Executive Summary
The CISO AI market is splitting into two buyer questions. The first is defensive: how do security teams protect models, copilots, agents, data, code, and identity? The second is operating: how do CISOs use AI to run security with more speed, better follow-through, and less analyst drag? The strongest first-party signal is agent access — 22 of 40 small-base responses mentioned securing AI agents and their access. Data leakage and shadow AI followed, each with 10 of 40 any-mentions.
Funding is not settled. In the small-base funding question, a dedicated budget line and case-by-case buying tied at 14 of 40 any-mentions each, 8 of 40 were carved from existing security budget, and 6 of 40 had no AI security spend yet. The applicant pool is broader than security leads alone — 35 of 79 responses came from security leads, with the remaining responses answering no, other, or security-adjacent leadership. The signal is qualified interest, not verified buying.
That means the market is real, but proof needs to be narrow: one workflow, one risk owner, one budget source, one sign-off path, and visible value inside two quarters. This is a market map in the CB Insights style. It is not a vendor ranking. Vendors are not scored, ranked, or placed on axes.
Part One: The CISO AI Market Map
The taxonomy follows how CISO teams work: protecting AI systems, detecting threats, controlling access, reducing exposure, securing code, protecting data, proving controls, and running security operations.
How to read the map
Start with workflow fit. A security buyer usually frames AI through work already owned by the security team. Then test proof — the demand overlay shows that proof, budget logic, and sign-off paths matter as much as product category. Read indirect categories with care. Cloud exposure, AppSec, GRC, and operating workflow claims fit the CISO map, but the survey set did not ask category-specific budget questions for them. Some vendors appear in more than one category where their product spans workflows.
1. AI agent, model and LLM security
AI applications, LLM systems, agent permissions, runtime protection, red teaming, and model-risk controls.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| Noma Security | Category leader | Noma Security discovers, secures, and protects AI applications, models, agents, and AI supply chains across the AI lifecycle. | V02 |
| Lakera | Category leader | Lakera provides AI guardrails for live agents and applications, including access controls, runtime protection, and data-leak prevention. | V03 |
| HiddenLayer | Category leader | HiddenLayer secures AI with model scanning, red teaming, threat detection, and controls for safe AI adoption. | V04 |
| Protect AI | Category leader | Protect AI secures AI applications from model selection and testing through runtime, now part of Palo Alto Networks. | V07 |
| CalypsoAI | Category leader | CalypsoAI provides adaptive AI security, real-time threat monitoring, and audit-ready governance for AI systems, now part of F5. | V08, V65 |
| Agentic Fabriq | Emerging | Agentic Fabriq gives enterprises a control layer for AI agents, defining and enforcing what each agent can access and do for every user, with central credential management and action-level audit trails. | V01 |
| Lasso Security | Emerging | Lasso Security gives enterprises visibility, control, red teaming, and runtime protection across AI models, agents, and applications. | V05 |
| Pillar Security | Emerging | Pillar Security secures AI agents from design to runtime with visibility, control, and runtime defense for agentic workflows. | V06 |
2. Threat detection, response and AI SOC
AI-assisted detection, investigation, incident handling, alert triage, threat hunting, and SOC response.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| Microsoft Security Copilot | Incumbent | Microsoft Security Copilot uses generative AI to help security and IT teams investigate threats, process signals, and respond at machine speed. | V09 |
| CrowdStrike Charlotte AI | Incumbent | CrowdStrike Charlotte AI acts as an AI analyst inside the Falcon platform to help triage, investigate, and respond to security work. | V10 |
| Palo Alto Cortex XSIAM | Incumbent | Palo Alto Cortex XSIAM unifies SOC data, analytics, detection, incident management, automation, threat intelligence, and response workflows. | V11 |
| SentinelOne Purple AI | Category leader | SentinelOne Purple AI brings natural-language investigation and AI-assisted threat hunting into the Singularity security platform. | V12 |
| Google Security Operations | Incumbent | Google Security Operations combines Google threat intelligence, Mandiant expertise, and security operations workflows for detection and response. | V13 |
| Darktrace | Category leader | Darktrace uses self-learning AI to detect, investigate, and respond to threats across enterprise environments. | V14 |
| Exabeam | Category leader | Exabeam applies behavioral analytics and AI to help security teams detect, investigate, and respond to threats. | V15 |
| Dropzone AI | Emerging | Dropzone AI uses AI agents to investigate alerts inside existing SOC environments without replacing the security stack. | V16 |
3. Identity, access and non-human identity
Human, machine, service, token, API, and agent identities that can reach sensitive tools or data.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| CyberArk | Incumbent | CyberArk secures agentic AI by managing agent identities, privileges, and access to sensitive resources. | V18 |
| Saviynt | Category leader | Saviynt discovers AI agents, maps access, and manages posture risks inside identity governance workflows. | V19 |
| SailPoint | Category leader | SailPoint uses AI-driven identity security to improve visibility, governance, and identity workflows across enterprise access. | V20 |
| BeyondTrust | Category leader | BeyondTrust covers privileged access, endpoint privilege, and identity security controls for high-risk access paths. | V21 |
| Astrix Security | Category leader | Astrix Security secures non-human connections across SaaS, third-party apps, service accounts, tokens, and API access. | V23 |
| Oasis Security | Emerging | Oasis Security focuses on non-human identity management across service accounts, tokens, API keys, and machine identities. | V22 |
| Agentic Fabriq | Emerging | Agentic Fabriq manages agent identity and delegated user context, enforcing per-agent, per-user access with credential handling and action-level audit trails. | V01 |
| SGNL | Emerging | SGNL applies continuous access evaluation to human, machine, and AI identities, with announced acquisition by CrowdStrike. | V24, V66 |
4. Cloud, exposure and validation
Cloud posture, AI workload exposure, vulnerability context, attack validation, and exploitable risk.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| Wiz | Category leader | Wiz connects code, cloud, runtime, and AI security context to help teams find and fix exploitable cloud risks. | V25 |
| Orca Security | Category leader | Orca Security provides cloud security and exposure management across cloud assets, workloads, identities, data, and risks. | V26 |
| Tenable One AI Exposure | Incumbent | Tenable One AI Exposure adds AI exposure data to broader exposure management so teams can view AI risk beside IT, cloud, identity, and OT risk. | V27 |
| Qualys | Incumbent | Qualys provides vulnerability, asset, exposure, cloud, and compliance management for enterprise security programs. | V28 |
| Rapid7 | Category leader | Rapid7 combines exposure management, vulnerability management, threat detection, and cloud risk workflows. | V29 |
| Palo Alto Prisma Cloud | Incumbent | Palo Alto Prisma Cloud secures cloud-native applications across code, cloud infrastructure, workloads, identities, and runtime risk. | V30 |
| Pentera | Category leader | Pentera runs AI-driven adversarial testing in production to validate exploitability and prioritize remediation. | V31 |
| Picus Security | Category leader | Picus Security validates security controls and attack paths so teams can test whether defenses stop known threats. | V32 |
5. Application, code and software supply chain security
AI-generated code, AppSec, SCA, secrets, APIs, ASPM, and secure development workflows.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| Snyk | Category leader | Snyk validates AI-generated code, governs development agents, and secures AI-native applications. | V33 |
| GitHub Advanced Security | Incumbent | GitHub Advanced Security uses Copilot Autofix and CodeQL context to suggest fixes for code scanning alerts and reduce security defects. | V34 |
| Semgrep | Category leader | Semgrep scans source code and supply-chain risk with AI-assisted SAST, SCA, and developer security workflows. | V35 |
| Apiiro | Category leader | Apiiro maps application risk to code owners, business context, and AI-driven development workflows. | V36 |
| Veracode | Category leader | Veracode provides application risk management, static analysis, dynamic testing, and software supply-chain security. | V37 |
| Checkmarx | Category leader | Checkmarx secures code, APIs, open-source components, secrets, and infrastructure-as-code across the SDLC. | V38 |
