CNAPP, CIEM and agentic AI: what Forrester’s wave suggests

TL;DR: Forrester named Orca a Strong Performer in The Forrester Wave for Cloud Native Application Protection Solutions, with top scores in six criteria including CSPM, CIEM, agentless cloud workload protection, IaC security, agentic AI and co-pilots, and third-party integrations. The signal is clear: CNAPP is now being judged on whether it can connect visibility, identity, and runtime action across cloud and AI workloads.

NHIMG editorial — based on content published by Orca Security: Forrester Wave Q1 2026 CNAPP evaluation results

Questions worth separating out

Q: How should security teams govern cloud entitlements when human, machine, and AI access overlap?

A: They should treat cloud entitlements as a shared governance layer, with clear ownership for each identity type and a revocation path that can act on excess privilege quickly.

Q: When do agentless cloud controls need to be supplemented with runtime sensors?

A: They need supplementation when the workload risk depends on process behavior, privilege escalation, or local policy enforcement that control-plane telemetry cannot see.

Q: What do security teams get wrong about AI features inside cloud security platforms?

A: They often assume AI features are only about better analytics, when the bigger issue is whether those features influence access, response, or automation decisions.

Practitioner guidance

• Align CNAPP ownership with identity governance Assign clear ownership for cloud entitlements, workload identities, and AI-adjacent access paths so CIEM findings are reviewed by the team that can actually revoke or reshape privilege.
• Verify where agentless visibility stops Test whether your current platform can see privilege escalation, process activity, and policy violations in the workloads that matter most, or whether you need complementary sensor coverage.
• Map AI-assisted workflows to identity events Classify co-pilots, agentic components, and automation paths as identity-bearing execution so their actions can be logged, reviewed, and governed like other privileged actors.

What's in the full analysis

Orca Security's full report covers the operational detail this post intentionally leaves for the source:

• Criterion-by-criterion scoring context across the 14-vendor evaluation
• Specific observations on CSPM, CIEM, and agentless workload protection performance
• Evidence quoted from Forrester on integrations, support response, and access graphs
• Product-level descriptions of sensor behaviour and deployment trade-offs

👉 Read Orca Security’s analysis of the Q1 2026 CNAPP Wave →

CNAPP, CIEM and agentic AI: what Forrester’s wave suggests?

Explore further

View Full Forum →  |  NHI Foundation Course →