TL;DR: Forrester named Orca a Strong Performer in The Forrester Wave for Cloud Native Application Protection Solutions, with top scores in six criteria including CSPM, CIEM, agentless cloud workload protection, IaC security, agentic AI and co-pilots, and third-party integrations. The signal is clear: CNAPP is now being judged on whether it can connect visibility, identity, and runtime action across cloud and AI workloads.
At a glance
What this is: Forrester’s Q1 2026 CNAPP evaluation shows cloud security platforms are being measured on AI visibility, identity control, and runtime response as much as on detection.
Why it matters: That matters because IAM teams now have to govern machine, human, and agentic access as one control surface, not as separate tool sets.
By the numbers:
- In an evaluation of 14 vendors, Orca received the highest possible scores in 6 criteria.
👉 Read Orca Security’s analysis of the Q1 2026 CNAPP Wave
Context
Cloud-native application protection is increasingly an identity problem as much as a posture problem. Modern cloud estates expose human users, service accounts, workloads, and AI-driven components through the same trust fabric, which means access, exposure, and runtime behavior have to be judged together rather than in separate silos.
This Forrester evaluation matters because it shows where the CNAPP market is moving: toward platforms that can connect visibility into cloud assets with control over privilege, integrations, and AI-adjacent activity. For IAM, PAM, and NHI teams, that is a reminder that cloud security tooling is no longer just about finding risk. It is about deciding what can act, with what level of access, and under what governance.
Key questions
Q: How should security teams govern cloud entitlements when human, machine, and AI access overlap?
A: They should treat cloud entitlements as a shared governance layer, with clear ownership for each identity type and a revocation path that can act on excess privilege quickly. The practical test is whether identity graphs lead to corrective action, not just reporting. If teams cannot trace access back to a business owner, governance is already too weak.
Q: When do agentless cloud controls need to be supplemented with runtime sensors?
A: They need supplementation when the workload risk depends on process behavior, privilege escalation, or local policy enforcement that control-plane telemetry cannot see. Agentless coverage is useful for speed and breadth, but it can miss what happens inside the host. Teams should add sensors where enforcement, not just observation, is required.
Q: What do security teams get wrong about AI features inside cloud security platforms?
A: They often assume AI features are only about better analytics, when the bigger issue is whether those features influence access, response, or automation decisions. Once AI is connected to cloud operations, it becomes part of the identity and governance model. Teams should ask who approved the workflow, what it can do, and how it is audited.
Q: Should organisations re-evaluate CNAPP after major AI adoption in cloud environments?
A: Yes, because AI adoption increases the number of identities, integrations, and runtime decisions that CNAPP must interpret. That changes the evaluation from pure visibility to governance over action. Organisations should re-check whether their platform can connect entitlements, workloads, and AI-driven activity into one control story.
Technical breakdown
Why CNAPP now depends on CIEM and identity graph depth
CNAPP has moved beyond scanning misconfigurations. CIEM, or cloud infrastructure entitlement management, maps who and what can access cloud resources, then shows where entitlements exceed the intended role. In cloud estates, that graph often has to connect human identities, service principals, workload identities, and cross-account permissions. Once those paths are visible, security teams can assess whether the issue is configuration drift, over-privilege, or a delegated access chain that has grown beyond governance. The technical shift is from static posture reporting to relationship-aware entitlement analysis.
Practical implication: map cloud entitlements to identity owners so excessive access can be reviewed and revoked in the context of the real delegation chain.
Agentless cloud workload protection versus sensor-based runtime control
Agentless cloud workload protection inspects cloud control-plane and metadata signals without installing software in every workload. That gives broad visibility quickly, which is useful for fast-moving cloud environments and for estates where installing agents is operationally hard. Sensor-based protection adds runtime telemetry from the host, which can improve detection of privilege escalation, suspicious process activity, and policy violations inside the workload. The architectural question is not which model wins universally. It is where each model has blind spots, how they overlap, and whether the platform can turn telemetry into enforced response rather than just alerts.
Practical implication: validate where agentless coverage ends and whether host-level telemetry is needed for your highest-risk workloads.
Agentic AI and co-pilots inside CNAPP are a governance issue
When a CNAPP platform claims visibility into agentic AI and co-pilots, the relevant question is not only detection. It is whether the platform can understand AI-driven actions as identity events, tie them to privilege, and distinguish intended automation from unsafe delegation. For autonomous or semi-autonomous components, the security model must account for runtime decisions that may combine tools, data, and execution timing in ways static policy did not anticipate. That makes access governance, auditability, and response orchestration inseparable from the AI workflow itself.
Practical implication: treat AI-adjacent cloud activity as identity-governed execution, not just application telemetry.
Breaches seen in the wild
- Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
- Codefinger AWS S3 ransomware attack — Codefinger used compromised AWS credentials to encrypt S3 buckets via SSE-C.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
CNAPP is being evaluated as an identity control plane, not just a detection stack. The Forrester criteria that matter here are CIEM, agentic AI visibility, cloud workload protection, and third-party integrations, which tells us the market is converging on relationships rather than isolated findings. Security teams do not only need to see what is wrong. They need to understand who or what can act, what it can touch, and how quickly that state changes. The practitioner conclusion is that cloud protection and identity governance are now converging into one operating model.