| Endor Labs | Emerging | Endor Labs helps teams manage open-source dependency risk, package selection, and software supply-chain exposure. | V39 |
| Aikido Security | Emerging | Aikido Security combines code, cloud, open-source, container, secrets, and domain risk into one developer-facing security product. | V40 |
6. Data security and AI data leakage
DSPM, DLP, sensitive-data discovery, AI data access, and exposure through copilots or agents.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| Varonis | Category leader | Varonis prevents sensitive data exposure through AI copilots, AI agents, and large enterprise data stores. | V41 |
| Cyera | Category leader | Cyera discovers, classifies, governs, and protects sensitive data across cloud, SaaS, on-prem, and AI systems. | V42 |
| BigID | Category leader | BigID combines DSPM, DLP, data access governance, privacy, and AI governance for sensitive data control. | V43 |
| Sentra | Category leader | Sentra provides DSPM and data security controls for cloud data and AI agent access paths. | V44 |
| Normalyze | Emerging | Normalyze maps sensitive data, access, and risk across cloud data stores for data security posture management. | V45 |
| Nightfall AI | Emerging | Nightfall AI detects and protects sensitive data across SaaS, email, endpoints, and AI use cases. | V46 |
| Polymer DLP | Emerging | Polymer DLP applies AI-assisted data loss prevention to SaaS collaboration tools and sensitive data workflows. | V47 |
| Rubrik | Incumbent | Rubrik combines cyber recovery, data security, and AI-assisted investigation for ransomware and data resilience programs. | V48 |
7. GRC, compliance and cyber risk
Security compliance, audit, control evidence, third-party risk, and business-level cyber risk.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| Drata | Category leader | Drata uses AI agents to automate compliance, risk, assurance, evidence work, and security posture proof. | V49 |
| Vanta | Category leader | Vanta automates security and compliance work with AI support for risk assessments, evidence, and ongoing monitoring. | V50 |
| Secureframe | Category leader | Secureframe automates compliance, risk management, vendor reviews, and security questionnaire workflows. | V51 |
| Sprinto | Category leader | Sprinto automates security compliance, evidence collection, risk workflows, and audit readiness for growing teams. | V52 |
| Anecdotes | Category leader | Anecdotes provides an AI-native enterprise GRC platform for audits, risk, evidence, and continuous control monitoring. | V53 |
| AuditBoard | Category leader | AuditBoard connects audit, risk, compliance, and control workflows for security and assurance teams. | V54 |
| Diligent One | Incumbent | Diligent One supports board, audit, risk, compliance, and governance workflows for executive and security risk reporting. | V55 |
| SAFE Security | Category leader | SAFE Security translates cyber risk into financial terms and adds AI-SPM, third-party risk, exposure, and risk quantification workflows. | V56 |
8. CISO operating system and security automation
AI chief-of-staff tools, workflow automation, SOC automation, response routing, and executive follow-through.
| Tool | Tier | What it does | Source |
|---|---|---|---|
| Torq | Category leader | Torq uses AI agents and security automation to triage, investigate, and respond to SOC alerts. | V58 |
| Tines | Category leader | Tines connects security and IT tools into governed AI workflows, agents, copilots, and automation paths. | V59 |
| BlinkOps | Category leader | BlinkOps provides an agentic security operations platform for automating security work at scale. | V60 |
| Swimlane | Category leader | Swimlane automates SOC, case management, response, and low-code security workflow processes. | V61 |
| D3 Security | Category leader | D3 Security provides security orchestration, incident response, and case management for SOC and MSSP teams. | V62 |
| Axari | Emerging | Axari gives CISOs and CIOs an AI chief of staff with digital workers that help run the security organization—from executive briefings and commitments to program execution, risk coordination, and organizational memory. | V57 |
| Simbian | Emerging | Simbian uses AI agents to execute security work across alerts, investigations, and operations tasks. | V63 |
| Radiant Security | Emerging | Radiant Security uses AI to triage alerts, investigate incidents, and guide SOC response work. | V64 |
Table 1. CISO AI Market Map. Source: public vendor pages and public sources listed in the source register. Inclusion is editorial. No vendor paid for placement. Vendors are categorized only, not scored or ranked.
