Artificial IntelligenceCyber Safety

Forrester Predicts First Public Agentic AI Breach and More in 2026

An Agentic AI Breach Is Bound to Happen—and It Might as Early as Next Year

Forrester has released “Predictions 2026: Cybersecurity and Risk” which outlines pivotal trends set to redefine the cybersecurity, risk, and privacy landscape in the year ahead. The report anticipates the first public breach caused by agentic AI (or an agentic AI breach), a surge in quantum security investments exceeding 5% of total IT security budgets, and heightened government control over critical communications infrastructure. It also forecasts the EU’s launch of its own exploited vulnerability database and strategic acquisitions by legacy IT vendors seeking relevance in a rapidly evolving threat environment.

Below are more details on some of the 2026 predictions:

  • An agentic AI deployment will cause a public breach and lead to employee dismissals. Since its launch, GenAI has caused several data breaches or affected the integrity or availability of sensitive data. As companies begin building agentic AI workflows, these issues will become more prevalent. Without the right guardrails, systems of autonomous AI agents may sacrifice accuracy for delivery speed, especially when interacting directly with customers. When these failures occur, some companies will treat AI agents as their own entities, but others will point fingers at individual employees.
  • Quantum security spending will exceed 5% of the overall IT security budget. Forrester estimates commercial quantum computers will break today’s asymmetric cryptography in less than 10 years or sooner, given regular advances. Meanwhile, NIST guidance dictates that RSA and ECC support will be deprecated in 2030 and disallowed in 2035. In response, security teams will rapidly ramp up quantum security spending in several areas, including consulting services, and cryptographic discovery and inventory tools.
  • Five governments will nationalise or place restrictions on critical telecom infrastructure. Telecom relies on vast IoT ecosystems that are notoriously insecure and frequently exploited while the rapid rise of space infrastructure like LEO satellites adds new attack surfaces. To counter, governments will assert unprecedented control over telecom security.
  • The EU will establish its own known exploited vulnerability (KEV) database. Forrester expects the EU to improve and establish its own KEV catalogue. It will outpace CISA because the EU has unified its cyberlaws to reduce reliance on foreign systems. This will expedite and improve vulnerability coordination, disclosure, and intelligence across borders.

“In 2026, security leaders in Asia Pacific will face unprecedented pressure to evolve as the risk landscape shifts rapidly,” said Jinan Budge, VP and Research Director at Forrester. “The rise of agentic AI will introduce new breach scenarios (i.e., agentic AI breach), prompting organisations to balance innovation with new layers of accountability. We anticipate accelerated investment in quantum security as the region prepares for quantum computing’s disruption of encryption standards.”

In addition to the 2026 Predictions report, Forrester has also released “Global Cybersecurity Market Forecast, 2024 To 2029” which finds that global spending on cybersecurity products and services will see a strong 14.4% CAGR from 2024 through 2029 and will hit USD $302.5 billion in 2029, driven by continued concerns around cyberattacks across all verticals and geographies. In 2029, 69% of cybersecurity spending will be on software across seven prime functional disciplines of cybersecurity (applications, cloud, data, endpoint, network, identity, and security operations); the remaining spending will be allocated to security services, excluding security outsourcing, implementation, and deployment services.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *