Posted on by

Use of GenAI security solutions has spiked, continued uptake projected

Source: nattapon98/Technology/Adobe Stock.

A recent survey conducted by S&P Global Market Intelligence 451 Research captures enterprise security strategy regarding which information security technologies are in use at what level, which technologies are in teams’ implementation plans and planned spending intention across those technologies. The technologies included represent a list of long-established product areas and emerging security technologies under coverage.

The Take

A benefit of conducting our Technology Road Map study each year is the ability to see which information security technology implementation plans come to fruition, since many factors can interrupt or delay start-of-year project plans, including newly identified pressing priorities. One technology for which plans to implement converted to usage jumps out in our 2025 study: security for generative AI. This broad category covers various security vendors’ products that approach securing generative AI use and platforms through various means, including AI application assessment, assistance in model selection, monitoring, guardrails, usage controls, policy assistance or runtime protections. This growth is pinned mainly to the general increase in use of GenAI, and the space is concerned with protecting or mitigating unique threats to AI solutions, such as model poisoning, prompt injection, jailbreaking and related unintended model outcomes.

In 2024, 15% of security professionals responding to this survey noted they had GenAI security solutions in place, with another 23% conducting pilots or proof-of-concept exercises. In 2025, 30% of survey-takers note having GenAI solutions in place. That comes in slightly lower than projected, but represents a serious growth rate for these technologies in surveyed enterprises. This attention on securing GenAI is also reflected in the M&A for the companies in this space, with Robust Intelligence being picked up by Cisco and Palo Alto Networks announcing its intention to acquire Protect AI, as well as Snyk’s recently announced pick up of Invariant Labs to secure agentic AI.

Summary of findings

In addition to security for GenAI, many other information security technologies appear to be in plan for a significant percentage of enterprise security professionals’ 2025 strategies across several security product categories. For data security, this includes data access governance in pilot at 23% of enterprises, as well as sensitive data discovery and classification in pilot at 24% (see Figure 1). In the identity category, privileged access management (20% of survey respondents in active pilot stage) and identity governance and administration (18%) are significantly in plan. With cloud security a top pain point, cloud-native security, represented by both cloud-native application protection platforms (20% in pilot) and container security (20%), offers mitigating controls and observability that enterprises are implementing. Finally, software supply chain security, including securing open-source components, is an application security solution in pilot at 25% of surveyed enterprises.

The most implemented information security technologies generally represent long-term investments enterprises have made that remain relevant to specific use cases. These include firewalls (in use for 83%), email security (74%), endpoint security (65%) and the steadily growing category of multi-factor authentication at 62%. The death of SIEM seems to be a premature prediction made by some, as 67% of respondents report having one in use, and with 10% piloting products, continued growth is expected. The space is evolving amid diverse data sources, analysis techniques including machine learning, and increasingly sophisticated threat detection and response methods.

Among implemented information security technologies capturing significant spending increases, extended detection and response, a notable solution to addressing ransomware, leads as 40% are significantly increasing spending in 2025. Application security technologies round out the top three: 39% of those who have implemented API security are planning significant spending increases, and 36% of those who have implemented application security posture management, a method for coordinating disparate application security testing, are doing the same.

The Security Talent Gap is More Complicated Than You Think

Read Report

Want insights on AI trends delivered to your inbox? Join the 451 Alliance.

Published by Daniel Kennedy

Daniel Kennedy is the Principal Research Analyst for Information Security for quantitative research at 451 Research, a part of S&P Global Market Intelligence. He is responsible for managing all phases of the research process. Dan is an experienced information security professional who has written for both Forbes online and Ziff Davis, has provided commentary to numerous news outlets including The New York Times and The Wall Street Journal, and his personal blog Praetorian Prefect was recognized as one of the top five technical blogs in information security by the RSA 2010 Conference. Prior to 451 he was a Partner in the information security consultancy Praetorian Security, LLC where he directed strategy on risk assessment and security certification. Before that he was Global Head of Information Security for D.B. Zwirn & Co. as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York. Daniel holds a Master's of Science degree in Information Systems from Stevens Institute of Technology, a Master's of Science in Information Assurance from Norwich University, and a Bachelor's of Science in Information Management and Technology from Syracuse University. He has gained certification as a CEH (Certified Ethical Hacker) from the EC-Council, a CISSP, and has a NASD Series 7 license.