As organizations look ahead to the latter half of the decade, cybersecurity leaders are converging on a shared conclusion: the next phase of cyber risk will not be defined by perimeter breaches or isolated exploits but by how identities, data, and AI interact at scale.
According to the Netwrix Security Research Lab's new forecast for 2026-2029, identity and data security are becoming deeply interdependent as automation and AI reshape enterprise environments. The report argues that "access to critical data increasingly starts with identity," and as a result, identity systems are now central to both risk exposure and risk reduction.
This convergence is not theoretical; it reflects how attackers already operate and how defenders must adapt to keep pace.
Netwrix predicts that in 2026, organizations will significantly expand identity automation across provisioning, token validation, and privilege management. While this automation improves efficiency, it also raises the stakes of misconfiguration. As the report notes, "as identity workflows become more automated and interconnected, a single misstep can expose data at scale if identity and data security controls are not aligned."
In other words, identity systems are becoming decision engines for data access, not just authentication checkpoints.
This shift mirrors what many security leaders see in real-world attacks. SailPoint CEO Mark McClain points out that adversaries no longer need to exploit technical vulnerabilities to gain access. "Hackers today don't need to break your system to find their way in," McClain says. "They can merely walk through the front door with legitimate credentials."
That reality, he argues, demands a fundamentally different security model. "Today's reality demands a new approach to security where access can be granted, monitored, and managed dynamically based on policy and context." Modern identity tools must be able to distinguish normal behavior from abnormal behavior in real time, with every access decision driven by "who or what the identity is, the context of the data they touch, and the security signals surrounding them."
When identity, security, and data context are unified, McClain says, organizations can make real-time risk decisions without disrupting operations.
AI is the primary force accelerating this convergence. The Netwrix report highlights the growing role of agentic AI and the identity challenges it introduces. As Netwrix explains, "as AI systems begin performing tasks autonomously, they rely on identities to access, move, and act on data," creating new dependencies between identity governance and data protection.
Without strong coordination between these controls, the report warns, AI-driven processes can "rapidly amplify data exposure," turning small governance gaps into large-scale incidents.
Ram Varadarajan, CEO of Acalvio, frames this moment as a structural shift in how security teams operate. "Soon, cybersecurity will stop being a people-scaling problem and become an intelligence-scaling problem," he says. While threat volume continues to grow, most CISOs are not significantly expanding their teams—not because risk is shrinking, but because "headcount no longer scales against the threat."
"The constraint isn't budget or intent," Varadarajan explains. "It's speed." When attacks unfold at machine pace, adding more humans does not materially change outcomes. As a result, "AI will handle a significant percentage of detection, investigation, and initial response, while humans focus on strategy, oversight, and high-risk decisions."
This dynamic, he adds, turns cybersecurity into “AI versus AI, with people directing the fight, not fighting every battle themselves.”
That shift is already reshaping the security operations center. Kamal Shah, CEO of Prophet Security, points to data showing that security leaders expect AI to handle roughly 60 percent of SOC workloads within the next three years. AI allows teams to move faster through alert noise, automate repetitive work, and focus analyst time on problems that require human judgment.
AI is also improving the quality of vulnerability intelligence itself. Shah notes that researchers and ethical hackers are using AI to draft clearer guidance, document impact for multiple audiences, and automate evidence collection. "Some hackers have built AI agents to capture and annotate screenshots and network requests automatically," he said, producing standardized, professional reports that are easier for enterprises to validate and fix.
On the defensive side, SOC teams are adopting similar AI-driven workflows. "AI SOC tools are giving security analysts similar capabilities in handling repetitive tasks such as alert triage and investigation," Shah explained, freeing analysts to focus on higher-priority work. Over time, this also creates a training advantage, helping junior analysts transition into proactive threat hunters rather than remaining stuck in manual triage roles.
While AI strengthens defensive capabilities, it is also creating new and poorly understood attack surfaces. Randolph Barr, CISO at Cequence Security, highlights the rapid emergence of AI-native browsers as a growing concern.
"As organizations rapidly adopt agentic AI, Model Context Protocol, and autonomous browsing capabilities, we're seeing a pattern develop," Barr said. "AI-native browsers are introducing system-level behaviors that traditional browsers have intentionally restricted for decades."
The risk is amplified by how these tools are adopted. Barr notes that employees often experiment with new technologies at home before bringing them into the workplace through BYOD access, browser synchronization, or remote work. Once that happens, assumptions about browser security begin to break down.
What makes AI browsers especially attractive to attackers is how easy they are to identify. "AI browsers introduce unique fingerprints in their APIs, extensions, DOM behavior, network patterns, and agentic actions," Barr said. With AI-driven classification, adversaries can detect and target these environments at scale, enabling more precise and efficient attacks.
Until transparency, independent audits, and strong administrative controls become standard, Barr argues that AI browsers will remain a risky proposition for regulated and sensitive environments.
The impact of AI and identity-centric security is also reshaping the cyber insurance landscape. Rajeev Gupta, Co-Founder and CPO at Cowbell, notes that while AI is transforming underwriting and claims processes, it is simultaneously empowering attackers. "The same tools used to streamline underwriting and claims are being weaponized by bad actors to launch automated, scalable cyberattacks," he said, often with little or no human oversight.
At the same time, Gupta sees generative AI as critical to improving risk models. "Generative AI's ability to interpret complex vulnerability data, such as CVEs and exploit databases, will be crucial in building more accurate and responsive risk models," he explained. That shift places new pressure on organizations to verify AI tools, protect sensitive data, and establish clear AI usage policies.
From a market perspective, Rich Seiersen, Chief Risk Technology Officer at Qualys, notes that cyber insurance is currently in a soft cycle, with abundant capacity and competitive pricing. However, he cautions that a systemic cyber event—such as a major cloud outage or widespread supply-chain compromise—could quickly harden the market. In that scenario, insurers would likely move toward more selective underwriting and closer scrutiny of real-time security controls rather than static questionnaires.
Taken together, the Netwrix forecast and expert perspectives point to a clear conclusion: cybersecurity is becoming faster, more automated, and increasingly identity-driven. Identity is no longer just an access mechanism; it is the foundation for data protection, AI governance, and risk management.
Organizations that treat identity as the new perimeter, invest in AI-native security capabilities, and align their defenses with machine-speed threats will be better positioned for the years ahead. Those that rely on static controls and human-paced processes risk falling behind as attackers—and the technologies they exploit—continue to accelerate.
Follow SecureWorld News for more stories related to cybersecurity.