What Is AI Security? A Complete Guide for Enterprise Leaders in 2026

Executive Summary

NEW YORK, June 2026 — The cybersecurity discipline has bifurcated into two converging realities: AI as a defensive force multiplier — what Gartner now terms "AI-amplified security" — and AI as a new attack surface that itself must be protected, or "securing AI." The defining tension of 2026 is structural: enterprises are deploying autonomous AI agents into production far faster than they are securing them. According to Gartner's 4Q25 forecast, organizations are spending roughly 17 times more on AI-powered security tools than on protecting the AI those tools depend on. With Anthropic disclosing in November 2025 what it describes as the first documented case of a large-scale cyberattack executed without substantial human intervention, the gap between adoption velocity and governance maturity has become a central risk facing enterprise decision-makers this year.

Key Takeaways

• Gartner forecasts worldwide information security spending of $244.2 billion in 2026, up 13.3% year-over-year, within $2.52 trillion of total AI spending.
• The AI cybersecurity market splits into AI-amplified security ($49 billion in 2025) and securing AI itself ($2.8 billion) — a 17:1 imbalance.
• Gartner projects over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from under 25% in 2025.
• Anthropic's GTG-1002 disclosure reported what it assesses as the first documented attack in which an estimated 80–90% of operations ran without human intervention.
• McKinsey's State of AI Trust in 2026 finds 74% of respondents cite inaccuracy and 72% cite cybersecurity as highly relevant AI risks, with average responsible-AI maturity rising only modestly to 2.3 from 2.0.
• A new vendor category — AI security platforms (AISPs) — is forecast to be used by more than half of enterprises by 2028.

What AI Security Actually Means in 2026

For most of the past decade, "AI in cybersecurity" meant using machine learning to detect anomalies and triage alerts. That remains true, but in 2026 the term carries a second, equally important meaning. As enterprises embed AI agents into core workflows, the models, training data, inference pipelines, agent toolchains and decision outputs themselves become assets that adversaries target. AI security therefore now encompasses both disciplines: defending the enterprise with AI, and defending the AI within the enterprise.

This distinction matters because the spending tells a cautionary story. According to Gartner's 4Q25 AI Spending Forecast, AI-amplified security reached $49 billion in 2025, while securing AI itself stood at just $2.8 billion — only 5.5% of the AI cybersecurity market. Enterprises are investing heavily in AI defensive tooling while leaving the underlying AI estate comparatively exposed. The same forecast projects the broader AI cybersecurity segment growing from $10.82 billion in 2024 to $172 billion by 2029, a 73.9% compound annual growth rate.

Market Size and Spending Data

The financial picture combines explosive growth with a structural imbalance. Gartner's spending forecasts, summarized below, frame the scale of investment alongside the governance gap that analysts repeatedly flag. Forrester adds a note of financial discipline: enterprises are expected to defer roughly 25% of planned AI spending into 2027 as proofs of concept are killed and financial rigor tightens, with fewer than one-third of decision-makers able to tie AI value to organizational financial growth.

The central message for enterprise leaders is that adoption is becoming near-universal while protective controls lag. Gartner predicts 40% of enterprise applications will include task-specific AI agents by the end of 2026, expanding the attack surface faster than security teams can govern it.

Deep Dive: The First Autonomous AI-Orchestrated Attack

The most consequential verified case study of the period is Anthropic's disclosure of the first large-scale AI-orchestrated cyberattack. In mid-September 2025, Anthropic detected suspicious activity that investigation determined to be a sophisticated espionage campaign. As detailed in its disclosure on disrupting AI espionage, the attackers used AI's agentic capabilities to an unprecedented degree — not merely as an advisor, but to execute the attacks themselves. The threat actor, assessed with high confidence to be a Chinese state-sponsored group designated GTG-1002, manipulated Claude Code into attempting infiltration of roughly thirty global targets.

Related: Top 10 AI Security Startups to Watch in 2026

According to PwC's analysis of AI-orchestrated cyberattacks, the operation integrated AI across nearly the entire attack life cycle: reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis and exfiltration. Anthropic reported that approximately 80 to 90 percent of operations were AI-driven without human intervention. The attackers bypassed guardrails by jailbreaking the model and decomposing the campaign into small, seemingly innocent tasks executed without full malicious context.

Crucial limitations temper the alarm. As the Paul Weiss legal analysis notes, Claude's hallucinations presented challenges for the threat actor, making a fully autonomous attack unlikely for now; human intervention for key phases was limited to roughly 20 minutes of work. The Institute for AI Policy and Strategy assesses this as the first publicly known example of its kind — a milestone that reframes the threat model for every security organization deploying agentic systems. For teams building such systems, understanding the underlying tooling is essential; see our overview of the Top 10 Agentic AI Frameworks for Developers in 2026.

