5 network security predictions for 2026
What does 2026 have in store for network security? Omdia analyst John Grady shares his top five predictions for the upcoming year.
- John Grady,
-
Omdia
Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
With the end of 2025 quickly approaching, it's time to look forward to 2026 and explore some key themes security leaders should be aware of to help focus their efforts.
In reviewing my 2025 predictions, one that exceeded my expectations was Palo Alto Networks' acquisition of CyberArk. In December 2024 I wrote, "For both zero trust and SASE, integrations with identity providers are critical. Privileged access management has become a core use case for many zero-trust network access vendors. Ultimately, I could see a scenario where a network security vendor looks at the identity market and decides there's enough opportunity to take a chance." I'm not sure I had a $25 billion acquisition in mind when I wrote that.
So, what's in store for the upcoming year? Unsurprisingly, AI has at least a mention across all my predictions for 2026. Which isn't to say it's the only thing on the agenda, but it has become so pervasive that it will be at least a tangential consideration in most areas.
Without further ado, here are my five network security predictions for 2026.
Zero trust for AI becomes a priority
Zero trust has shifted from a marketing buzzword to a security imperative, reinforced by reference architectures and executive orders from the federal government. Many organizations are implementing broad zero-trust architectures across their environments, but due to the complexity of these projects and the fact that zero trust is a journey and not a destination, it remains a work in progress for most.
Yet, IT innovation continues to march forward. Before most organizations have a handle on zero trust generally, they'll have to consider how to apply it to AI. This includes securing user access to public AI applications, AI model access to data sources and, most importantly, AI agent access to a variety of resources.
Identity is already a foundational pillar of zero trust, but many organizations are still working on incorporating risk- and contextual-based access models to their environments. This will be critical, especially as agentic architectures take hold and become more autonomous.
Living-off-the-land attacks become pervasive, in part due to AI
LOTL attacks have been an ongoing trend over the last few years, with Bitdefender reporting that 84% of the 700,000 cyberincidents it analyzed used LOTL techniques of some kind. As attackers continue to use AI and shift to agent-based attacks, the prevalence of LOTL attacks will only grow.
Detecting and mitigating these attacks will take a multilayered and coordinated effort. Network-based tools, such as microsegmentation and network detection and response, will be critical to detecting and preventing lateral movement, command and control traffic, and other anomalous behavior that bypasses signature-based defenses.
Browser security heats up, but to augment, not replace existing tools
The browser security market has garnered a lot of attention over the past couple of years. The vendor side has seen significant activity, and 2026 will see security teams invest heavily in these capabilities.
Rather than replacing existing tools, however, most teams will look at browser security as a complementary addition to the tools already in place. Part of this will be driven by the type of approaches available. SASE vendors have released browsers to extend protection to the endpoint and support AI security. Standalone secure browser extension vendors tout the flexibility of continuing to use a standard browser with more secure capabilities. Not all organizations want to deploy a new, standalone browser to all their users. But there is no question that adding greater visibility and control over activity in the browser should be on every security leader's priority list in 2026.
The AI security market begins to thin out
This will be a continuation of a trend we saw in 2025. Most AI security companies focus on a specific AI use case, for example, securing employee use of public AI applications, defending internal AI models and AI-enabled applications, securing agentic AI architectures and using agentic architectures in the SOC. These use cases are too close to existing markets for established vendors to stand pat, and too distinct for a unified AI security approach in most cases. Add in the trend of platformization and it stands to reason that large network and SaaS security vendors, application and API security vendors, identity vendors and SOC vendors will find it most feasible to acquire the capabilities they need to extend fully into AI.
SaaS security consolidation accelerates
Similarly, it has become harder and harder for SaaS security vendors to survive as standalone entities. We have already seen notable acquisitions by Check Point, Fortinet and CrowdStrike in this area. This is also arguably the area where AI is the cleanest extension of an existing market. Employees accessing public AI applications is extremely close to the traditional SaaS security use case -- security teams need visibility and control over what applications are being accessed, the data being shared with those applications, distinct policies for corporate instances and open instances, and more. Monitoring for malicious prompt returns and tracking content generated by these applications are more specific capabilities, but on the whole, they are similar use cases. We'll continue to see many of these capabilities be subsumed by SASE platforms.
John Grady is a principal analyst at Omdia who covers network security. Grady has more than 15 years of IT vendor and analyst experience.
Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.
