Agentic AI in 2026: ROI, Responsibility, Sovereignty and Security According to Forrester

Forrester describes 2026 as a year of transition from the experimental adoption of artificial intelligence to a phase of industrialization, in which the priority shifts from identifying “use cases” to measuring economic value, reducing risk, and formalizing governance.

At the same time, geopolitical instability is redefining IT architecture as a strategic asset and introducing data sovereignty constraints characterized by functional and cost trade-offs. The evolution toward agent-based systems increases the scope of the impact of errors and misconfigurations, rendering mitigation measures based solely on human supervision insufficient.

In this article, we examine the operational implications for cybersecurity, compliance, and security risk management in agent-based contexts.

2026: The Year of AI Normalization

Over the past two years, enterprise adoption of AI has been driven by predominantly exploratory dynamics: proof of concept, distributed experiments, and strong market pressure that has amplified productivity expectations.

According to Forrester, 2026 marks a “normalization” of AI, understood as a shift from opportunistic initiatives to a governed portfolio of products and services, evaluated using economic metrics, risk controls, and defined accountability.

This paradigm shift is relevant to cybersecurity for a simple reason: AI not only introduces new capabilities but also reshapes attack surfaces, dependency chains, and error propagation patterns.

Three forces are interdependent:

1. the growing difficulty of demonstrating the economic return on AI investments
2. geopolitical pressure driving toward digital sovereignty goals
3. the acceleration toward agent-based architectures with direct impacts on compliance and security.

AI ROI: from expected value to demonstrable value

One of Forrester’s key predictions is the difficulty organizations face in demonstrating AI’s business value and the resulting tendency to reduce or more strictly select spending to minimize economic and operational risk. The point is not merely semantic: “value” does not equate to “adoption,” and adoption does not equate to “impact on the bottom line.”

On the operational level, there are three lines of action consistent with an “industrial” approach to AI: aligning AI with corporate strategy, selecting use cases with a high probability of value (specifically cited: Governance, Data Science, Tech Risk), and optimizing costs, given that AI involves recurring and non-negligible cost components. The practical consequence is that the sustainability of AI requires economic metrics and controls comparable to those adopted for core platforms.

From a cybersecurity perspective, this pressure on ROI produces a side effect that is often underestimated: when the budget shrinks, the incentive to “simplify” governance and controls increases, that is, to cut precisely the components that reduce risk. This is a structural mistake because AI systems, especially when integrated into operational processes, tend to amplify decisions and actions. In other words, the cost of lacking governance is not linear.

Process Intelligence as a Prerequisite for Reliable Automation

Among the findings, Forrester attributes to AI-enhanced Process Intelligence an enabling role in “rescuing” failing initiatives, with an indicative value of up to 30%. Beyond the percentage, the underlying logic is significant: before automating, it is necessary to make the actual process observable, including variations, exceptions, and bottlenecks. Automation applied to opaque processes tends to produce fragile systems that are difficult to audit and complex to secure.

For cybersecurity and compliance, the implication is twofold. First, traceability is not an ancillary requirement: it is a condition for controllability. Second, process intelligence provides operational data that can become documentary evidence, useful in both audits and incident response, as it reduces ambiguity regarding “who did what, when, and with what inputs.”

Geopolitical Volatility

Recently, there has been a reframing of IT architecture as a geopolitical asset, to be managed through continuous monitoring and an explicit risk-based approach. In this context, the concept of the “weaponization of IT” is invoked: technology, supply chains, and infrastructure dependencies can become levers of pressure, whether direct or indirect.

The most operational, and least comfortable, aspect concerns structural dependence on U.S. hyperscalers, explicitly named (AWS, Google, Microsoft), with the observation that it is unrealistic to “completely break away” from them. This introduces a trade-off: as sovereignty increases, functionality tends to decrease, or the overall cost of operation increases. This raises a technical and strategic question: what level of sovereignty is necessary to reduce risk to an acceptable level without compromising critical operational capabilities.

Data Sovereignty as Risk Management and MVS

A key conceptual shift is that sovereignty is not treated as mere compliance. There is no single law that absolutely mandates sovereignty, and the issue should be interpreted as a risk management approach.

Within this framework, Minimum Viable Sovereignty (MVS) is introduced, defined as a practical balance between data management, risk management, and an acceptable budget, with the goal of making at least one service compliant with minimum requirements “sovereign.” The concept’s utility lies in its graduated nature: it avoids the binary “sovereign vs. non-sovereign” dichotomy and instead requires classifying data and workloads based on sensitivity and exposure.

For cybersecurity, MVS can be interpreted as a risk segmentation strategy: not everything requires the same level of control, but what is critical must be isolable, governable, and demonstrable. In other words, sovereignty is not a flag. It is a measurable perimeter.

Agentic AI: Error Propagation and Limits

The topic of Agentic AI is increasingly associated with specific risk scenarios: errors by an agent that can cause significant compliance-related damage, with high propagation potential. Examples of failure modes such as misconfiguration and hallucinations are cited. The criticality lies not only in the error itself, but in its scale and speed.

In this context, the “human-in-the-loop” model is deemed useful but insufficient, and is described as a last resort: if AI scales rapidly, it is unrealistic to think of mitigating risk solely by “having people monitor everything.” The point is methodological: human supervision can reduce certain risks, but it does not replace preventive controls, enforceable policies, and audit trails.

To address security in agent-based contexts, a specific framework is invoked: AEGIS (Agentic AI Enterprise Guardrails for Information Security), with a reference to Zero Trust principles. In interpretive terms, the parallel is consistent: the agent is not inherently trustworthy, even when it appears “competent,” and trust must be replaced by continuous verification and privilege control.

Selective automation and new skills

Another significant impact concerns operational roles in software development, with particular reference to roles such as developers, quality analysts, and testers, who are most exposed to automation processes. At the same time, skills such as communication and negotiation maintain greater resilience, thanks to their relational and decision-making components, which are difficult for automated systems to replace. The transformation also requires a shift in mindset: it becomes necessary to “think in parallel” to manage multiple agents simultaneously, moving beyond the approach that views AI as a single, isolated tool.

In terms of security, this evolution has an immediate impact. The increase in the number of actions that can be performed by non-human systems makes controls over identity, authorizations, and the traceability of actions even more critical. As operational throughput grows, governance flaws become more costly and manifest more rapidly, amplifying the risk associated with errors, misconfigurations, and processes lacking adequate control mechanisms.

In conclusion

Forrester’s predictions converge on a central thesis: by 2026, AI can no longer be treated as an experiment. It must be treated as a decision-making and operational infrastructure, and therefore subject to economic metrics, risk management, and governance. From this perspective, ROI, sovereignty, and agentic AI are not separate issues, but components of a single problem: the controllability of systems that make decisions and take actions in complex environments.

For cybersecurity: AI is as much a risk multiplier as it is a capability multiplier. The difference does not lie in the technology itself. The difference lies in governance, understood as a verifiable set of responsibilities, controls, evidence, and operational limits. This is where competitive advantage is at stake.