Security Services
Get information on the latest security services trends and let Forrester help you protect your organization’s digital assets.
Insights
Blog
How Fable 5 And Mythos 5 Change AI Security, Data Retention, And Vendor Risk
Anthropic’s Fable 5 and Mythos 5 is the most 2026 product launch you’ll read this year. The same model can find nation-state zero days, design novel drug candidates, and play FireRed on a Gameboy Advance with nothing but screenshots. And for the gaming fans out there, yes, we got Fable 5 before Fable 4. These […]
Blog
Announcing Forrester’s Top Cybersecurity Threats For 2026
AI innovation is moving at an unprecedented rate, and geopolitical tensions show no signs of easing. Forrester identifies these factors as two primary forces reshaping the threat landscape, placing additional strain on CISOs who are already stretched thin managing increasingly complex security programs. Anthropic’s Claude Mythos Preview and Project Glasswing are early signals of how […]
Secure AI Agents Before You Scale
Scaling AI agents shouldn’t mean scaling exposure. Download Forrester’s AEGIS playbook to set guardrails on intent, authority, and access so that adoption stays accountable, auditable, and defensible.
Blog
Autonomous Malware Is No Longer Theoretical: AI Worm Proof Of Concept Created In A Lab
On June 2, 2026, security researchers published a paper about the creation of an AI worm. The headline is as subtle as a fire alarm: This lab experiment of a worm is no longer just code that blindly crawls across your environment; it leverages AI models and can now reason, execute, and learn in complete […]
Blog
OpenAI’s Daybreak Promises To Improve AppSec But Introduces A New Pricing Model: Five Buyer-Side Implications For CISOs
OpenAI recently announced Daybreak, its vision for making agentic application security faster and more capable. While promising, Daybreak will also make security more expensive per unit of work. In this model, customers will pay for tokens and multiagent workflows burn tokens. CISOs and CIOs should budget for application security (AppSec) line-item inflation, not deflation, with […]
Blog
Project Glasswing: The 10 Consequences Nobody’s Writing About Yet
Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.
Blog
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Blog
RSAC Innovation Sandbox 2026: Two Sides Of AI On Display
AI already runs inside most enterprises. Forrester’s Q4 2025 AI Pulse Survey shows that 50% of organizations are piloting agentic AI, while 24% have it in production. Security teams are catching up after the fact. The RSAC Innovation Sandbox (ISB) finalists — Charm Security, Clearly AI, Crash Override, Fig Security, Geordie AI, Glide Identity, Humanix, […]
Blog
RSAC 2026: An AI Coming-Of-Age Story Without The Romance
RSAC Conference 2026 has come and gone. Gone, too, are the petting zoos of yesteryear, replaced this year by — of all things — pop-up tattoo parlors. Or as one attendee observed, “We’ve traded livestock for live needles.” This year’s attendance of over 43,500 was flat compared to 2025, but the sessions and exhibit floor […]
Blog
Prevent MDR-To-IR Handoff Chaos Before A Breach
Security leaders often assume that once they’ve invested in managed detection and response (MDR) services, the hardest parts of breach detection and response are behind them. Alerts are monitored. Playbooks exist. Someone is watching the environment 24/7. Then, they have a security incident. It escalates quickly. And the response feels less coordinated than expected. We […]
Blog
White House Announces The 2026 Cyber Strategy For America
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy released by the US in the last decade. The biggest challenge with the document […]
Blog
What We’re Looking Forward To At The RSAC 2026 Conference
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Blog
Claude Code Security Causes A SaaS-pocalypse In Cybersecurity
We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]
Blog
Weaponized Insiders Can Result In Big Consequences
The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]
Blog
Mastering An Effective Executive Tabletop Exercise: Deriving Maximum Value And Impact
So you’ve decided to run an executive tabletop exercise (TTX) and pulled off the Herculean feat of getting it scheduled. Will this be a career-limiting move or career highlight? Let’s go for the latter. Done right, a good TTX will drive tremendous value for the company and garner you accolades. I have yet to do […]
Blog
ServiceNow Buys Armis To Improve Its Proactive Security Platform
ServiceNow has announced its intent to acquire proactive security platform vendor Armis in a cash deal valued at $7.75 billion.
Blog
MITRE ATT&CK Evaluations Return: More Coverage, More Nuance
There were many big changes in this latest round. Read our breakdown and what we learned.
Blog
Insider Incidents Can Happen To Anyone
Managing insider risk requires steadfast focus, documenting policies, and following defined processes. Follow these four steps laid out in Forrester’s “Best Practices: Insider Risk Management” report to reduce insider risk.
Blog
Gold Rush Or Fool’s Gold? How To Evaluate Security Tools’ Generative AI Claims
Generative AI features and products for security are gaining significant traction in the market. Knowing how to evaluate them, however, remains a mystery. What makes a good AI feature? How do we know if the AI is effective or not? These are just some of the questions I receive on a regular basis from Forrester […]
Blog
Recorded Future Predict 2025: Intelligence To Operations … And Now To Action
Recorded Future held its Predict Global 2025 conference in New York City recently. Get some key highlights from the conference as well as a look ahead to the vendor’s Predict Europe 2025 event.
Blog
How F5 And SonicWall Revealed The Fragility Of The Software Supply Chain
The recent breaches at F5 and SonicWall illustrate how attackers are targeting the very infrastructure that enterprises rely on to secure and deliver digital services.
More posts