Enterprise security priorities in 2026 are defined by one shift above all others: AI risk has moved to the center of the budget. ETR's 2026 State of Security Study, drawn from over 500 technology leaders including 94 from Global 2000 organizations and 62 from Fortune 500 companies, reveals a market that is restructuring around AI threats, identity controls, and agentic AI governance, while vendor consolidation pressure eases for the first time in years.
For the first time in the study's three-year history, LLM/generative AI (GenAI) protection has overtaken cloud security as the number one budget priority. Fifty-nine percent of organizations plan to increase spending in this category in 2026, up from 50% in 2025. AI-focused security recorded the largest year-over-year gain in priority rankings across the entire survey. The share of organizations already spending on AI security tools reached 32% in 2026, up from 23% in 2025.
Cloud security remains a close second, but the direction is clear: enterprise attention is pivoting toward what AI can access, what it can expose, and what happens when an autonomous agent operates outside its intended scope.
Shadow AI, defined as employees using unsanctioned tools, is the top source of risk for AI-related data incidents at 31%. Preventing sensitive data from entering AI prompts is the hardest data security problem to solve in 2026, selected by 36% of respondents at more than twice the rate of any other response. These findings from the study reflect a risk surface that now spans both sanctioned and unsanctioned tools, with the human element remaining the hardest variable to control.
Identity Security holds the top position in ETR's 2026 security priority rankings with a best-worst score of 68, followed by Data Security at 60 and AI-focused Security at 58. Technology leaders are treating identity not simply as an access control mechanism but as the foundational layer for managing AI risk, a view that holds consistently across multiple sections of the study.
The urgency extends to agentic AI specifically. The top concerns about agentic AI identity risk are agents acting outside intended context at 57% and agents being over-privileged at 56%. Sixty-eight percent of respondents rate AI agents as critical to cybersecurity's future, up from 62% in 2025.
Vendor consolidation pressure is easing. Fifty-two percent of organizations plan to maintain their current vendor count in 2026, compared to just 37% in 2024. The share planning to increase vendors has dropped from 51% to 35% over the same period. Buyers are prioritizing measurable outcomes and operational simplicity over stack expansion.
CrowdStrike leads innovation perception at 43%, up from 35% in 2025, followed by Microsoft/Azure and Palo Alto Networks at 34% each. When asked which single vendor they would anchor a rebuilt security stack around, Microsoft tops the list at 20% and CrowdStrike at 18%. Wiz leads the list of net-new vendors enterprises plan to evaluate for the first time in 2026.
These findings represent a fraction of what ETR's 2026 State of Security Study covers. The complete report includes detailed data on agentic AI governance approaches, Zero Trust adoption maturity, geopolitical threat response, security operations staffing models, and hyperscaler spend drivers for GenAI workloads.
ETR's 2026 State of Security Study (N=517) is available now. Download the full report and book a private analyst briefing at etr.ai/state-of-security