Skip to content
Perspectives

AI, Security, Identity, and Geopolitics: Six Key Insights from Forgepoint’s 2025 Advisory Council Meeting and Dinner

Pedro Benjumea, Forgepoint team

December 8, 2025

  • Blog Post

Where is the cybersecurity market headed in 2026 and what sets security vendors apart in the age of AI?

How is enterprise AI changing the CISO role?

What are the key drivers of and risks from AI adoption?

Can existing identity security frameworks translate to machine identities?

These and other critical questions took center stage at Forgepoint’s Fall 2025 Advisory Council Meeting and Dinner on November 18. Held at the Yale Club in New York City, our annual invite-only gathering of 180+ stakeholders from the Forgepoint community united members of our Global Advisory Council, CEOs, founders, co-investors, GTM partners, operators, and technology leaders driving change in Global 2000 organizations, government, and academic institutions. Featuring a program of exclusive expert-led sessions and panels, networking opportunities, cocktails, and dinner, the event was designed to foster collaboration among security, AI, and infrastructure software innovators.

As we gathered to exchange ideas with our community, several key insights emerged.

1) The cybersecurity market is strong, and AI is the defining factor in competitive differentiation

Enterprise demand for cybersecurity is robust. Cybersecurity continues to outperform the broader software landscape despite softening macro growth. The IPO window is expected to reopen in 2026 as consolidation pressure continues to drive more platformization and M&A.

AI is the through-line in every enterprise technology discussion. Nearly 80% of companies have adopted GenAI, but few have realized its full potential and ROI. The most forward-looking security vendors are now using AI in two ways: to differentiate product capabilities (faster detection, automated triage, predictive defense, and richer correlation), and to unlock operational leverage (reducing support costs, automating GTM and customer success, and accelerating R&D).

The next generation of category leaders will treat AI as a foundational architectural shift, not a bolt-on feature. The companies that integrate AI deeply into their platforms, operating models, and customer workflows while maintaining strong security and governance will capture disproportionate market share.

2) CISO priorities are shifting in the AI-driven enterprise technology landscape

AI is reshaping expectations for CISOs, expanding the role beyond security oversight to include broader leadership around AI governance, risk, and organizational alignment.

Early AI committees and pilot programs have gained momentum across enterprises while revealing the absence of clear frameworks to guide decision-making at scale. Security leaders are now being asked to “do something” about AI, with little guidance.

As organizations look to 2026 and beyond, CISOs are prioritizing maturity over experimentation. They must develop consistent evaluation criteria for AI initiatives, identify necessary governance structures and situate AI use within enterprise GRC, and clarify ownership between security and business units to determine who is accountable for different aspects of risk. AI becomes a business advantage only when paired with disciplined governance, clear accountability, and long-term operational planning.

3) The most pressing enterprise AI security problems relate to governance and visibility, not model failure modes.

There is a disconnect between vendors and CISOs when it comes to securing AI. Vendors frequently focus on model-centric risks such as prompt injection, hallucinations, data poisoning, model theft, and bias. While these issues are a legitimate part of AI security, they are not the primary concern for most enterprises.

Most organizations are still in the early stages of AI security maturity and lack a clear inventory of where AI is used, consistent criteria for evaluating risks, and standardized processes for approving AI tools or workflows. CISOs are focused on questions of visibility and governance. Where is AI being used in the organization, by whom, and for what purposes? What data is flowing through internal and third-party AI tools? How should security teams set guardrails and acceptable use policies that business teams will actually follow?

Securing AI is both a technical and organizational challenge. Security, IT, and business teams must align around a shared framework that defines where and how AI can be used safely. Vendors and security leaders alike will benefit from AI security solutions that help bridge this gap.

4) Enterprise AI adoption is growing faster than requisite controls, exposing weak security foundations

Enterprise enthusiasm for and adoption of AI is outpacing security, identity, and data architectures. Business units are experimenting with tools and deploying AI into workflows, often without visibility or approval, creating “shadow AI” blind spots.

This dynamic exacerbates longstanding operational weaknesses like fragmented identity systems, misconfigured access, stale permissions, inconsistent data classification, and siloed infrastructure. Many early AI initiatives struggle not because the models underperform, but due to foundational visibility, data governance, and identity controls that are not designed for autonomous or semi-autonomous behavior. Organizations need to strengthen their security foundations to scale AI safely and efficiently.

