Jul 09, 2026 Blog

AI Cybersecurity Hits $292.53B by 2035. Identity, Not Malware Detection, Decides Who Wins

AI Cybersecurity Hits $292.53B by 2035. Identity, Not Malware Detection, Decides Who Wins

CyberArk Went to Palo Alto Networks Because Malware Was Never the Real Problem


Palo Alto Networks completed its USD 21.1 billion acquisition of identity security specialist CyberArk on February 11, 2026, folding privileged access management into a network security business built to catch malware. The logic has nothing to do with catching malware. Palo Alto's own 2026 forecast puts autonomous AI agents at 82 machine identities for every human employee, and most access control infrastructure built over the last two decades was never designed to authenticate a system that decides things on its own.


Nineteen days earlier, the same company closed a separate acquisition of Chronosphere to gain visibility into the data volumes AI systems consume. Two deals, one thesis: the market this report covers isn't being built around better malware detection. It is being built around who controls a workforce that was never human to begin with.


Kaiso Research's primary dataset frames the global AI cybersecurity market at USD 25.35 billion in 2024, expanding to USD 292.53 billion by 2035 at a 24.9% CAGR. That growth rate is not a story about smarter spam filters. It is a story about who controls the identity layer of an enterprise that increasingly runs itself.


Kaiso Research Puts 2024 Value at $25.35 Billion. The 24.9% CAGR Prices In a War, Not a Feature Cycle


Kaiso Research's primary dataset puts the market's 2024 base at USD 25.35 billion, climbing to USD 292.53 billion across the 2025 to 2035 forecast window. A 24.9% compound annual growth rate over an eleven-year horizon does not happen because enterprises want better spam filters. It happens because three preconditions converged: AI-enabled malware forced a shift from reactive to proactive defense, cloud and IoT adoption expanded the attack surface faster than security headcount could cover it, and regulatory pressure from GDPR, CCPA, and the EU's NIS2 directive turned AI-enabled compliance monitoring into a budget line instead of a pilot project.


Kaiso's segmentation splits the market by type into network security and endpoint security, with network security the larger of the two, and by technology into machine learning and natural language processing, with machine learning the dominant technique behind most deployed capability. Regionally, North America leads on vendor base and government mandates, and Asia-Pacific is the fastest-growing region as China, India, and Japan combine rapid digitalization with a rising volume of targeted threats. Gartner's own AI spending forecast, published May 19, 2026, puts total worldwide AI outlay at USD 2.59 trillion in 2026, a 47% jump year over year.


None of this is evenly distributed. A bank in Frankfurt buying AI-enabled fraud detection to satisfy a NIS2 auditor is answering a different question than a Series C startup building autonomous penetration testing.


Microsoft, CrowdStrike, and Palo Alto Networks Are Racing to Own the Agentic SOC, Not the Antivirus Market


Every major vendor in Kaiso's competitive set spent the first half of 2026 shipping the same underlying bet: that the security operations center becomes an agentic system, not a dashboard a human analyst refreshes every four minutes. Microsoft brought Agent 365 to general availability on May 1, 2026, bundled inside Microsoft 365 E7: The Frontier Suite, giving security teams a control plane that can discover shadow AI agents, including unsanctioned tools running on managed Windows endpoints. Microsoft paired that release with more than fifteen new Security Copilot partner agents unveiled at RSAC 2026, aimed at phishing triage and identity correlation, the exact workflows that used to define a junior analyst's shift.


CrowdStrike answered at RSA Conference 2026 with the Charlotte AI AgentWorks Ecosystem, a no-code platform for building security agents launched March 25, 2026 in collaboration with Accenture, AWS, Anthropic, Deloitte, Kroll, NVIDIA, OpenAI, Salesforce, and Telefonica Tech. The company backed that platform push with balance sheet growth: CrowdStrike's fiscal 2027 first quarter results, reported June 3, 2026, showed ending ARR of USD 5.51 billion, up 24% year over year, with AI Detection and Response ARR alone growing more than 250% sequentially. IBM extended its own Autonomous Threat Operations Machine into a joint integration with Charlotte AI, and Intel signed on for an endpoint-layer collaboration, both announced the same quarter.


