Austin, Texas, USA, April 23, 2026
Organizations Grapple with a Broad Spectrum of Application Threats as Innovation Outpaces Traditional Security Frameworks
New research from Futurum Intelligence reveals that while artificial intelligence (AI) is a critical priority for modern enterprises, the challenges facing application security teams are increasingly diverse. Findings from the 2H 2025 Cybersecurity Decision Maker Survey indicate that security leaders are balancing the need to secure emerging AI workloads with long-standing requirements for API governance and the complexities of cloud-native environments.
The study highlights that API security and governance remain the most significant hurdles, followed closely by the management of risks associated with Generative AI and agentic flows. This suggests that as organizations decentralize their application architectures, the interfaces connecting them have become primary points of vulnerability.
Figure 1: Top 5 Key Challenges in Application Security
Beyond the AI Hype: The Breadth of Modern AppSec
The data underscores a strategic tension for security organizations. While the rapid adoption of AI and machine learning (ML) has introduced numerous complex threat vectors, such as data poisoning, manipulation of generative outputs, and significant concerns about agentic workloads, foundational issues, such as vulnerability prioritization at scale, continue to strain limited staff resources. Organizations are finding that traditional security tools often lack the visibility needed to effectively secure containerized applications and automated CI/CD pipelines.
Balancing Innovation with Operational Oversight
The focus on API governance reflects the growing complexity of the modern digital ecosystem. As the “feel” of security becomes an operational priority, leaders are moving toward architectures that offer better integration and transparency. The research indicates that for application security to be effective, it cannot exist in a silo; it must be seamlessly integrated into the development lifecycle without creating friction for engineering teams.
“These responses indicate the immense breadth of the challenge facing organizations today, extending well above and beyond the immediate concerns of AI,” stated Fernando Montenegro, Vice President and Practice Lead at Futurum. “While we may legitimately look to AI to help automate defenses and prioritize vulnerabilities, security leaders shouldn’t lose sight of the big picture. Effective application security requires a holistic approach that addresses the entire lifecycle, from the APIs that connect our services to the automated pipelines that deploy them.”
About Futurum Intelligence for Market Leaders
Futurum Intelligence’s Cybersecurity and Resilience IQ service provides actionable insight from analysts, reports, and interactive visualization datasets, helping leaders drive their organizations through transformation and business growth. Subscribers can log into the platform at https://app.futurumgroup.com/, and non-subscribers can find additional information at Futurum Intelligence.
Follow news and updates from Futurum on X and LinkedIn using #Futurum. Visit the Futurum Newsroom for more information and insights.
Other Insights from Futurum:
Anthropic Glasswing: AI Vulnerability Detection Has Crossed a Threshold
RSAC 2026: The AI ‘Tragedy of the Commons’ and the Future of Agentic Security
Futurum Research Finds Threats and Skills Shortages Dominate SOC Challenges
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
