AI agents raise cybersecurity stakes

May 19, 2026As enterprises embrace AI agents, the surface for potential cyberattacks is expanding. The chief information security officer’s mandate now goes beyond protecting technological infrastructure to ensuring that humans and agents operate safely, predictably, and within policy constraints, say McKinsey Partners Charlie Lewis, Jeffrey Caso, Marc Sorel, and coauthors. Cybersecurity budgets are projected to grow at a CAGR of around 2.5 percent over the next three years. Given the spread and autonomy of agentic AI systems, budgets will likely be reallocated toward platforms that can govern them, with the share spent on agentic solutions expected to more than triple to 15 percent. Spending will shift within existing cybersecurity categories, as identity, detection, and security operations evolve to govern machine activity.

Image description: A stacked bar chart shows the projected changes in enterprise cybersecurity budget allocation from 2026 to 2029. Spending on agentic technologies purpose-built to manage AI agents (highlighted in dark blue) increases across all domains, reaching up to ~15% of budgets. The largest shares concentrate in identity and access management, governance/risk/compliance, and data security/privacy, while smaller but growing allocations appear in cloud, application, security operations, and network security. End of image description.

To read the article, see “Securing the agentic enterprise: Opportunities for cybersecurity providers,” March 24, 2026.