Executive Summary
The Year Everything Gets Real
2026 is the year AI data security moves from "emerging concern" to "operational reality." Every organization we surveyed—every single one—has agentic AI on their roadmap. The question isn't whether AI will touch your sensitive data. It already does.
The uncomfortable truth: most organizations aren't ready. They've started the work. Very few have finished it.
This report identifies 15 predictions for enterprise data security in 2026, based on a survey of 225 security, IT, and risk leaders across 10 industries and 8 regions. What we found is a market in transition: significant gaps in AI-specific capabilities, and a widening divide between organizations with board attention on AI governance and those without.
AI Agent Swarms Move From Theory to Field Use
In mid-September 2025, Anthropic reported detecting and disrupting a cyber-espionage operation it attributes (with high confidence) to a Chinese state-sponsored group it calls GTG-1002. The actor used Claude Code plus Model Context Protocol (MCP) tools and ran multiple Claude instances in groups as autonomous “orchestrators” to execute major parts of the intrusion life cycle—reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, and data analysis.
Anthropic says the campaign targeted ~30 entities and that AI executed ~80-90% of tactical work, with humans stepping in only at a few critical decision points (roughly 4-6 per campaign)—for example, approving escalation from recon to exploitation and deciding what to exfiltrate.
One defensive insight: Anthropic observed the AI sometimes overstated findings or fabricated data (e.g., “working” credentials that failed), forcing validation and slowing attackers down. What to do now: treat agent runtimes + tool connectors as privileged infrastructure—lock down who/what can run tools, enforce allowlists, monitor high-rate automation, and maintain a fast “kill switch” for suspicious agent activity.
Gaps That Matter
Containment Gap: Organizations have invested in watching what AI does—human-in-the-loop (59%), monitoring (58%). They haven't invested in stopping it—kill switch (40%), purpose binding (37%). That's a 15-20-point gap between observing and acting. 60%+ can't terminate a misbehaving AI agent or enforce purpose limitations.
Keystone Capabilities: Evidence-quality audit trails and AI training-data recovery predict overall maturity better than industry, region, or size. Organizations with audit trails show +20-32-point advantages on every AI metric. But 61% have fragmented logs across systems—not actionable evidence.
Board Effect: 54% of boards aren't engaged on AI governance. Those organizations are 26-28 points behind on every AI maturity metric. This is the strongest correlation in the survey.
Data Sovereignty Gap: Organizations have solved sovereignty for storage—not for AI processing. 29% cite crossborder AI transfers as exposure, but only 36% have visibility into where data is processed, trained, or inferred.
Critical Outliers
Government is a generation behind: 90% lack purpose binding, 76% lack kill switch, 33% have no dedicated AI controls—while handling citizen data and critical infrastructure.
Australia is the benchmark: +10-20 points on nearly every metric, with the strongest pipelines. Leading on AI adoption AND controls.