Forrester 2026 Report: AI Agents Top CISO Risk List — What It Means for NHI Security

Forrester’s 2026 Threat Intelligence Report has landed, and the headline finding is stark: AI agents now sit at the top of the CISO risk list, overtaking more traditional concerns like ransomware and supply chain attacks. For security leaders who have spent the past two years scrambling to get a handle on generative AI adoption, this report confirms what many have suspected — the next wave of threats isn’t coming from malicious outsiders exploiting AI, but from the autonomous agents organizations are willingly deploying inside their own environments.

The core problem is one that identity and access management practitioners will recognise immediately. AI agents are fundamentally non-human identities — they authenticate, they access resources, they make decisions, and they execute actions. But unlike service accounts or API keys, which are relatively static and predictable, AI agents exhibit emergent behaviour. They chain tools together, they learn from context, and they operate at machine speed. Traditional IAM was designed for humans who log in, do a few things, and log out. An AI agent might touch fifty different systems in the span of thirty seconds, each interaction requiring a different set of permissions.

This is where the NHI security gap becomes critical. Most organizations have no inventory of their non-human identities, let alone runtime visibility into what those identities are actually doing. Forrester’s report highlights that the attack surface created by ungoverned AI agents is qualitatively different from any previous technology adoption wave. When an overprivileged human account gets compromised, the blast radius is limited by human speed. When an overprivileged AI agent is compromised — or simply operates beyond its intended scope — the damage can compound exponentially before any human even notices.

The report makes three specific recommendations that align directly with the emerging NHI security discipline. First, organizations must establish dedicated machine identity governance, with lifecycle management that covers creation, rotation, and decommissioning of AI agent credentials. Second, runtime monitoring must become the default — static access reviews cannot keep pace with agents that dynamically acquire and exercise permissions. Third, the principle of least privilege must be enforced at the agent level, with just-in-time access provisioning that limits what any single agent can do, for how long, and under what conditions.