Fortinet, Cisco, and Check Point occupy a different tier of this race. All three remain named leaders in Kaiso's competitive set, and all three are embedding machine learning-driven detection into existing network security appliances rather than building standalone agent platforms, a strategy that protects installed base revenue but concedes the agentic SOC narrative to Microsoft, CrowdStrike, and Palo Alto Networks. FireEye, also named in Kaiso's competitive set, exists today only as a legacy brand: the company split in 2021 and 2022, with its product business becoming Trellix and its threat intelligence arm, Mandiant, acquired by Google, a reminder that a market player list needs a current ownership check before a buyer treats it as a live shortlist.


Sophos, the tenth name on Kaiso's list, now shares a parent company with Darktrace. Thoma Bravo owns both, a detail the competitive landscape section below treats as more than a footnote.


IBM's Ponemon Data Shows Shadow AI Adds $670,000 to Every Breach. That Number Is Recruiting CISO Budget


IBM's 2025 Cost of a Data Breach Report, produced with the Ponemon Institute, found that the global average cost of a breach fell to USD 4.44 million in 2025, down 9% from the year before, and credited faster AI-powered detection and containment for the decline. That is the optimistic half of the finding. The other half is not. The same study found that 97% of organizations that suffered an AI-related security incident had no proper AI access controls in place, and that breaches involving shadow AI, meaning AI tools employees use without sanction, added an average USD 670,000 on top of the 2025 breach cost figures above and now factor into one breach in five.


That gap between AI as defense and AI as unmanaged liability is the first structural driver behind Kaiso's 24.9% CAGR. Detection tools are the smaller part of what enterprises are actually purchasing; the larger part is governance for a technology stack most of them cannot fully inventory. The second driver is regulatory. GDPR, CCPA, and the EU's NIS2 directive already require the kind of continuous monitoring that only AI-scale tooling can deliver at enterprise volume, and each new jurisdiction that adopts a NIS2-style standard adds another mandatory buyer to the market rather than an optional one.


The third driver is the security skills shortage, which has not eased enough for staffing to substitute for automation. The fourth is technical convergence: AI security platforms increasingly interoperate with blockchain-based integrity checks, edge computing deployments, and early quantum-resilient cryptography, three technology waves that used to be separate procurement decisions and are now converging into a single security stack. Each driver alone would support solid growth. Together, they explain why the CAGR sits closer to 25% than to the single digits a mature security category would otherwise post.


AI-Generated Deepfakes Now Touch Business Email Compromise, and the FBI Has the Losses to Prove It


The most consequential trend of 2026 is not a new product category. It is that the attackers named in Kaiso's own threat landscape are using the identical AI capability the defenders are selling. The FBI's Internet Crime Complaint Center attributed USD 2.77 billion in losses across 21,442 incidents to AI-powered business email compromise in 2024 alone, and security vendor Hoxhunt's own 2026 phishing trends data recorded AI-generated content jumping from under 5% to 56% of detected phishing attempts within a single month at the end of 2025.


Voice cloning has become the cheapest entry point into that trend. A convincing clone now requires as little as three seconds of publicly available audio, the kind every executive generates on an earnings call or a conference panel, and commodity cloning tools circulate for under twenty dollars. Gartner's prediction that 30% of enterprises will stop trusting standalone identity verification by 2026 is not a hedge. It's an acknowledgment that caller ID, callback numbers, and video confirmation have each been defeated in documented cases already.


A second, quieter trend sits underneath the fraud headlines: agentic AI inside the SOC itself is compressing response time in ways that change staffing math. One enterprise customer cited in CrowdStrike's own published case studies reported cutting mean time to respond threefold after adopting agentic detection triage, and Microsoft built its Security Copilot phishing triage agent for the identical purpose. The uncomfortable read is that AI-powered fraud and AI-powered defense are scaling at the same underlying rate, because both draw on the same generation of models.


