Cybersecurity Innovation Trends

As 2024 winds down, it's the perfect time to reflect on the identity security ecosystem, which is evolving faster than ever. This year, I've had the privilege of speaking to more than 60+ founding teams and track the best companies driving innovation in this space. This week marks Gartner IAM Week; it's a fitting backdrop to highlight how far the identity ecosystem has come and what lies ahead. First, it's become clear that the traditional identity pillars have evolved: 1️⃣ Identity Access Mgmt (IAM) 2️⃣ Identity Gov & Administration (IGA) 3️⃣ Privileged Access Mgmt (PAM) Why? The primary reason is as more enterprises move to the cloud and see a proliferation of SaaS Apps and now AI, traditional solutions haven't, and attackers have found new ways in. Based on my research, a future (holistic) platform needs to incorporate the following: ☑️ Identity attack & behavioural protection (ITDR+) ☑️ Next-Gen IGA for SaaS & lifecycle mgmt for admins ☑️ Centralized real-time engine of all identity data (Human + Non) ☑️ Holistic visibility + lifecycle protection of all NHIs, including secrets ☑️ Identity hygiene & posture + privilege mgmt (aka ISPM) I don't expect anyone to cover "ALL" areas anytime soon since these are distinct problems, but a platform requires at least 3/5 🤔 As an analyst, my big question is, where will the next "big" identity platform emerge? So far, the industry has seen clear winners emerge (based on revenue metrics): ▪️ Microsoft Entra is by far the dominant across all areas (and It's not close!) ▪️ Okta has emerged as #2 in IAM showing IAM is complex ▪️ CyberArk nearing $1B ARR in PAM and is expanding (successfully) into newer areas. Delinea is a fair #2 in PAM. ▪️ SailPoint and Saviynt lead the charge in traditional IGA ▪️ CrowdStrike is a leader in Identity protection, and Silverfort is a fair #2. So, the big question remains: What’s (Who's) next for identity in 2025? While predictions are futile, here are areas I’m watching closely based on my research: 1️⃣ Non-Human Identities (NHI): Exploiting APIs, secrets, & service accounts demands new approaches, and we've MANY companies evolve to solve this. Which startups will survive this time next yr? 2️⃣ Identity Security Posture Management (ISPM): Will this be the next frontier in reducing identity risks pre-runtime? 3️⃣ Next-Gen IGA: Can we reinvent and, importantly, simplify governance for a modern IT? 4️⃣ Advanced ITDR and Identity Protection: How will solutions evolve to tackle increasingly sophisticated identity threats? 5️⃣ Customer Identity (CIAM): While this is not a core focus of the Software Analyst research, this one is fascinating to watch. Identity security is at an inflection point, and the next big opportunity might come from one of these categories—or perhaps an area we’ve yet to imagine. What do you think? **** I'm no longer taking vendor briefings this year. Follow Francis; I'll be doing more research and sharing as always, but thoughts welcomed!

Cybersecurity predictions are easy. Preparing for them is the real challenge. Most organizations are still building defenses for yesterday’s threats. But the threat landscape is changing faster than most security programs. A few shifts already shaping the next phase of cybersecurity: → AI vs AI security battles Attackers are using AI to automate phishing, malware creation, and reconnaissance. Defenders are using AI to accelerate detection, correlation, and response. → Identity becoming the main attack surface Compromised credentials, session hijacking, and deepfake-enabled fraud are increasing. Identity is becoming the new perimeter. → Zero Trust moving from concept to default Continuous verification of users, devices, and applications is replacing one-time access. → Supply chain becoming a major entry point Attackers increasingly target smaller vendors to reach larger organizations. → Cloud and API exposure expanding Misconfigurations, excessive permissions, and poorly secured APIs remain common entry points. → Ransomware operations evolving Ransomware-as-a-Service lowers the barrier for attackers and increases the scale of attacks. → AI-powered phishing targeting employees Social engineering is becoming more realistic and harder to detect. → Encryption preparing for the quantum era Organizations are starting to evaluate post-quantum cryptography to future-proof data. → Regulation becoming stricter Cyber incidents now directly impact legal risk, reputation, and financial exposure. → Security becoming a board-level topic Cybersecurity is no longer just an IT function. It is a business responsibility. The big takeaway: Cybersecurity is moving from reactive defense to continuous risk management. And organizations that treat it only as a technical problem will struggle to keep up. Curious to hear your view: Which of these trends will have the biggest impact on organizations in the next few years? P.S. The cheat sheet below summarizes the 10 cybersecurity shifts many security teams are preparing for.

