Majority of security operations ‘will be run by AI agents’ within three years

Analysts at IDC have released the report 2026 FutureScape: Worldwide Security and Trust. The report contains predictions that are fundamentally set to reshape how businesses think about cybersecurity.

According to the report: “By 2028, AI agents will be triaging 80% of alerts in most security operations centers worldwide.”

AI is rapidly dominating cybersecurity protection by providing speed, scalability, and predictive capabilities. These enable organizations to detect, prevent, and respond to cyber threats more effectively when compared with traditional methods. This digital led, security transformation is highlighted in the report as something essential for keeping pace with modern, AI-powered cyberattacks. 

This may appear soon, but analysts warn this is just the beginning of what businesses should be forecasting. In terms of appropriate risks, these include:

• 80% of organizations will face phishing attacks using AI-generated synthetic identities by 2027.
• Security platforms will start putting dollar signs on threats – telling you exactly what a breach will cost in real-time.

The FutureScape report covers ten predictions made  across the dimensions of security and trust. In turn, these ways of thinking have had an impact on CISO’s who are staring to see the advantage in AI. These include:

1. By 2028, AI agents will be triaging 80% of SOC alerts in the majority of SOCs worldwide. 
2. By 2027, 1 out of 3  governments will require sovereign AI for sensitive sectors, pushing enterprises to use RAG architectures with in-country knowledge bases to meet privacy and residency rules.  
3. By 2028, 40% of enterprises will use autonomous agent-powered cyber risk quantification platforms to turn security metrics into financial exposure, guiding budgets, controls, and M&A risk assessments.  
4. By 2027, 60% of enterprises deploying agentic AI will require an AI Bill of Materials (BoM) to support continuous security vulnerability scanning, license risk management, and compliance assurance.  
5. By 2027, 80% of organizations will experience phishing attacks from criminals using synthetic identities, mixing real info and AI-generated data to create fabricated identities that appear legitimate. 
6. By 1H 2028, 30% of alerts generated in detection and response platforms will also include a monetary estimate of the damage a current threat may incur.  
7. 40% of G2000 will engage cybersecurity professional services firms to conduct quantum risk assessment by 2027 to get quantum-ready.  
8. By 2029, 70% of large enterprises will adopt Private Cloud Compute (PCC) to protect data privacy in cloud-based LLM systems, moving AI apps from “capability exploration” to “large-scale implementation.”
9. By 1H 2027, 85% of detection and response playbooks will be generated dynamically at the time that a SOC alert is generated. 
10. By 2027, 15% of enterprise PC users will have a deep fake detection application running locally on the host processor.  

These examples indicate that the cybersecurity market is set to benefit from two modes of growth: CISOs and cyber-risk professionals are embracing next-generation, AI-enabled security technologies.