Rising in Cyber 2026: what it means for IAM and AI security

TL;DR: Rising in Cyber 2026, selected by 150 CISOs and senior security executives and backed by more than $6.9 billion in combined fundraising, highlights how AI agents, identity and access management, and application defence are converging in enterprise security, according to Orca Security and Notable Capital. The signal is that identity governance is no longer a narrow IAM issue; it is becoming central to cloud, AI, and operational risk decisions.

NHIMG editorial — based on content published by Orca Security: Orca Security named to Rising in Cyber 2026 for the third consecutive year

By the numbers:

• The 2026 honorees were named alongside the release of the Rising in Cyber 2026 Report, produced in collaboration with Morgan Stanley.
• The 30 private cybersecurity companies recognized in Rising in Cyber 2026 collectively raised over $6.9 billion, according to PitchBook.
• The list is selected through voting by 150 active CISOs and senior security executives.

Questions worth separating out

Q: How should security teams respond to the convergence of AI security and IAM?

A: They should treat AI security, cloud security, and IAM as one governance problem when identities can reach the same workloads.

Q: Why does agentless cloud visibility not fully solve identity governance?

A: Because visibility shows what exists, not who is accountable for it or whether the access should still exist.

Q: What do security teams get wrong about AI-powered security agents?

A: They often assume that security tooling inside the control plane is automatically safe because it is defensive.

Practitioner guidance

• Map shared identity paths across cloud and AI tooling Inventory where human admins, service accounts, AI features, and security agents touch the same cloud resources.
• Tie AI security controls to entitlement ownership For every AI-enabled workflow, assign a human owner for the underlying access, the expected action scope, and the review cadence.
• Use market signals to re-sequence IAM priorities If your programme still treats IAM, cloud security, and AI governance as separate roadmaps, collapse the planning view into one cross-functional backlog.

What's in the full analysis

Orca Security's full announcement covers the operational detail this post intentionally leaves for the source:

• The specific Rising in Cyber methodology, including how the 150 CISO and senior security executive votes were collected.
• The report's market mapping across AI agents, identity and access management, security operations, and application defence.
• The AI-powered cloud security capabilities Orca cites, including real-time AI activity detection and enhanced runtime protection.
• The partnership context with AWS, Oracle, and Zscaler that the announcement says supports cloud and AI scaling.

👉 Read Orca Security's analysis of Rising in Cyber 2026 and AI security →

Rising in Cyber 2026: what it means for IAM and AI security?

Explore further

View Full Forum →  |  NHI Foundation Course →