Cohort Quadrant
This is the only quadrant-style chart in the report. It plots buyer cohorts, not vendors. The source instrument did not ask deployment stage, so the x-axis uses AI security urgency and the y-axis uses funding clarity. Cohorts can overlap because a buyer can face an AI agent risk, still lack a clean budget, and still need proof before spend.
Part Two: The Buying Reality
Finding 1: Agent access is the sharpest AI security concern
Agent access is the clearest small-base demand signal. That supports the rise of agent identity, agent access control, runtime guardrails, AI-SPM, and non-human identity tools.
Finding 2: Funding is real, but not always clean
A dedicated line and case-by-case buying tie at the top. For vendors, the sales motion needs to handle four paths: a new AI security line, a pull from existing security budget, case-by-case approval, or a watch-and-wait buyer.
Finding 3: The applicant pool included security leaders and adjacent buyers
The role-status base is broader than the problem and funding bases. It qualifies the room but does not turn the dataset into an attendance or market-share claim.
Finding 4: Control problems outrank attack novelty
The first-party signal points more to control problems than novelty. The strongest categories are those that can show who or what has access, what data can leak, and how actions are logged or stopped.
Finding 5: Most buyers have some funding path
Thirty-four of 40 funding responses point to some way to pay for AI security. The question for vendors is not whether money can exist. It is which path the buyer must use and what proof that path demands.
Market Debate
Is CISO AI becoming a new software category?
Yes, in the parts of the stack where AI creates new control surfaces. Gartner lists agentic AI oversight among the top cybersecurity trends for 2026, while Evanta reports that enabling and protecting AI emerged as a top CISO priority. J.P. Morgan also reports that AI-enabled cybersecurity companies attracted a large share of U.S. cyber deal activity through May 2026. Sources: E01, E02, E03.
The strongest case for a new category is agentic security. Agents need identity, permissions, tool access, memory, data boundaries, runtime logs, and kill paths. Traditional controls help, but they were not designed for autonomous software actors.
Or will CISO AI be absorbed into existing platforms?
Also yes. The incumbent path is clear. Microsoft, CrowdStrike, Palo Alto Networks, CyberArk, Varonis, and Tenable are embedding AI security or AI-assisted workflows into existing security platforms. That means some point tools will become features, while others will win by owning new control planes. Sources: V09, V10, V11, V18, V41, V27.
External sources are cited for context. They are not affiliated with this report and do not endorse it.
What the Numbers Look Like Inside the Rooms
The pattern is not that CISOs are anti-AI. The pattern is that they are being asked to secure AI adoption faster than governance processes can adjust.
Agent access is where the debate becomes concrete. CISOs can reason about identity, permissions, audit trails, and data access. They are less patient with abstract AI risk language when the product cannot name the control boundary.
Funding also shapes the room. A buyer with a dedicated AI security line can test a product as a new control. A buyer funding case by case needs a smaller proof plan. A buyer carving budget from security needs a displacement argument against an existing tool.
No participant names, company names, or identifying details are included. This section follows the Chatham House Rule.
How CISOs and Vendors Should Use This Report
For CISOs
Use the taxonomy to compare which workflow owns the pain: SOC, identity, data, cloud, AppSec, GRC, or CISO operations. Map each category to the current budget path: new AI security line, existing security budget, case-by-case approval, or no spend yet. Then ask vendors for one narrow workflow, a named budget source, a clear sign-off path, and value visible inside two quarters.
