As enterprises look ahead to 2026, two new Forrester Budget Planning Guides: Budget Planning Guide 2026: Security And Risk and 2026 Budget Planning: Prepare For Even More Volatility, offer valuable insight into where security leaders are placing their bets. Amid macroeconomic uncertainty, increasing regulation, and the accelerated adoption of GenAI, one trend is clear: organizations are prioritizing investments that protect and govern AI systems at scale.
While expectations for budget increases are tempered by volatility, there’s growing consensus that security, particularly for AI, is non-negotiable.
Why AI Security Stands Out in Forrester’s Budget Planning Guides
Across both reports, Forrester emphasizes the need for AI and machine learning (ML) security that goes beyond standalone tools or traditional monitoring. As GenAI becomes embedded in productivity platforms, helpdesk tools, CRM systems, and custom enterprise applications, securing AI behavior (not just models) has become essential.
This aligns with what we’re seeing across our enterprise customers: the inference layer, where AI systems interact with real-world data and users, is emerging as the most critical control point. That’s where prompt injections, jailbreaks, and unauthorized data access happen, and where static guardrails fall short.
Security Innovation Recognized
Among the vendors mentioned in Forrester’s recent guidelines is CalypsoAI (now F5), cited for our role in addressing generative AI security use cases. We were also noted for our participation in the 2025 RSA Conference Innovation Sandbox, which, for us, is a signal of both our innovation and market momentum.
What sets us apart is our agent-driven approach to securing AI systems across the full lifecycle. Our red teaming capabilities use dynamic AI agents to continuously uncover vulnerabilities before attackers can exploit them. Combined with our security scores, which assess model-level risk pre-deployment, real-time threat prevention, and enterprise-wide visibility across solutions, this proactive approach gives organizations the confidence to scale GenAI securely.
Note: Forrester does not endorse any vendor, product, or service depicted in its research publications. Any reference to CalypsoAI (now F5) is descriptive of market trends or vendor activity and does not constitute endorsement.
Planning for a Volatile 2026? Think Proactive, Not Reactive
Within these Forrester guides, analysts encourage scenario planning across “baseline,” “boom,” and “bust” scenarios. In each of these, GenAI security plays a role:
- In baseline plans, security investments tied to regulatory, customer, and insurance obligations are protected.
- In boom plans, emerging technologies like agentic AI and automated compliance monitoring offer competitive advantage.
- In bust scenarios, consolidating tools and prioritizing AI governance can reduce costs and risk exposure.
Regardless of the scenario, security teams are being challenged to move faster, not just to respond to threats, but to anticipate them.
Final Thoughts
GenAI is fundamentally changing how enterprises operate. We believe these insights from the Forrester Budget Planning reports highlight the growing need for real-time, adaptive controls across the AI stack. For companies seeking to innovate without compromise, securing AI where it interacts with the real world is critical.
F5 is proud to help organizations move fast and stay secure with runtime AI Guardrails, AI Red Team, both of which include visibility and explainability.
About the Author
Related Blog Posts
Securing the public sector against Shadow AI with F5 BIG-IP SSL Orchestrator
Learn how state, local, and education organizations can enhance visibility and security in encrypted network traffic while addressing compliance and governance.
F5 secures today’s modern and AI applications
The F5 Application Delivery and Security Platform (ADSP) combines security with flexibility to deliver and protect any app and API and now any AI model or agent anywhere. F5 ADSP provides robust WAAP protection to defend against application-level threats, while F5 AI Guardrails secures AI interactions by enforcing controls against model and agent specific risks.
Govern your AI present and anticipate your AI future
Learn from our field CISO, Chuck Herrin, how to prepare for the new challenge of securing AI models and agents.
New 7.0 release of F5 Distributed Cloud Services accelerates F5 ADSP adoption
Our recent 7.0 release is both a major step and strategic milestone in our journey to deliver the connectivity, security, and observability fabric that our customers need.
Stay ahead of API security risks with our latest F5 Distributed Cloud Services release
This release brings exciting, new API discovery options, expanded testing scenarios, and enhanced detection capabilities—all geared toward reducing API security risks while improving overall visibility and compliance.
F5 provides enhanced protections against React vulnerabilities
Developers and organizations using React in their applications should immediately evaluate their systems as exploitation of this vulnerability could lead to compromise of affected systems.