AI agents – task-specific models designed to operate autonomously or semi-autonomously given instructions — are being widely implemented across enterprises (up to 79% of all surveyed for a PwC report earlier this year). But they're also introducing new security risks.

When an agentic AI security breach happens, companies may be quick to fire employees and assign blame, but slower to identify and fix the systemic failures that enabled it.

Forrester’s Predictions 2026: Cybersecurity and Risk predicts that the first agentic AI breach will lead to dismissals, adding that geopolitical turmoil and the pressure being put on CISOs and CIOs to deploy agentic AI quickly, while minimizing the risks.

CISOs are in for a challenging 2026

Those in organizations who compete globally are in for an especially tough next twelve months as governments move to more tightly regulate and outright control critical communication infrastructure.

Forrester also predicts the EU will establish its own known exploited vulnerability database, which translates into immediate demand for regionalized security pros that CISOs will also need to find, recruit, and hire fast if this prediction happens.

Forrester also predicts that quantum‑security spending will exceed 5% of overall IT security budgets, a plausible outcome given researchers’ steady progress toward quantum‑resistant cryptography and enterprises’ urgency to pre‑empt the ‘harvest now, decrypt later’ threat.”

Of the five major challenges CISOs will face in 2026, none is more lethal and has the potential to completely reorder the threat landscape as agentic AI breaches and the next generation of weaponized AI.

How CISOs are tacking agentic AI threats head-on

“The adoption of agentic AI introduces entirely new security threats that bypass traditional controls. These risks span data exfiltration, autonomous misuse of APIs, and covert cross-agent collusion, all of which could disrupt enterprise operations or violate regulatory mandates,” Jerry R. Geisler III, Executive Vice President and Chief Information Security Officer at Walmart Inc., told VentureBeat in a recent interview.

Geisler continued, articulating Walmart’s direction. “Our strategy is to build robust, proactive security controls using advanced AI Security Posture Management (AI-SPM), ensuring continuous risk monitoring, data protection, regulatory compliance and operational trust.”

Implicit in agentic AI are the risks of what happens when agents don’t get along, compete for resources, or worse, lack the basic architecture to ensure minimum viable security (MVS). Forrester defines MVS as an approach to integrate security , writing that “in early-stage concept testing, without slowing down the product team. As the product evolves from early-stage concept testing to an alpha release to a beta release and onward, MVS security activities also evolve, until it is time to leave MVS behind.”

Sam Evans, CISO of Clearwater Analytics provided insights into how he addressed the challenge in a recent VentureBeat interview. “I remember when one of the first board meetings I was in, they asked me, "So what are your thoughts on ChatGPT?" I said, "Well, it's an incredible productivity tool. However, I don't know how we could let our employees use it, because my biggest fear is somebody copies and pastes customer data into it, or our source code, which is our intellectual property."

Evans’ company manages $8.8 trillion in assets. "The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don't manage," Evans told VentureBeat. "The employee not knowing any different or trying to solve a problem for a customer...that data helps train the model."

Evans elaborated, “But I didn't just come to the board with my concerns and problems. I said, 'Well, here's my solution. I don't want to stop people from being productive, but I also want to protect it.' When I came to the board and explained how these enterprise browsers work, they're like, 'Okay, that makes much sense, but can you really do it?'

Following the board meeting, Evans and his team began an in-depth and comprehensive due diligence process that resulted in Clearwater choosing Island.

Boardrooms are handing CISOs a clear, urgent mandate: secure the latest wave of AI and agentic‑AI apps, tools and platforms so organizations can unlock productivity gains immediately without sacrificing security or slowing innovation.

The velocity of agent deployments across enterprises has pushed the pressure to deliver value at breakneck speed higher than it’s ever been. As George Kurtz, CEO and founder of CrowdStrike, said in a recent interview: “The speed of today’s cyberattacks requires security teams to rapidly analyze massive amounts of data to detect, investigate, and respond faster. Adversaries are setting records, with breakout times of just over two minutes, leaving no room for delay.”

Productivity and security are no longer separate lanes; they’re the same road. Move fast or the competition and the adversaries will move past you is the message boards are delivering to CISOs today.