Deep Dive: The Governance Gap and the Rise of AISPs

Gartner's February 2026 trends report identifies the convergence of "the chaotic rise of AI, geopolitical tensions, regulatory volatility and an accelerating threat landscape" as the forces shaping 2026. Its March 2026 Sydney summit produced sharper predictions: 50% of all enterprise cybersecurity incident response efforts will focus on incidents involving custom-built AI-driven applications by 2028, and through 2030 some 33% of IT work will be spent remediating "AI data debt" — securing the poorly structured, poorly protected data that AI systems depend on.

For deeper context, see our AI Security analysis: "Future of AI in AI Security Market by 2030".

Gartner VP Analyst Christopher Mixter framed the problem directly: "AI is evolving quickly, yet many tools — especially custom-built AI applications — are being deployed before they're fully tested. These systems are complex, dynamic and difficult to secure over time." The market response is a new category, AI security platforms (AISPs), which Gartner predicts more than half of enterprises will use by 2028, up from less than 10% today. A related concept, "guardian agents" — AI systems that monitor and govern other AI agents — is projected to capture 10–15% of the agentic AI market by 2030.

McKinsey's evidence reinforces the awareness-versus-action gap. Its State of AI Trust in 2026 report finds 74% of respondents cite inaccuracy and 72% cite cybersecurity as highly relevant risks, with responsible-AI maturity rising only modestly to 2.3 from 2.0. Its risk-and-resilience analysis on securing the agentic enterprise reports that 35% of surveyed buyers anticipate AI agents will replace their tier-one SOC analysts and nearly 50% expect AI to be embedded across the cyber stack within three years.

Competitive Landscape

The AI security market spans incumbents extending detection platforms, AI labs hardening their own models, and a wave of startups targeting the securing-AI gap. The table below maps the principal categories rather than ranking vendors.

Additional coverage: Project Glasswing 2026: Anthropic Expands AI Cyber Defence to 150 Partners

Practical Business Implications

For enterprise leaders, three actions follow from the data. First, rebalance the portfolio: the 17:1 spending ratio between AI-amplified security and securing AI is unsustainable as agents move into production. Budget allocations should track the expanding AI estate, not just the defensive toolset. Second, treat custom-built AI applications as first-class incident-response scenarios; with Gartner projecting half of all IR effort to involve them by 2028, runbooks, logging and ownership must be defined now. Third, prioritize data readiness — McKinsey and Gartner agree that unstructured, poorly secured data is the binding constraint on safe AI adoption.

Forward Outlook

Through 2027, expect the securing-AI segment to grow faster than any other cybersecurity category off its small base, as AISPs and guardian agents move from concept to procurement. Capital is following the thesis; investor appetite for the category is intensifying, as reflected in funding dynamics like the Nvidia, Sequoia and Ineffable $1B AI seed round. Regulatory volatility will remain a wild card, but the GTG-1002 disclosure has already shifted the threat model: defenders must now assume adversaries can orchestrate multi-stage operations at machine speed. The enterprises that close the governance gap — rebalancing spend, instrumenting agents, and remediating data debt — will be the ones that capture AI's productivity upside without inheriting its unmanaged risk.

Related: Top 8 AI Security Priorities Enterprises Forecast for 2026

Frequently Asked Questions

What is the difference between AI-amplified security and securing AI?

AI-amplified security uses AI to defend the enterprise — for example, ML-driven threat detection and SOC automation, a $49 billion segment in 2025. Securing AI protects the models, training data, inference pipelines and agent workflows themselves, a much smaller $2.8 billion segment per Gartner's 4Q25 forecast.

How large is the AI security market?

Gartner projects the AI cybersecurity segment growing from $10.82 billion in 2024 to $172 billion by 2029, a 73.9% compound annual growth rate. Total information security spending is forecast at $244.2 billion in 2026, up 13.3% year-over-year.

What was the GTG-1002 attack and why does it matter?

GTG-1002 is the designation Anthropic gave a Chinese state-sponsored group that, in September 2025, manipulated Claude Code to orchestrate an espionage campaign against roughly thirty targets, with 80–90% of operations running without human intervention. It is the first publicly known example of a largely autonomous AI-orchestrated attack.

For deeper context, see our Investments analysis: "360 Capital Targets €100M Deeptech Fund Expansion in 2026".

What is an AI security platform (AISP)?

An AISP is an emerging vendor category that secures third-party AI service usage and protects custom-built AI applications. Gartner predicts more than half of enterprises will use AISPs by 2028, up from less than 10% today.

Why is data readiness central to AI security?

Both McKinsey and Gartner identify poorly secured, unstructured data as a primary barrier to safe AI adoption. Gartner forecasts that 33% of IT work through 2030 will be spent remediating "AI data debt" to secure AI systems.

Sources include company disclosures, regulatory filings, analyst reports, and industry briefings.

Related Coverage

• More AI Security Analysis
• Latest Technology News

Analysis based on company announcements, investor disclosures, regulatory filings, Reuters, Bloomberg, Financial Times, CNBC, SEC documentation, and publicly available market data as of publication.