AIM Research has just Launched its GenAI-Powered Cybersecurity Vendor Landscape Report. The cybersecurity landscape is undergoing a significant transformation with the integration of Generative AI. Here are some key Insights: ✢ Major cybersecurity providers are not just adding GenAI features—they're fundamentally rethinking their platforms to incorporate AI agents, copilots, and context-aware assistants. This shift is moving tools from private previews to public availability, signaling a readiness for broader implementation in 2024. ✢ The industry faces a skill-gap and burnout crisis. GenAI-powered tools are emerging as a solution to alleviate these challenges by handling repetitive and intricate tasks. ✢ Vendors are expanding beyond traditional solutions. We're seeing the rise of AI agents that autonomously monitor and respond to incidents, copilots that assist IT teams in real-time, and platforms that simulate attacks to test and strengthen security postures. ✢ The new wave of tools brings capabilities like intelligent summarization, natural language querying, multilingual conversational functions, proactive security measures, alert prioritization, decision-ready analysis, guided recommendations, and automation. ✢ Vendors are focusing on enhancing functionalities in autonomous threat detection and providing transparency in how AI systems reach conclusions. Access the complete report here: https://lnkd.in/gxj8vY3N Darktrace, Deep Instinct, Dropzone AI, ExtraHop, Fortinet, Mandiant (part of Google Cloud), Prophet Security, Torq, Radiant Security, ReliaQuest, SentinelOne, Simbian, Swimlane, Sysdig, Wiz, Stream.Security, Sysdig, CrowdStrike, Palo Alto Networks, Orca Security, Cisco, ZEST Security, Proofpoint, Aqua Security, Netskope, Dazz, Sweet Security, Zscaler, Sentra, Tenable, Mitiga, Rapid7, Trend Micro, Lacework, Uptycs

Five recent mergers and acquisitions highlight how cybersecurity vendors are converging technology with services to capitalize on the US$10 billion MDR opportunity, which Canalys (now part of Omdia) is forecasting to grow 16% in 2025: • Sophos’ US$849 million purchase of Secureworks, which closed in February, giving it 2,000 enterprise accounts, and expanding MDR with XDR and SIEM assets, and DFIR and advisory services. • Arctic Wolf’s US$160 million purchase of Cylance Inc., which also closed in February, giving the MDR provider EDR and AI assets, and a customer base to migrate. • The merger between Cybereason and Trustwave, announced in November, bringing together Cybereason’s EDR with Trustwave’s MDR, DFIR and consulting. • WatchGuard Technologies’s purchase of ActZero for an undisclosed sum in December, which expands its existing MDR offering with automated threat response and third-party integrations. • N-able’s US$266 million acquisition of its XDR/MDR tech partner Adlumin in November. This is a highly competitive market with others like Alert Logic (acquired by Fortra), Bitdefender, Check Point Software (aquired rmsource), CrowdStrike, eSentire, OpenText (acquired Pillr), ReliaQuest, SonicWall (acquired Solutions Granted), ThreatLocker and Trend Micro and many more scaling offerings. The path to MDR emerging as a category has been gradual, yet inevitable. On the demand side of the equation is the threat landscape. More attackers are targeting smaller and midsized organizations that have less cybersecurity resources. On the cybersecurity supply side of the equation, the widening skills gap and growing complexity. Moreover, businesses need help securing their environments, and technology alone cannot fill the gap. The recent acquisitions highlight the direction of MDR services. For SMBs, scalable, low-touch, and automated services that go beyond managed EDR with poorly defined response services to managed XDR and risk management services, compliant with cyber insurance. For larger customers, more tailored offerings, with broader integrations, custom playbooks, threat hunting, and extensive DFIR. As a result, there will be more M&A between cybersecurity vendors and MDR providers. However, more than 90% of cybersecurity spending is to, through and with partners. Invariably, vendors will increasingly find themselves competing with their partners. The most successful vendors will be those that take a partner-first approach, enabling those that just want to resell or refer to do so without friction, and enabling more service-led partner to co-sell and co-deliver.

To those focused on cyber warfare and defense, the implications of this new "Hellscape" concept for Taiwan are profound not just for kinetic warfare, but for how we think about the future of automated kill chains. The Center for a New American Security (CNAS) just released a report detailing a transition from a passive "porcupine" strategy to a proactive, uncrewed Hellscape. For those of us in the cybersecurity and defense industry, this is a masterclass in leveraging low-cost, high-density technology to disrupt a much larger adversary's operational rhythm. 🛠️ Engineering the Automated Kill Chain The Hellscape concept isn't just about hardware; it’s about a highly resilient, multi-layered architecture designed to operate in the most "digitally toxic" environments imaginable. Layer 1: The Outer Edge (80km out): Flooding the zone with long-range kamikaze drones and USVs to force an adversary to deplete their high-end interceptors. Layer 2: The Muddy Middle (40km out): Using autonomous underwater vehicles (UUVs) to seed "smart" minefields that can repopulate themselves even after being swept. Layer 3 & 4: The Final Run & Beach: FPV drones and short-range rockets using autonomous terminal guidance (pixel lock) to hit targets even when all GPS and satellite communications are jammed. 🔐 The Cyber Lessons What fascinates me most about this strategy is its realism regarding electronic warfare. The authors explicitly call for systems that do not rely on a persistent "umbilical cord" to a command center. In a world where space and cyberspace are the first things to be contested, our systems must be: ⚫ Autonomous by necessity: Prepared to go "the last mile" without a human-in-the-loop if links are severed. ⚫ Affordable in mass: Trading "exquisite" platforms for thousands of disposable, smart sensors and shooters. ⚫ Self-Sufficient: Reducing reliance on external supply chains to ensure mission readiness during a blockade. As we look toward the 2027 benchmarks often discussed in this theater, the shift toward uncrewed, software-defined defense is a requirement. The question for my network: As we see kinetic and cyber capabilities blend into these automated kill chains, how are we evolving our defensive posture to counter "digital twins" and pre-rehearsed attacks? #CyberWarfare #DefenseInnovation #NationalSecurity #Taiwan #UncrewedSystems #CyberSecurity #Hellscape

Anthropic just made one of the most important moves in cybersecurity this year. Project Glasswing is a new initiative where Anthropic is partnering with AWS, Apple, Microsoft, Google, Cisco, CrowdStrike, NVIDIA, JPMorganChase, and others to use AI to find and fix critical software vulnerabilities before attackers do. The results so far are staggering: Claude identified thousands of high-severity vulnerabilities in major operating systems and browsers, including flaws that survived decades of human code review and millions of automated tests. Anthropic is backing this with $100M in model usage credits and $4M in donations to open-source security organizations. This is the kind of AI application that actually moves the needle for defenders. For years, the asymmetry in cybersecurity has favored attackers. Initiatives like Glasswing start to flip that. If you work in cybersecurity, this is worth paying attention to.

Every founder or founder-CTO who raised ₹5 crore+ in Q1 2026 should read this right now. Because India saw 250+ startup deals in Q1 2026. And a lot of those companies are still calling themselves “early stage.” But the moment your SaaS startup starts handling: customer data, employee laptops, contracts, support logs, billing records, third-party tools, and cloud access... You are no longer “just a startup” from a cyber-risk perspective. And this is the part many founders in India are still underestimating. The DPDP Rules were notified in November 2025. They require clear consent notices, set breach-notification expectations, and reinforce that users can ask to access, correct, update, or erase their data. The Rules also provide an 18-month phased compliance timeline. At the same time, CERT-In said it handled 29.44 lakh cyber incidents in 2025. So this is no longer a “we’ll fix it after the next round” issue. If you are a funded SaaS founder with 15, 30, or even 100+ people, and your co-founder is still acting as CTO, security owner, and incident-response team, you do not have a lean setup. You have concentrated risk. Cybersecurity starts the day your product becomes trusted with someone else’s data. And increasingly, we are seeing founders take a more structured approach to this, whether it is building internal practices or adopting platforms (like Seqrite) that help simplify security and DPDP readiness without adding enterprise-level complexity. Because the smartest founders in 2026 will not treat security and compliance as enterprise overhead. They will treat them as trust infrastructure. Because in SaaS, trust is not a legal line item. It is product. Which stage do you think most Indian SaaS founders still wait for before taking security seriously? Seqrite Quick Heal #SaaS #CyberSecurity #DataProtection #DPDP #StartupIndia #Founders #B2B #CloudSecurity #Trust #Compliance