For vendors
Start your message with the workflow you improve, not with broad AI claims. Build a budget narrative for all four paths and do not assume a clean new budget exists. Bring a proof path that shows one control, one owner, one integration, one measurable outcome, and one sign-off path.
Questions This Report Answers
What is the CISO AI Market Map?
It is a workflow-based map of AI tools that serve CISOs and security team needs in 2026.
Is this a vendor ranking?
No. Vendors are grouped by category. They are not scored, ranked, or placed on axes.
How were vendors selected?
Vendors were selected editorially from public information based on relevance to CISO workflows.
What is the demand overlay?
It is a first-party read of application-stage survey responses from Open Future Forum sessions in 2026.
What is the Enterprise AI Buying & Budget Index?
It is an Open Future Forum research series tracking how AI buying, budget, proof, and sign-off are changing inside executive communities.
Can vendors pay to be included?
No. No vendor paid for placement in this edition.
Methodology and Disclosure
First-party source: one application-stage survey instrument fielded around an Open Future Forum session in 2026. Responses were collected through July 7, 2026, when the Edition 1 dataset was closed. Sample: 79 reportable application-stage survey responses after restricting analysis to survey-answer fields. These are not attendees and not registrations. Base variation: role-status question n=79; AI security problem question n=40; AI security funding question n=40. Multi-select: any-mention percentages are used and can sum past 100 percent. Small bases are directional; decimal precision is avoided. Privacy: no participant names, emails, company sizes, exact identifying counts, tenures, or identifying achievements are published; the underlying identity data is held privately. Limits: the data measures application-stage responses. It does not measure attendance, spend, contract value, deployment success, or vendor performance. External sources and vendor pages are used for context and vendor descriptions and are not affiliated with this report.
Vendor Inclusion Note
Vendor inclusion is editorial. The map is based on public information. No vendor paid for placement. Categorization is not an endorsement. The map does not score, rank, or evaluate vendor quality. During source review, no vendor in the map was identified as an Open Future Forum sponsor. Disclosure: Agentic Fabriq and Axari are Murray Newlands advisory clients. That relationship was not paid placement in this report, did not influence inclusion or categorization, and those vendors had no editorial input into this edition. Each vendor in the map had an active public product or company page during source review. No shut-down vendor was knowingly included. Acquisition notes were included for CalypsoAI, Protect AI, and SGNL where relevant.
About Open Future Forum
Open Future Forum is a private executive community in Silicon Valley, founded in 2019, with 100 events to date. It runs Forum Select, invite-only private events for C-suite executives, and Forum Events, open gatherings including panels. The CISO AI Market Map is part of its Enterprise AI Buying & Budget Index, alongside the CFO AI Market Map, the CFO AI Leverage Report, the CMO, CISO, and CEO AI Leverage Reports, the Executive AI Leverage Report, and the AI Transformation Report.
Sources
External sources are cited for context. They are not affiliated with this report and do not endorse it. URLs were live at the time of source review.
Vendor sources
External context sources
Entity and press sources
| Key | Source | URL |
|---|---|---|
| P04 | Programming Insider coverage of Open Future Forum executive communities | https://programminginsider.com/why-open-future-forum-has-become-one-of-the-top-executive-communities/ |
External benchmarks are used for context only. They are not affiliated with this report and do not endorse it.
This report is for informational purposes only. It is not investment, legal, tax, accounting, or procurement advice. Vendor inclusion is not an endorsement. External sources are cited for context only and do not endorse this report.
© 2026 Open Future Forum. All rights reserved. The CISO AI Market Map and the Enterprise AI Buying & Budget Index are works of Open Future Forum. No part may be reproduced or redistributed for commercial purposes without permission. Quotation for journalism, research, and commentary is welcome with attribution to Open Future Forum.
Join the CISO Dinner Series
Private invitation-screened dinners for security leaders navigating AI budget decisions and vendor evaluation. Off the record. No vendors. No agenda.