Charlotte AI, Security Copilot, and Precision AI Are Betting on Three Different Architectures for the Same Job


Kaiso's technology segmentation splits the market into machine learning and natural language processing, and the vendor roadmaps published in 2026 show both techniques converging inside a single architectural layer: the autonomous agent. CrowdStrike's Charlotte AI runs on what the company calls its Agentic Security Workforce, a library of purpose-built agents trained on real analyst decisions from Falcon Complete engagements, orchestrated through Charlotte Agentic SOAR and certified to ISO 42001 for AI governance. Microsoft's competing bet is Agent 365, a control plane that treats every AI agent, whether built on Copilot Studio or running locally as a standalone tool, as an identity that needs discovery, governance, and network-level policy enforcement.


Palo Alto Networks took a third path with Precision AI, which fuses machine learning, deep learning, and generative AI across its Cloud-Delivered Security Services rather than shipping agents as a separate product line. The architectural bet matters because it determines who owns the integration point.


A platform that governs agents as identities, Microsoft's approach, competes on breadth across an existing directory. A platform that deploys agents as workers, CrowdStrike's approach, competes on the quality of the underlying analyst training data. Neither has won that argument yet, and Kaiso's forecast horizon runs long enough that the winning architecture may not be one of the three built so far.


Thoma Bravo Now Owns Both Darktrace and Sophos. That Is Not a Coincidence, It Is a Strategy


Two names on Kaiso's own list of key market players, Darktrace and Sophos, now report to the same private equity owner. Thoma Bravo completed its USD 5.3 billion acquisition of Darktrace on October 1, 2024, delisting it from the London Stock Exchange, and the firm already owned Sophos along with Proofpoint, Ping Identity, and Venafi. That gives one financial sponsor a direct stake in how at least two of Kaiso's ten named competitors price, integrate, and eventually exit, a level of consolidation a market share table alone will not show.


Against that backdrop, Microsoft, CrowdStrike, and Palo Alto Networks are the three vendors actually setting the pace on agentic capability, and the gap between them and the rest of Kaiso's named field is widening, not narrowing. Cisco, Fortinet, and Check Point still carry real installed bases and won't disappear, but none has announced an agent orchestration platform to match Charlotte AI or Agent 365. This market consolidates around three or four platform vendors by the early 2030s. The point-solution vendors on Kaiso's list survive this decade as acquisition targets, not as independent platforms, and CISOs building a five-year vendor roadmap today should assume at least one current supplier gets absorbed before the contract renews twice.


CrowdStrike Paid $740 Million for SGNL. Identity Is Where the Acquisition Money Is Actually Going


The clearest signal in 2026 deal flow is not the total dollar figure. It is where the dollars concentrate. CrowdStrike's largest acquisition of the first quarter of 2026 was identity access management startup SGNL, reported at USD 740 million, and Palo Alto Networks answered with its own USD 400 million purchase of agentic endpoint security provider Koi during the same quarter. Both deals sit inside a Crunchbase-tracked quarter that saw AI capture 80% of all global startup funding, with cybersecurity-specific rounds holding at roughly 200 deals and thirteen of them clearing USD 100 million.


Venture money is chasing the same thesis at earlier stages. XBow, an autonomous security testing startup that Kaiso's own report separately flags as a HackerOne leaderboard leader, raised a USD 120 million Series C in March 2026 that valued the two-year-old company above USD 1 billion, and identity-focused Oasis Security closed a USD 120 million round of its own the same month. The pattern across every deal size is identical: capital is following identity and agent governance, not general-purpose threat detection, because that is where buyers say the actual gap sits.


The EU Just Moved Its AI Act Deadline to December 2027. Article 50 Still Lands in August 2026


The single biggest regulatory shift of the past two months is dated and specific. The Council of the European Union gave final approval to the Digital Omnibus on AI on June 29, 2026, following the European Parliament's June 16, 2026 vote, deferring the compliance deadline for standalone high-risk AI systems under Annex III from August 2, 2026 to December 2, 2027. That sixteen-month extension applies to systems used in credit scoring, biometric identification, and critical infrastructure, precisely the categories where AI-enabled cybersecurity tools most often sit.


Article 50's transparency obligations were not part of that deferral and remain enforceable from August 2, 2026, meaning any AI security tool that generates or labels synthetic content still faces a live compliance date this year regardless of the Annex III extension. Kaiso's own market data already counts GDPR, CCPA, and NIS2 as demand drivers, and the AI Act now joins that list on a bifurcated timeline most vendor compliance roadmaps have not caught up to yet. A vendor selling into the EU in the second half of 2026 needs two separate compliance stories, not one.


CISOs Buying Point Solutions in 2026 Are Buying Products the Platform Vendors Will Absorb by 2028


Two executive audiences need different action from this data. CISOs and security leaders evaluating vendors in 2026 should weight platform breadth over point-solution accuracy, because Kaiso's own competitive set already shows Microsoft, CrowdStrike, and Palo Alto Networks absorbing adjacent categories, identity, observability, endpoint, through acquisition faster than standalone vendors can build equivalent depth organically. A security leader signing a three-year contract with a point solution in 2026 should assume that vendor is either acquired or out-competed on integration before the contract's second renewal.


Investors and corporate development teams should read the CyberArk, Chronosphere, Koi, and SGNL acquisitions as a single pattern rather than four unrelated deals: platform vendors are buying identity and observability capability at a pace that will compress the number of credible independent targets within two to three years. The AI Act's December 2027 deadline gives both audiences a genuine planning window rather than a false one, since Article 50 obligations still land in 2026 regardless of the broader extension. Boards asking their security teams for a 2027 budget number should ask which acquisitions their current vendor stack is likely to make, not just which features it plans to ship.


Three Risks the 24.9% CAGR Does Not Price In


The first risk is governance debt. IBM's own data shows 63% of organizations that suffered a breach had no AI governance policy in place, or were still building one, meaning a meaningful share of demand behind this market is retrofitting oversight onto systems already in production rather than building it in from the start. The second risk is evasion. Kaiso's report itself flags that attack methods are evolving specifically to defeat AI-based detection, meaning every model a vendor ships becomes training data for the adversarial techniques built to beat the next version.


The third risk is concentration. With Thoma Bravo holding both Darktrace and Sophos, and Microsoft, CrowdStrike, and Palo Alto Networks pulling away from Cisco, Fortinet, and Check Point on agentic capability, buyers are converging on a small number of platforms at exactly the moment those platforms are least tested against agent-native attack patterns. None of these risks is hypothetical, and none of them shows up in a headline CAGR.


By 2035, the $292.53 Billion Question Is Not Whether AI Defends Networks, It Is Who Owns the Identity Layer


Kaiso's forecast carries the market from USD 25.35 billion in 2024 to USD 292.53 billion by 2035, and every driver in this report points toward the same endpoint: the vendors that win are the ones that successfully claim ownership of machine identity, not the ones with the best malware signature database. Predictive threat intelligence, autonomous SOC operations, and quantum-ready cryptography all show up in Kaiso's own opportunity assessment, and each depends on the same underlying prerequisite: a verified, governed identity for every human, machine, and agent transacting on a Microsoft, CrowdStrike, or Palo Alto Networks-anchored network. The next five years decide which of those vendors, or which challenger, gets to define that layer, and the next eleven decide who profits from having done it first.


The Vendors Selling Detection Speed Are Selling Yesterday's Problem


Kaiso Research's primary dataset puts this market at USD 292.53 billion by 2035, growing from USD 25.35 billion in 2024 at a 24.9% CAGR, and nearly every acquisition, product launch, and regulatory deadline covered in this report points at the same underlying target: identity, not detection speed, is where the money and the risk both concentrate now. Palo Alto Networks bought CyberArk for that reason. CrowdStrike bought SGNL for that reason. Thoma Bravo is consolidating Darktrace and Sophos under one ownership structure for reasons that will look identical in hindsight.


The vendors still marketing themselves primarily on detection speed are answering a question this market stopped asking around the time autonomous agents started outnumbering the humans they were hired to protect. Buyers who keep scoring AI cybersecurity purchases on that old rubric will keep buying yesterday's product at this year's price.


---

About Kaiso Research and Consulting

Kaiso Research and Consulting is a global market intelligence firm publishing 5,000+ research reports across 11+ industry verticals.