As Europe finds itself at a geopolitical crossroads, the ability to fend for itself both economically and militarily is becoming increasingly important. The topic for today's #sundAIreads is the role of #AI in #defense. The reading I chose for this is a recent report co-authored by Ludwig Biller, Danny Rienecker, Dr. Nils Förster, and Dr. Germar Schröder from Strategy& on "The global AI race and defense's new frontier." The report can be downloaded here: https://pwc.to/4hBghGo. In the report, the authors argue that AI has become "a defining pillar of modern military advancements that will revolutionize strategic decision-making, surveillance, autonomous systems, and logistics." More specifically, the authors identify the following six fields of application: 1️⃣ Autonomous systems, particularly "real-time situational awareness and rapid decision support;" 2️⃣ Weapon systems, including "AI-driven target recognition and precision;" 3️⃣ Cyber security and warfare, already in widespread use in anomaly detection; 4️⃣ Battlefield analysis and combat support, such as "AI-driven data fusion and target recognition;" 5️⃣ Infrastructure and logistics, such as "predictive maintenance, digital twins, and route optimization;" and 6️⃣ Admin and support functions, particularly in "finance, budgeting, and workforce optimization." The United States still "retain the pole position" in AI defense innovation "backed by enormous private and public investment," but rival powers such as China are catching up. Ukrainian and Israeli forces are also already actively leveraging AI-driven solutions, e.g., for intelligence gathering and precision targeting. Germany, by contrast, is still lagging behind due to "significant technological, structural, and cultural barriers," including: ❌ Strategic fragmentation, with "AI initiatives [...] scattered among different agencies and EU programs;" ❌ Infrastructure deficits, such as "insufficient data centers, underdeveloped cloud computing, and a lack of edge computing infrastructure;" ❌ Cultural resistance, particularly a historically rooted aversion to militarization and taking any conceivable kind of risk; and ❌ Regulatory barriers, including "complex procurement processes and stringent ethical guidelines." Massive increases in both defense and infrastructure spending in Germany could, however, change the game: Since the announcement of chancellor in spe Friedrich Merz to attempt to exempt military spending from the country's fiscal rules, the share prices of German defense firms have soared. Needless to say, the use of AI in defense raises numerous ethical questions the leaders of liberal-democratic countries no longer have the luxury to leave unaddressed. As a German and European, I can only share the authors' hope that Germany's "clear and longstanding commitment to ethical governance and multilateralism" could ultimately result in it becoming a "global leader in responsible AI defense innovation."

We see this often : a sleek new #cybersecurity tool or a cutting-edge platform and now anything #AI hits the market, and suddenly, it becomes like a "Gold Standard" must-have for the industry. In the world of procurement of #technology and #security solutions, there's a dangerous psychological phenomenon at play. Popularity is often mistaken for suitability. When one sees peers, competitors and industry influencers adopting a specific technology, it seems to give a sense of comfort. But as the old adage goes, familiarity breeds contempt, and in the context of security, tech, infrastructure solutions, that contempt can lead to expensive, insecure ecosystems that fall short of their performance expectations and business justification. The contempt doesn't usually start with the tool, it starts with the misalignment between the tool and actual business needs : 🔸 The Shelfware Syndrome: Where the buy decision was more on industry hype rather than careful assessment of the specific pain points. Then, the tool is underutilized, teams become resentful of the complex interface they weren't trained for 🔸 The False Sense of Security: Familiarity with a brand name breeds a dangerous level of comfort. Often an EDR solution or a DLP is assumed to keep performing as implemented, but teams forget the routine monitoring, upgrades, rule resets etc, and such complacency is what attackers exploit. 🔸 Integration Friction: Just because a tool works for a large institution with a more mature setup doesn't mean it will play well with say, legacy manufacturing systems. In the absence of skill and integrators, it may feel like forced adoption, which create friction and workarounds, becoming dangerous grounds for security vulnerabilities. To avoid the trap of such "contemptuous familiarity", break the 'hype' cycle and consider procurement by the fundamentals : 💡 Why : Where's the gap in the internal process / control ? What specific risk is to be mitigated? Which process can be automated? Where can efficiency be brought, with detailed calculations, on the existing metrics vs expected ? 💡 How : Will the tool be integrated with our unique architecture, or will require substantial changes in say the APIs, connectors, workflows et all? Are there people and skillset to manage this? 💡 Where : Do the proposed tech match business goals ? ✔️ The hardest part of #digitaltransformation, be it large scale #AI #automation or a significant security tool, is to decide the start. ✔️ Make solid groundwork, so as to deliver the expected ROIs and long-term technology adaptations, rather than quick, disconnected experiments. ✔️ Begin with small pilots, and expand only when value is proven in controlled rollout ✔️ Engage a qualified, trained team to define, measure, monitor, gather user feedback and keep refining ✔️ Employ appropriate data management and security against every tech integration. Have you faced such challenges? Add in the comments. #cyberrisk #technologyrisk