Least-privilege enforcement is becoming the differentiator that separates usable cloud security from noise. Orca’s cited CIEM strengths point to a broader market expectation: entitlement graphs are useful only if they lead to revocation, not dashboards. In cloud environments, excessive permissions are the bridge between exposure and impact, especially when human and machine identities share the same platforms. The practitioner conclusion is that entitlement drift has to be treated as operational debt, not reporting data.
Agentic AI inside cloud security breaks the old assumption that automation stays within predictable guardrails. Least privilege was designed for access that is provisioned, reviewed, and held stable long enough for governance to observe it. That assumption fails when the actor is autonomous because it can select actions and tools at runtime, and may change what it does faster than a review cycle can capture. The implication is that cloud IAM programmes must rethink how they define intended access for systems that do not remain in one state long enough to certify.
Runtime response is now part of the control surface, not an afterthought. The evaluation emphasis on agentless protection, sensor-based controls, and attack-path mitigation shows that visibility alone is no longer enough. CNAPP is being asked to decide and act across identities, workloads, data, and external exposure. The practitioner conclusion is that response logic, entitlement logic, and runtime evidence now belong in the same governance conversation.
From our research:
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, even though 92% agree governing them is critical to enterprise security.
- The governance gap is now broad enough that practitioners should compare cloud entitlement control with the OWASP Agentic AI Top 10 and decide where cloud IAM must absorb agentic risk.
What this signals
AI adoption in cloud operations is forcing CNAPP teams to think in identity terms. With 70% of organisations granting AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey, entitlement governance is now a board-level exposure, not a tooling nuance. Teams should expect more pressure to unify cloud posture, CIEM, and AI governance under one operating model.
Cloud security programmes should expect evaluation criteria to keep shifting toward actionability. Visibility into risk is no longer enough when identities can be human, machine, or AI-driven in the same environment. The programmes that will hold up are the ones that can prove who has access, what they can do, and whether the platform can enforce limits when policy is exceeded.
For practitioners
- Align CNAPP ownership with identity governance Assign clear ownership for cloud entitlements, workload identities, and AI-adjacent access paths so CIEM findings are reviewed by the team that can actually revoke or reshape privilege.
- Verify where agentless visibility stops Test whether your current platform can see privilege escalation, process activity, and policy violations in the workloads that matter most, or whether you need complementary sensor coverage.
- Map AI-assisted workflows to identity events Classify co-pilots, agentic components, and automation paths as identity-bearing execution so their actions can be logged, reviewed, and governed like other privileged actors.
- Turn entitlement graphs into revocation workflows Set thresholds for excessive cloud access, define who approves revocation, and wire CIEM alerts into the remediation process instead of leaving them as visibility-only signals.
Key takeaways
- CNAPP is increasingly being judged as an identity governance layer because cloud risk now follows access relationships, not isolated alerts.
- The Forrester criteria highlight that visibility, CIEM, and runtime response have become inseparable in cloud security evaluations.
- Practitioners should verify whether their platforms can turn entitlement insight into revocation, especially where AI-driven activity is part of the workload mix.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Cloud entitlements and privilege review are central to this CNAPP evaluation. |
| NIST Zero Trust (SP 800-207) | SC-7 | CNAPP visibility and enforcement align with zero-trust control of cloud paths and resources. |
| OWASP Agentic AI Top 10 | A3 | Agentic AI visibility is directly relevant where AI-driven actions affect cloud access and response. |
Map cloud identity findings to PR.AC-4 and ensure excessive access is remediated through a defined owner.
Key terms
- Cloud Native Application Protection Platform: A CNAPP is a cloud security platform that combines posture management, workload protection, and entitlement analysis in one operating model. In practice, it tries to connect misconfiguration, identity, and runtime risk so teams can see how exposure becomes impact across cloud environments.
- Cloud Infrastructure Entitlement Management: CIEM is the discipline of discovering, analyzing, and reducing excessive permissions in cloud environments. It focuses on the identity relationships behind access, including human, machine, and service identities, so teams can see where privilege has grown beyond the intended business need.
- Agentless Workload Protection: Agentless workload protection observes cloud workloads without installing a host agent on each system. It is useful for rapid coverage and low operational overhead, but it depends on cloud control-plane and metadata visibility, which means it can miss some runtime behaviors inside the workload itself.
- Agentic AI Visibility: Agentic AI visibility is the ability to detect and interpret AI-driven actions as governed identity events rather than generic application activity. It matters because autonomous or semi-autonomous systems can combine access, tools, and timing in ways that change risk at runtime.
Deepen your knowledge
Cloud entitlement governance and AI-adjacent access control are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are trying to bring cloud identity, workload access, and agentic risk into one operating model, it is worth exploring.
This post draws on content published by Orca Security: Forrester Wave Q1 2026 CNAPP evaluation results. Read the original.
Published by the NHIMG editorial team on 2026-02-17.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