5) Identity is becoming the central security challenge in the hybrid world of human, machine, and agent

Identity is already the core control plane in modern security architectures. Identity security now faces a new challenge as enterprises adopt AI: securing non-human identities that perform tasks independently across multiple systems. Identities such as service accounts, workloads, and AI agents are multiplying at a pace existing IAM frameworks can’t manage.

The surge of AI-generated code adds another layer of complexity. AI-generated code accounts for a rapidly growing proportion of all new code– a deluge that may be syntactically correct but can introduce new, hard-to-detect vulnerabilities. This creates fresh questions about accountability, validation, and how non-human identities tie into automated development workflows.

As with AI governance more broadly, organizations struggle with basic visibility when it comes to securing identity and AI. They need to start with the basics: How many agents exist? What privileges do they inherit? What data and systems do they interact with?

Trust is at a premium. Legacy identity controls like inventorying, access control, monitoring, and least privilege are still essential, but must evolve into ephemeral, task-bound, and continuously verified systems to handle autonomous agents and machine-speed operations.

6) AI-driven threats and nation-state pressure are reshaping national security

AI-enabled attacks are accelerating the intrusion lifecycle by automating reconnaissance, exploitation, and data access with minimal human involvement. Adversaries can now operate at machine speed.

Nation-states remain the most capable and persistent actors in cyberspace, leveraging low-cost, high-impact operations to advance geopolitical objectives. AI automation and state-backed operations are creating a threat landscape defined by scale, persistence, and intent, not isolated events.

At the same time, critical infrastructure- a perennial nation-state target- is largely owned and operated by the private sector. As a result, private companies now sit at the center of national resilience.

Public–private collaboration, a recurring topic in recent years, is becoming even more essential to counter rapidly evolving threats. Organizations must modernize identity, governance, detection, and response architectures as adversaries blend AI-enabled techniques with nation-state capabilities. Founders, CISOs, and executives will play a direct role in shaping national security in the decade ahead.

Conclusion

As we collectively navigate these emerging challenges, the importance of building community has never been more evident.

Cybersecurity remains a team sport. We all play a critical part in defending our interconnected organizations, nations, and world. Thank you to the Forgepoint community for gathering with us to debate, learn, and chart a path forward, together.

With appreciation

A special thank you to all of the speakers, panelists, presenters, and guests who shared their insights, expertise, and participation. Here’s to your continued leadership and work to advance innovation.

  • Ahmed Achchak, Co-founder and CEO, Qevlar AI
  • Dr. Ed Amoroso, Founder and CEO, TAG Infosphere
  • Rick Caccia, Co-founder and CEO, WitnessAI
  • Peter Dixon, CEO, Arkenstone Defense
  • Mike Engle, Co-founder and CSO, 1Kosmos
  • François Gaspard, Co-founder and CEO, Tadaweb
  • Amanda Grady, VP & GM, Platform Foundations & AI Platform Security, ServiceNow
  • Derek Maki, SVP and Head of Product, Veracode
  • George Manuelian, Co-founder and Chief Strategy and Sales Officer, RapidFort
  • Matt Moynahan, CEO, GetReal Security
  • Sam Mugel, Co-founder and CTO, Multiverse Computing
  • Joe Nocera, US CISO and NIS Managing Partner, PwC
  • Jose Palacio, Chief Data and Artificial Intelligence Officer for Wealth Management & Insurance and Global Head of AI Adoption & Engagement, Santander
  • Naor Paz, Co-founder and CEO, Capsule Security
  • Admiral Michael S. Rogers, U.S. Navy (Ret.)
  • Ramin Safai, CISO, Point72
  • Nanda Santhana, Co-founder and CEO, DataBahn
  • Marc Sorel, Partner & Cybersecurity Practice Lead, McKinsey
  • Julie Talbott-Hubbard, Vice President, Security Services, AHEAD
  • Mohit Tiwari, Co-founder and CEO, Symmetry Systems
  • David Villalon, Co-founder and CEO, Maisa
  • Brian White, Managing Director & Co-Head of Technology Investment Banking, Piper Sandler

With Alberto Yépez, Don Dixon, Kathryn Shih, and the Forgepoint team.