[email protected] | +1 872 219 0417

Isha Paliwal, Lead Industry Analyst, Kaiso Research and Consulting | Covering artificial intelligence and cybersecurity markets across North America, Europe, Asia-Pacific, and LAMEA

Published: 2026-07-08 | Report Code: IMII109

Market Study: Access the full index or request a complimentary sample directly via the Global Artificial Intelligence (AI) in Cybersecurity Market page

Similar Reports

  • Global Underwater Concrete Market Size, Trend & Opportunity Analysis Report...
  • Global Long Duration Energy Storage Market Size, Trend & Opportunity Analys...
  • Autonomous Defence Systems Market Size, Trend & Opportunity Analysis Report...
  • Global Patient Data Hub Solutions Market Size Trend & Opportunity Analysis ...
  • Global Premium Messaging Market Size, Trend & Opportunity Analysis Report, ...
  • Global AI in Tourism Market Size, Trend & Opportunity Analysis Report, by O...

Similar Blogs

  • AI Inference Hardware Is Not a GPU Market Anymore
  • Renewable Energy Market Hits $6.55T by 2035 as the US Cedes Share to Asia
  • Agentic AI Market Hits $234B by 2035. Governance Decides Who Captures It
  • Autonomous Workflow Adoption Is Accelerating. Governance Architecture Isn't
  • AI for Drug Development Has a Proof Problem. Rentosertib Just Solved It
  • Construction Growth and Energy Efficiency Mandates Are Driving Hot Water Circulator Pump Demand

Similar Newsletter

  • Global Crisis Deepens: Southern China Battles Monsoon Flooding, Disease and Infrastructure Collapse
  • Eighty Years After Atomic bombings of Hiroshima and Nagasaki: Remembering t...
  • Global Eyes on the Skies: How Satellite Intelligence Is Transforming Global Monitoring
  • Humanoid Robots Perform Live Surgery: What the UC San Diego Nature Study Me...
  • World Bank Cuts Global Growth Forecast for 2025 to 2.3%: Trade, Debt, and Divergence Shape Outlook
  • AI's Power Hunger Is Now a Grid Problem

Latest Blogs

Article image

2026-07-08T18:30:00.000Z

AI Cybersecurity Hits $292.53B by 2035. Identity, Not Malware Detection, Decides Who Wins

Article image

2026-07-07T18:30:00.000Z

Renewable Energy Market Hits $6.55T by 2035 as the US Cedes Share to Asia

Article image

2026-07-02T18:30:00.000Z

Semiconductor Manufacturing at $1.86T by 2035: Packaging Decides Winners

Kaiso Logo
Location IconOffice 205 N Michigan Ave, Chicago, Illinois 60601, USA
YouTubeInstagramLinkedIn

We Accept

Payment MethodPayment MethodPayment MethodPayment MethodPayment MethodPayment Method

About

  • About us
  • What We Believe
  • Our Mission
  • Blogs & News

Company

  • Privacy Policy
  • Terms & Conditions
  • GDPR Policy
  • Disclaimer
  • Return & Refund Policy
  • Delivery Formats
  • Cookie Policy

Contact Us

  • Request for Consultation
  • Contact Us
  • Career
  • How to Order
  • Become a Reseller
  • FAQs

Contact Detail

Phone icon+1 872 219 0417
Phone icon+91 91835 80078
Email icon[email protected]

Keep in touch

Sign up for emails

Services

    Syndicate Reports
    Custom Report Solutions
    Full Time Engagement Models (FTE)
    Strategic Growth Solutions
    Consulting Services

Industries

    Popular Reports

      Healthcare IT
      Consumer Electronics
      Renewable and Specialty Chemicals
      Engineering, Equipment and Machinery
      Nutraceuticals and Wellness Foods
      Green, Alternative, and Renewable Energy

      Semiconductors
      Electric and Hybrid Vehicles
      Enterprise and Consumer IT Solutions
      Commercial Aviation
      Financial Services

    © 2025 Kaiso Research and Consulting. All Rights Reserved.

    ISO 9001 : 2015

    Privacy PolicyTerms & ConditionsHow to OrderSiteMap
    +1 872 219 0417+91 91835 80078
    [email protected]
    KAISO Logo
    Services
    Dropdown
    Industries
    Dropdown
    Report StoreConsulting Services
    Dropdown
    Blogs & NewsAbout Us
    Dropdown
    Logo
    Search
    Services►
    Industries►
    Report Store
    Consulting Services►
    Blogs & News
    About Us►