose users to new risks? This blog explores the trade-offs between device freedom, platform safeguards, and the growing security implications of AI-powered assistants.

Save 10% On Our Technology & Innovation Forums This Summer

Register by July 31 to lock in summer advantage savings — 10% off your ticket to our Technology & Innovation Forums in Austin, New York City, or London. Turn ideas into action with frameworks and strategies you can use immediately.

Blog

Total Recall: A Cautionary Fable Of Anthropic And The US Government

Jeff Pollard June 15, 2026
On Friday, June 12, the same model class covered by our previous blog post went dark. Anthropic suspended Fable 5 and Mythos 5 worldwide after the US Department of Commerce issued an export control directive, which led to requests from prominent cybersecurity pros to undo the action. The bypass that triggered the export controls, per […]
Blog

How Fable 5 And Mythos 5 Change AI Security, Data Retention, And Vendor Risk

Jeff Pollard June 10, 2026
Anthropic’s Fable 5 and Mythos 5 is the most 2026 product launch you’ll read this year. The same model can find nation-state zero days, design novel drug candidates, and play FireRed on a Gameboy Advance with nothing but screenshots. And for the gaming fans out there, yes, we got Fable 5 before Fable 4. These […]
Blog

Announcing The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026

Geoff Cairns May 21, 2026
Our latest evaluation of workforce identity security providers, The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026 is now available! Workforce identity security is now a strategic pillar of modern cybersecurity, driven by the expansion of nonhuman identities, increasingly sophisticated identity‑based attacks, and the operational demands of Zero Trust. Organizations already grappling with identity sprawl across […]
Blog

Announcing Forrester’s 2026 Security & Risk Enterprise Leadership Award

Stephanie Balaouras May 18, 2026
Have a great story about leveraging security, privacy, and risk management to drive trust, resilience, and responsible innovation? We'd love to hear from you.
Blog

OpenAI’s Daybreak Promises To Improve AppSec But Introduces A New Pricing Model: Five Buyer-Side Implications For CISOs

Jeff Pollard May 13, 2026
OpenAI recently announced Daybreak, its vision for making agentic application security faster and more capable. While promising, Daybreak will also make security more expensive per unit of work. In this model, customers will pay for tokens and multiagent workflows burn tokens. CISOs and CIOs should budget for application security (AppSec) line-item inflation, not deflation, with […]

Save 10% On B2B Forum EMEA This Summer

Register by July 31 to lock in Summer Advantage savings — 10% off your ticket to B2B Forum EMEA (28–29 Sept, London). Leave with a plan to win in the GTM singularity as AI‑driven buyers rewrite the rules.

Blog

Brussels Takes Seven Member States To Court Over CER, And The Consequences Land On You

Madelein van der Hout May 8, 2026
If you are a CISO at a critical-infrastructure organization in Bulgaria, France, Luxembourg, the Netherlands, Poland, Spain, or Sweden, your Critical Entities Resilience (CER) Directive enforcement clock just shortened. On May 7, 2026, the European Commission referred all seven member states to the Court of Justice of the European Union for failing to transpose the CER Directive more […]
Blog

Anthropic’s Claude Rolls Out End-User Identity Verification

Andras Cser May 4, 2026
Anthropic is now requiring select users to successfully complete a physical government-issued ID document verification (PIDV) process “for a few use cases,” although those use cases are not currently specified. Anthropic is the data controller in the process and will be using identify verification (IDV) provider Persona Identities to conduct the IDV process. IDV prompts […]
Blog

Game Over For Trust: A Roblox Cheat Gives Attackers The Advantage

Janet Worthington April 27, 2026
A cascading supply chain attack did not start with a zero-day exploit, an unpatched vulnerability, or a brute-force attack. It started with a bored employee wanting to get ahead in an online game. A Context.ai employee downloaded a Roblox game cheat, an unofficial script for an online game that came bundled with Lumma Stealer malware […]
Blog

How CISOs Can Thrive Amid Geopolitical And Economic Uncertainty

Merritt Maxim April 20, 2026
Amid escalating geopolitical conflicts, economic turmoil, and ongoing tariff chaos, chief information security officers (CISOs) are operating in a prolonged state of uncertainty in which cyberattacks have become a new component of armed conflict, expanding the attack surface just as organizations are struggling to secure AI and critical infrastructure. Security leaders are also facing budget […]
Blog

Project Glasswing: The 10 Consequences Nobody’s Writing About Yet

Jeff Pollard April 10, 2026
Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.

Save 10% On Security & Risk Forum This Summer

Register by July 31 to lock in summer advantage savings — 10% off your ticket to Security & Risk Forum (Nov 9–10, Washington, DC). Leave ready to act with real‑world security and risk frameworks.

Blog

CISOs Have Plenty Of Work To Do In An AI-Driven Future

Amy DeMartine April 9, 2026
As AI becomes more embedded in fundamental business processes, organizations can no longer settle for “secure enough.” Learn how AI is redefining the CISO role — and actions that they can take today.
Blog

Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook

Erik Nost April 8, 2026
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Blog

RSAC Innovation Sandbox 2026: Two Sides Of AI On Display

Heidi Shey April 3, 2026
AI already runs inside most enterprises. Forrester’s Q4 2025 AI Pulse Survey shows that 50% of organizations are piloting agentic AI, while 24% have it in production. Security teams are catching up after the fact. The RSAC Innovation Sandbox (ISB) finalists — Charm Security, Clearly AI, Crash Override, Fig Security, Geordie AI, Glide Identity, Humanix, […]
More posts