New survey of 517 security leaders shows rapid rise of AI security spending, increasing focus on identity, and a shift toward vendor consolidation
Enterprise Technology Research (ETR) released its 2026 annual State of Security report, revealing that LLM and generative AI protection has overtaken cloud security as the top cybersecurity budget priority for enterprises. The findings are based on a survey of 517 security-focused technology leaders, including executives from Fortune 500 and Global 2000 organizations, with 80% holding C-suite or director-level roles.
The report highlights a rapidly evolving cybersecurity landscape where enterprises are adapting to the rise of AI-driven technologies while balancing security investment growth with operational efficiency.
“Agentic AI adoption is accelerating and security leaders see it as central to the future of cybersecurity. But the guardrails are still thin,” said ETR Chief Strategist Erik Bradley. “Organizations are concerned about agents operating outside their intended context and with excessive privileges, yet the control most capable of preventing unauthorized actions is the least widely implemented.”
For the first time in ETR’s annual survey, LLM and generative AI protection ranks as the leading area for planned security budget growth, surpassing cloud security. More than half (59%) of organizations plan to increase spending in this category, reflecting the rapid enterprise adoption of generative AI tools.
At the same time, 54% of organizations are already spending or planning to invest in AI-related security tools within the next six months, signaling that the market has reached a tipping point for AI security adoption.
Despite this momentum, deployment remains early stage, with almost two-fifths (39%) of organizations reporting that AI capabilities are embedded in fewer than 10% of their security tools, highlighting the gap between investment intent and real-world implementation.
While AI security is gaining momentum, Identity Security remains the highest-priority security category overall, significantly outpacing other areas in enterprise security strategies.
Organizations are increasingly focusing on identity and data controls to manage emerging AI risks. Security leaders report that data security and identity access management are the most critical layers for protecting generative AI systems, while traditional infrastructure controls rank lower.
The survey also reveals rapid growth in agentic AI adoption within security operations:
However, governance frameworks are still emerging. A fifth (20%) of organizations report having no agent-specific security controls in place, and only 3% have deployed them broadly across production environments.
The research also indicates a shift in enterprise security spending behavior.
Large budget increases are becoming less common, with organizations planning security budget increases of 10% or more declining from 40% in 2024 to 26% in 2026, as companies adopt more measured spending growth.
At the same time, security vendor expansion is slowing significantly, with organizations expecting to increase their vendor count dropping from 51% in 2024 to 35% in 2026. Instead, many enterprises are focusing on platform consolidation and simplification of legacy security stacks.
As generative AI adoption accelerates, organizations are confronting new data security challenges. The report finds that preventing sensitive data from entering AI prompts is the single most difficult data protection problem, cited by 36% of respondents, twice the rate of the next most common concern.
Meanwhile, shadow AI usage outside sanctioned tools represents the top perceived risk for data exposure, highlighting the governance challenges organizations face as employees experiment with AI technologies.
The survey also explored vendor perception among enterprise security leaders.
ETR’s 2026 annual State of Security report is based on insights from 517 security-focused technology leaders within the ETR Community, spanning organizations across enterprise and SMB segments worldwide. The report provides detailed analysis of security spending trends, technology priorities, vendor evaluations, and the emerging impact of AI on cybersecurity strategies.