Walmart’s CISO keeps the intensity up on innovation

Geisler puts a high priority on keeping a continual pipeline of innovative new ideas flowing at Walmart.

“An environment of our size requires a tailor-made approach, and interestingly enough, a startup mindset. Our team often takes a step back and asks, "If we were a new company and building from ground zero, what would we build?" Geisler continued, “Identity & access management (IAM) has gone through many iterations over the past 30+ years, and our main focus is on how to modernize our IAM stack to simplify it. While related to yet different from Zero Trust, our principle of least privilege won't change.”

Walmart has turned innovation into a practical, pragmatic strategy for continually hardening its defenses while reducing risk, all while making major contributions to the growth of the business. Having created a process that can do this at scale in an agentic AI era is one of the many ways cybersecurity delivers business value to the company.

VentureBeat continues to see companies, including Clearwater Analytics, Walmart, and many others, putting cyberdefenses in place to counter agentic AI cyberattacks.

Of the many interviews we’ve had with CISOs and enterprise security teams, seven battle-tested ways emerge of how enterprises are securing themselves against potential agentic AI attacks.

Seven ways CISOs are securing their firms now

From in-depth conversations with CISOs and security leaders, seven proven strategies emerge for protecting enterprises against imminent agentic AI threats:

1. Visibility is the first line of defense. “The rising use of multi‑agent systems will introduce new attack vectors and vulnerabilities that could be exploited if they aren’t secured properly from the start,” Nicole Carignan, VP Strategic Cyber AI at Darktrace, told VentureBeat earlier this year. An accurate, real‑time inventory that identifies every deployed system, tracks decision and system interdependencies to the agentic level, while also mapping unintended interactions at the agentic level, is now foundational to enterprise resilience.

2. Reinforce API security now and develop muscle memory organizationally to keep them secure. Security and risk management professionals from financial services, retail and banking who spoke with VentureBeat on condition of anonymity emphasized the importance of continuously monitoring risk at API layers, stating their strategy is to leverage advanced AI Security Posture Management (AI-SPM) to maintain visibility, enforce regulatory compliance, and operational trust across complex environment. APIs represent the front lines of agentic risk, and strengthening their security transforms them from integration points into strategic enforcement layers.

3. Manage autonomous identities as a strategic priority. “Identity is now the control plane for AI security. When an AI agent suddenly accesses systems outside its established pattern, we treat it identically to a compromised employee credential,” said Adam Meyers, Head of Counter‑Adversary Operations at CrowdStrike during a recent interview with VentureBeat. In the era of agentic AI, the traditional IAM playbook is obsolete. Enterprises must deploy IAM frameworks that scale to millions of dynamic identities, enforce least‑privilege continuously, integrate behavioral analytics for machines and humans alike, and revoke access in real time. Only by elevating identity management from an operational cost center to a strategic control plane will organizations tame the velocity, complexity and risk of autonomous systems.

4. Upgrade to real-time observability for rapid threat detection. Static logging belongs to another era of cybersecurity. In an agentic environment, observability must evolve into a live, continuously streaming intelligence layer that captures the full scope of system behavior. The enterprises that fuse telemetry, analytics, and automated response into a single, adaptive feedback loop capable of spotting and containing anomalies in seconds rather than hours stand the best chance of thwarting an agentic AI attack.

5. Embed proactive oversight to balance innovation with control. No enterprise ever excelled against its growth targets by ignoring the guardrails of the latest technologies they were using to get there. For agentic AI that’s core to the future of getting the most value possible out of this technology. CISOs who lead effectively in this new landscape ensure human-in-the-middle workflows are designed in from the beginning. Oversight at the human level also helps create clear decision points that surface issues early before they spiral. The result? Innovation can run at full throttle, knowing proactive oversight will tap the brakes just enough to keep the enterprise safely on track.

6. Make governance adaptive to match AI’s rapid deployment. Static, inflexible governance might as well be yesterday’s newspaper because outdated the moment it's printed. In an agentic world moving at machine-speed, compliance policies must adapt continuously, embedded in real-time operational workflows rather than stored on dusty shelves. The CISOs making the most impact understand governance isn't just paperwork; it’s code, it’s culture, it’s integrated directly into the heartbeat of the enterprise to keep pace with every new deployment.

