Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

CNAPP, CIEM and agentic AI: what Forrester’s wave suggests


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: Forrester named Orca a Strong Performer in The Forrester Wave for Cloud Native Application Protection Solutions, with top scores in six criteria including CSPM, CIEM, agentless cloud workload protection, IaC security, agentic AI and co-pilots, and third-party integrations. The signal is clear: CNAPP is now being judged on whether it can connect visibility, identity, and runtime action across cloud and AI workloads.

NHIMG editorial — based on content published by Orca Security: Forrester Wave Q1 2026 CNAPP evaluation results

Questions worth separating out

Q: How should security teams govern cloud entitlements when human, machine, and AI access overlap?

A: They should treat cloud entitlements as a shared governance layer, with clear ownership for each identity type and a revocation path that can act on excess privilege quickly.

Q: When do agentless cloud controls need to be supplemented with runtime sensors?

A: They need supplementation when the workload risk depends on process behavior, privilege escalation, or local policy enforcement that control-plane telemetry cannot see.

Q: What do security teams get wrong about AI features inside cloud security platforms?

A: They often assume AI features are only about better analytics, when the bigger issue is whether those features influence access, response, or automation decisions.

Practitioner guidance

  • Align CNAPP ownership with identity governance Assign clear ownership for cloud entitlements, workload identities, and AI-adjacent access paths so CIEM findings are reviewed by the team that can actually revoke or reshape privilege.
  • Verify where agentless visibility stops Test whether your current platform can see privilege escalation, process activity, and policy violations in the workloads that matter most, or whether you need complementary sensor coverage.
  • Map AI-assisted workflows to identity events Classify co-pilots, agentic components, and automation paths as identity-bearing execution so their actions can be logged, reviewed, and governed like other privileged actors.

What's in the full analysis

Orca Security's full report covers the operational detail this post intentionally leaves for the source:

  • Criterion-by-criterion scoring context across the 14-vendor evaluation
  • Specific observations on CSPM, CIEM, and agentless workload protection performance
  • Evidence quoted from Forrester on integrations, support response, and access graphs
  • Product-level descriptions of sensor behaviour and deployment trade-offs

👉 Read Orca Security’s analysis of the Q1 2026 CNAPP Wave →

CNAPP, CIEM and agentic AI: what Forrester’s wave suggests?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

CNAPP is being evaluated as an identity control plane, not just a detection stack. The Forrester criteria that matter here are CIEM, agentic AI visibility, cloud workload protection, and third-party integrations, which tells us the market is converging on relationships rather than isolated findings. Security teams do not only need to see what is wrong. They need to understand who or what can act, what it can touch, and how quickly that state changes. The practitioner conclusion is that cloud protection and identity governance are now converging into one operating model.

A few things that frame the scale:

  • Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems, according to The 2026 Infrastructure Identity Survey.
  • Only 44% of organisations have implemented any policies to manage their AI agents, even though 92% agree governing them is critical to enterprise security.

A question worth separating out:

Q: Should organisations re-evaluate CNAPP after major AI adoption in cloud environments?

A: Yes, because AI adoption increases the number of identities, integrations, and runtime decisions that CNAPP must interpret. That changes the evaluation from pure visibility to governance over action. Organisations should re-check whether their platform can connect entitlements, workloads, and AI-driven activity into one control story.

👉 Read our full editorial: Cloud-native application protection is shifting toward AI and access control



   
ReplyQuote
Share: