Open Future Forum released the first edition of the CISO AI Leverage Report this week. It is a standalone report, a companion to the CFO AI Leverage Report, the CMO AI Leverage Report, and the Executive AI Leverage Report, and Edition 1 is now live.
I built this report because the same problem kept coming up at CISO Roundtable dinners. Security leaders could tell you exactly what worried them about AI agents. Almost none of them could tell you what budget line was paying to fix it. Nobody had put a number on that gap. So Open Future Forum went and got one.
What the Report Covers
The CISO AI Leverage Report tracks how security leaders are approaching AI risk, governance, and budget in 2026. It looks at three things.
One. What actually worries the security seat about AI right now, in their own words: securing AI agents and their access, data leaking into AI models, or shadow AI nobody signed off on.
Two. Whether AI governance has its own money behind it, or whether it is funded case by case, out of somebody else's budget line, or not funded at all.
Three. Who is buying AI security products today. We asked ninety-two AI founders who owns the purchase decision inside the companies they sell to. Not one named security. They named the CIO, the CTO, and the business unit instead.
Why CISOs Are in the Room Now
The agentic AI security market is forecast to grow from $1.65 billion in 2026 to $13.52 billion by 2032, a 42 percent compound annual rate (MarketsandMarkets), and Bessemer has called securing AI agents the defining cybersecurity challenge of 2026. That happened while security budgets moved the other way: growth slowed to 4 percent in 2025, the lowest rate in five years, and security's share of IT spend fell from 11.9 to 10.9 percent (IANS Research and Artico Search, 587 CISOs). Eighty-nine percent of security teams describe themselves as stretched thin or understaffed.
That gap, between what the market says security needs and what security actually gets, is exactly what the CISO Roundtable series was built to track. It is an invitation-screened dinner, kept deliberately small so the table stays peer level, and it drew 70 distinct applicants in our July 2026 pull even though the room seats a fraction of that. Every dinner conversation this year points to the same shift. The CISO's job has moved from arguing that AI risk is real to proving, with a number, that the budget behind it does not match the risk.
How the Data Was Built
The CISO AI Leverage Report draws on direct conversations inside Open Future Forum, a private executive community founded in 2019 with more than 100 events to date. Open Future Forum runs two formats. Forum Select is our invite-only series of C-suite dinners, including the CISO Roundtable series. Forum Events are our open gatherings, including panels and mixers, where a broader group of operators and security leaders take part.
The report also draws on application records across the twelve events in our July 2026 data pull, and on a direct instrument fielded to security-room respondents. It is not a survey pushed out cold. It is a synthesis of what security leaders are actually telling each other in the room, checked against the numbers they are willing to share, with every base stated on the face of every figure.
A Few Numbers from Edition 1
The report leads with its flagship metric, the CISO AI Leverage Index. That is the share of security leaders who say AI now lets the security function cover more surface without growing the team. A few other numbers stood out.
Asked the biggest AI security problem on their desk, 62 percent named securing AI agents and their access, ahead of data leaking into AI models at 31 percent and shadow AI at 23 percent. Asked how that risk is funded, only 31 percent said it has its own budget line. Half fund it case by case or not at all. Put together: 62 percent name the problem, 69 percent have no dedicated line to fix it. Among the ten security leaders inside that base, nine of ten have none. That is the AI agent governance budget gap, and it is the line this report will track edition over edition.
One more data point worth flagging. Of the ninety-two AI founders we asked who owns the buying decision inside the companies they sell to, not one named security or the CISO. They named the CIO or CTO at 43 percent and the business unit at 38 percent. New AI enters the company through doors the CISO does not control, and the security function is asked to govern what it did not approve, on money it does not have.
Read the full CISO AI Leverage Report →
What Comes Next
This is Edition 1. Open Future Forum will publish updated editions as AI security budgets and buying behavior keep shifting. The flagship CISO AI Leverage Index question, the governance-budget question, and a shadow AI inventory question enter the field at the next CISO Roundtable dinners, and no headline figure will run below 40 security-leader responses. If you are a CISO and want a seat at the next CISO Roundtable dinner, reach out through Open Future Forum. If you want to compare notes on how your own numbers stack up against the Index, get in touch directly.
Read the full CISO AI Leverage Report →