7. Engineer incident response ahead of machine-speed threats. The worst time to plan your incident response? When your Active Directory and other core systems have been compromised by an agentic AI breach. Forward-thinking CISOs build, test, and refine their response playbooks before agentic threats hit, integrating automated processes that respond at the speed of attacks themselves. Incident readiness isn’t a fire drill; it needs to be muscle memory or an always-on discipline, woven into the enterprise’s operational fabric to make sure when threats inevitably arrive, the team is calm, coordinated, and already one step ahead.

Agentic AI is reordering the threat landscape in real-time right now

As Forrester predicts, the first major agentic breach won’t just claim jobs; it’ll expose every organization that chose inertia over initiative, shining a harsh spotlight on overlooked gaps in governance, API security, identity management, and real-time observability. Meanwhile, quantum threats are driving budget allocations higher, forcing security leaders to act urgently before their defenses become obsolete overnight.

The CISOs who win this race are already mapping their systems in real-time, embedding governance into their operational core, and weaving proactive incident responses into the fabric of their daily operations. Enterprises that embrace this proactive stance will turn risk management into a strategic advantage, staying steps ahead of both competitors and adversaries.

Cisco executives make the case that the distinction between product and model companies is disappearing, and that accessing the 55% of enterprise data growth that current AI ignores will separate winners from losers.

VentureBeat recently caught up with Jeetu Patel, Cisco's President and Chief Product Officer and DJ Sampath, Senior Vice President of AI Software and Platform, to gain new insights into a compelling thesis both leaders share. They and their teams contend that every successful product company must become an AI model company to survive the next decade.

When one considers how compressed product lifecycles are becoming, combined with the many advantages of digital twin technology to accelerate time-to-market of next-gen products, the thesis makes sense.

The conversation revealed why this transformation is inevitable, backed by solid data points. The team contends that 55% of all data growth is machine data that current AI models don't touch. OpenAI's Greg Brockman estimates we need 10 billion GPUs to give every human the AI agents they'll need, and Cisco's open source security model, Foundation-Sec-8B, has already seen 200,000 downloads on Hugging Face.

Why the model is becoming the product

VentureBeat: You've stated that in the future, every product company will become a model company. Why is this inevitable rather than just one possible path?

Jeetu Patel: In the future, there's no distinction between model companies and product companies. Great product companies will be model companies. The close tie-in between model and product is a closed loop. To enhance the product, you enhance the model, not just a UI shim.

These companies being formed right now that are a thin shim on top of a model; their days are numbered. The true moat is the model you build that drives product behavior. This requires being simultaneously good at two things: building great models in domains where you have great data, and building great product experiences powered by those models in an iterative loop where the models adapt and evolve when you have product enhancement requests.

DJ Sampath: This becomes even more critical when you think about things moving to agents. Agents are going to be governed by these models. Your moat is really going to be how well your model reacts to the changes it needs to.

Harnessing machine data's growth is key

VentureBeat: You mentioned that 55% of data growth is machine data, yet current models aren't trained on it. Why does this represent such a massive opportunity?

Patel: So far, models have been very good at being trained on publicly available, human-generated data freely available on the internet. But we're done with the amount of public data you could crawl. Where else do you go next? It's all locked up inside enterprises.

55% of data growth is machine data, but models are not trained on machine data. Every company says 'my data is my moat,' but most don't have an effective way to condition that data into an organized pipeline so they can train AI with it and harness its full potential.

Imagine how much log data will be generated when agents work 24/7 and every human has 100 agents. Greg Brockman from OpenAI said if you assume every human has a GPU, you're three orders of magnitude away from where you need to be; you need 10 billion GPUs. When you think that way, if you don't train your models with machine data effectively, you're incomplete in your ability to harness the full potential of AI.

Sampath: Most of the models are being trained on public data. The data that's inside enterprises is mostly machine data. We're unlocking that machine data. We give each enterprise a starting model. Think of it as a starter kit. They'll take that model and build applications and agents fine-tuned on their proprietary data inside their enterprises. We're going to be a model company, but we're also going to make it incredibly easy for every single enterprise to build their own models using the infrastructure we provide.

