Jeff Pollard
VP, Principal Analyst
Author Insights
Blog
The State Of Agentic AI In 2026: Companies Are Chasing, Few Are Catching
Most enterprises are chasing agentic AI; almost none have caught it. Forrester’s report, “The State Of Agentic AI, 2026,” digs into why investment isn’t turning into scale, why orchestration and governance lag ambition, and what separates the companies pulling ahead.
Blog
Anthropic’s Proposed IPO Will Change The Economics Of Enterprise AI
Anthropic has confidentially filed its S‑1 for a proposed IPO. On the surface, early investors, VCs, and late-stage backers are likely planning the biggest AI liquidity party of 2026. The company already has more money than it can spend after a fresh $65 billion Series H round at a $965 billion post-money valuation (nearly $1 […]
Hear more from Jeff Pollard
Upcoming Events
Security & Risk Forum
Upcoming Webinars
Check back soon for upcoming webinars.OnDemand Webinars
Check back soon for on-demand webinarsBlog
OpenAI’s Daybreak Promises To Improve AppSec But Introduces A New Pricing Model: Five Buyer-Side Implications For CISOs
OpenAI recently announced Daybreak, its vision for making agentic application security faster and more capable. While promising, Daybreak will also make security more expensive per unit of work. In this model, customers will pay for tokens and multiagent workflows burn tokens. CISOs and CIOs should budget for application security (AppSec) line-item inflation, not deflation, with […]
Blog
Five Eyes Cybersecurity Agencies’ Careful Agentic AI Adoption Guidance, Operationalized By AEGIS
On May 1, 2026, six national cybersecurity agencies — CISA, the NSA, Australia’s ASD ACSC, and their counterparts in Canada, New Zealand, and the UK — published “Careful adoption of agentic AI services.” This joint guidance is the first coordinated multigovernment security guidance specifically targeting agentic AI systems, and it carries the full weight of […]
Blog
Game Over For Trust: A Roblox Cheat Gives Attackers The Advantage
A cascading supply chain attack did not start with a zero-day exploit, an unpatched vulnerability, or a brute-force attack. It started with a bored employee wanting to get ahead in an online game. A Context.ai employee downloaded a Roblox game cheat, an unofficial script for an online game that came bundled with Lumma Stealer malware […]
Blog
Project Glasswing: The 10 Consequences Nobody’s Writing About Yet
Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.
Blog
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Blog
RSAC Innovation Sandbox 2026: Two Sides Of AI On Display
AI already runs inside most enterprises. Forrester’s Q4 2025 AI Pulse Survey shows that 50% of organizations are piloting agentic AI, while 24% have it in production. Security teams are catching up after the fact. The RSAC Innovation Sandbox (ISB) finalists — Charm Security, Clearly AI, Crash Override, Fig Security, Geordie AI, Glide Identity, Humanix, […]
Blog
RSAC 2026: An AI Coming-Of-Age Story Without The Romance
RSAC Conference 2026 has come and gone. Gone, too, are the petting zoos of yesteryear, replaced this year by — of all things — pop-up tattoo parlors. Or as one attendee observed, “We’ve traded livestock for live needles.” This year’s attendance of over 43,500 was flat compared to 2025, but the sessions and exhibit floor […]
Blog
Please Test Your AI Agents — Like, At All
Recent, public AI agent and bot failures have exposed the hazards of forgoing testing. Here’s what you should do before rolling out your own agents.
Blog
Prevent MDR-To-IR Handoff Chaos Before A Breach
Security leaders often assume that once they’ve invested in managed detection and response (MDR) services, the hardest parts of breach detection and response are behind them. Alerts are monitored. Playbooks exist. Someone is watching the environment 24/7. Then, they have a security incident. It escalates quickly. And the response feels less coordinated than expected. We […]
Blog
White House Announces The 2026 Cyber Strategy For America
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy released by the US in the last decade. The biggest challenge with the document […]
Blog
2026 Really Is This Risky: Our Top Recommendations For CISOs
Security leaders entered 2026 with little expectation that uncertainty will ease … ever. Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption. This is life now, and CISOs are being asked to move faster, support aggressive AI initiatives, and protect […]
Blog
What We’re Looking Forward To At The RSAC 2026 Conference
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Blog
Claude Code Security Causes A SaaS-pocalypse In Cybersecurity
We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]
Blog
When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise
The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]
Blog
Ready For OpenClaw To Pry Into Your Environment And Grip Your Data
A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.
Blog
My Tips For Crushing Your Analyst Briefings And Wowing The Analyst
Former Forrester analyst Josh Zelonis blogged about how to deliver successful vendor briefings years ago. I’m updating his blog with my own thoughts as a “recovering marketer,” Forrester analyst, and research director. This blog is a collection of my top tips for briefing analysts, with contributions from other security and risk analysts.
Blog
AI Vendor Threat Research And Cybersecurity’s Cynicism Problem
For years, the security community decried the lack of transparency in public breach disclosure and communication. But when AI vendors break with old norms and publish how attackers exploit their platforms, that same community’s reaction is split. Some are treating this intelligence as a learning opportunity. Others are dismissing it as marketing noise. Unfortunately, some […]
Blog
Predictions 2026: Trust And Privacy — How GenAI, Deepfakes, And Privacy Tech Will Affect Trust Globally
As consumers and businesses learn to operate in a permanent state of skepticism, our trust and privacy predictions reveal how organizations must adapt to survive — and thrive
More posts