Forrester forecasts agentic AI breaches & quantum spending surge by 2026

Forrester has released a new report outlining key trends anticipated to shape the cybersecurity, risk, and privacy landscape in 2026.

The Predictions 2026: Cybersecurity and Risk report points towards major shifts in technology and regulatory approaches that organisations worldwide will need to navigate, including the likely occurrence of the first public breach caused by agentic artificial intelligence (AI), accelerated spending on quantum security, and increasing government intervention in critical communication infrastructures.

Agentic AI breach risks

Forrester forecasts that 2026 will see the first public data breach stemming from the deployment of agentic AI, a technology defined by systems of autonomous agents capable of making decisions without direct human input. The report notes that, since the adoption of generative AI, incidents involving compromised data have grown, particularly where sensitive information's integrity or availability is concerned.

As businesses move to integrate agentic AI workflows, Forrester warns that these risks will be amplified. AI systems operating without sufficient oversight could prioritise delivery speed over accuracy, especially in direct customer interactions. This scenario increases the likelihood of errors or data mishandling. When such failures occur, organisational responses may differ. While some businesses may attribute the blame to the AI systems themselves, others might hold individual employees accountable, potentially resulting in dismissals.

Quantum security investments

Another key prediction is a marked rise in spending on quantum security. Forrester estimates that more than 5% of the total IT security budget will be allocated to this area in 2026. This increase is driven by concerns that commercial quantum computers could be capable of breaking current asymmetric cryptography-such as RSA and ECC-within a decade or less, accelerated by ongoing advances in the technology.

The US National Institute of Standards and Technology (NIST) has provided guidance for phasing out support for current cryptographic systems, recommending that RSA and ECC be deprecated by 2030 and fully disallowed by 2035. Organisations are therefore expected to increase quantum-related security spending on consulting, as well as tools for cryptographic discovery and inventory, in order to prepare for this transition and mitigate future risks.

Government control of telecom infrastructure

The report also anticipates that by 2026, five national governments will move to nationalise or impose further restrictions on vital telecom infrastructure. According to Forrester, the telecommunications sector depends on extensive, often insecure IoT ecosystems that are regularly targeted by cybercriminals. Additionally, the growth in space assets such as Low Earth Orbit (LEO) satellites introduces new vulnerabilities.

As a result, several governments are expected to exert greater control over the security of telecom networks, aiming to address these challenges and reduce exposure to such vulnerabilities.

EU advances in vulnerability management

Forrester predicts that the European Union will establish its own known exploited vulnerability (KEV) database, seeking to reduce its reliance on foreign cybersecurity systems. The EU's unified cyberlaws are expected to help it advance in vulnerability cataloguing and intelligence sharing, potentially enabling faster and more coordinated responses to emerging threats than current equivalents, such as those managed by the US Cybersecurity and Infrastructure Security Agency (CISA).

Asia Pacific outlook

"In 2026, security leaders in Asia Pacific will face unprecedented pressure to evolve as the risk landscape shifts rapidly," said Jinan Budge, VP and Research Director at Forrester. "The rise of agentic AI will introduce new breach scenarios, prompting organisations to balance innovation with new layers of accountability. We anticipate accelerated investment in quantum security as the region prepares for quantum computing's disruption of encryption standards."

Cybersecurity market trends

Alongside these predictions, Forrester's Global Cybersecurity Market Forecast, 2024 to 2029, projects global spending on cybersecurity products and services will experience a compound annual growth rate of 14.4% from 2024 through 2029. By 2029, this figure is expected to reach USD $302.5 billion, as organisations across sectors continue to prioritise cyber resilience.

The report also divides anticipated expenditure across major cybersecurity categories, forecasting that 69% of the total in 2029 will be directed towards software across seven main cybersecurity disciplines: applications, cloud, data, endpoint, network, identity, and security operations. The remaining spending will be channelled into security services, excluding outsourcing, implementation, and deployment services.

Mergers and acquisitions in legacy IT

Forrester further expects established IT vendors to pursue strategic acquisitions in an effort to maintain relevance amid shifting security demands and technological change. These moves are likely to reshape the vendor landscape as traditional players respond to evolving threats and customer needs.