Why hardware companies have an advantage

VentureBeat: Many see hardware as a liability in the software and AI era. You argue the opposite. Why?

Patel: A lot of people look down on hardware. I actually think hardware is a great asset to have, because if you know how to build great hardware and great software and great AI models and tie them all together, that's when magic starts to happen.

Think about what we can do by correlating machine data from logs with our time series model. If there's a one-degree change in your switch or router, you might predict system failure in three days, something you couldn't correlate before. You identify the change, reroute traffic to prevent problems, and solve the issue. Get much more predictive in outages and infrastructure stability.

Cisco is the critical infrastructure company for AI. This completely changes the level of stability we can generate for our infrastructure. Manufacturing is one of the top industries for the data volume generated daily. Combined with agentic AI and accumulated metadata, it completely changes the competitive nature of manufacturing or asset-intensive industries. With enough data, they can transcend disruptions around tariffs or supply chain variations, getting them out of price and availability commoditization.

Cisco's deep commitment to Open Source

VentureBeat: Why make your security models open source when that seems to give away competitive advantage?

Sampath: The cat is out of the bag; attackers also have access to open source models. The next step is equipping as many defenders as possible with models that make defense stronger. That's really what we did at RSAC 2025 when we launched our open source model, Foundation-Sec-8B.

Funding for open source initiatives has stalled. There's an increased drain in the open source community, needing sustainable, collaborative funding sources. It's a corporate responsibility to make these models available, plus it provides access to communities to start working with AI from a defense perspective.

We've integrated ClamAV, a widely used open source antivirus tool, with Hugging Face, which hosts over 2 million models. Every single model gets scanned for malware. You have to ensure the AI supply chain is appropriately protected, and we're at the forefront of doing that.

Patel: We launched not just the security model that's open source, but also one on Splunk for time series data. These correlate data; time series and security incident data, to be able to find very interesting outcomes.

Taking the customers' pulse after Cisco Live

VentureBeat: Following Cisco Live's product launches, how are customers responding?

Patel: There are three categories. First, completely ecstatic customers: 'We've been asking for this for a while. Hallelujah.'

Second, those saying 'I'm going to try this out.' DJ shows them a demo with white glove treatment, they do a POC, and they're dumbfounded that it's even better than what we said in three minutes on stage.

Third are skeptics who verify that every announcement comes out on the exact days. That group used to be much bigger three years ago. As it's shrunk, we've seen meaningful improvements in our financial results and how the market sees us.

We don't talk about things three years out, only within a six-month window. The payload is so large that we have enough to discuss for six months. Our biggest challenge, frankly, is keeping our customers up to date with the velocity of innovation we have.

Obsessing over customers, not hardware

VentureBeat: How are you migrating your hardware-centric installed base without creating too much disruption?

Patel: Rather than fixating on 'hardware versus software,' you start from where the customer is. Your strategy can no longer be a perimeter-based firewall for network security because the market has moved. It's hyper-distributed. But you currently have firewalls that need efficient management.

We're giving you a fully refreshed firewall lineup. If you want to look at what we've done with public cloud, managing egress traffic with Multicloud Defense with zero trust, not just user-to-application, but application-to-application. We've built Hypershield technology. We've built a revolutionary Smart Switch. All managed by the same Security Cloud Control with AI Canvas on top.

We tell our customers they can go at their own pace. Start with firewalls, move to Multicloud Defense, add Hypershield enforcement points with Cilium for observability, and add Smart Switches. You don't have to add more complexity because we have a true platform advantage with Security Cloud Control. Rather than saying 'forget everything and move to the new thing', creating too much cognitive load, we start where the customer is and take them through the journey.

What's next: energizing global partners to turn AI into a revenue opportunity

The interview concluded with discussions of November's Partner Summit in San Diego, where Cisco plans significant partner activation announcements. As Patel noted, "Sustained, consistent emphasis is needed to get the entire reseller engine moving." VentureBeat is convinced that a globally strong partner organization is indispensable for any cybersecurity company to attain its long-term AI vision.