Cloud security priorities are no longer confined to general infrastructure management. In the first quarter of 2026, the Sagetap community has launched over 170 cloud-relevant initiatives, signaling a major move toward specialized protection for AI-driven data pipelines and non-human identities.
Verified Sages are reporting a "visibility ceiling" with traditional tools on managed platforms like AWS SageMaker, Vertex AI, and Azure ML, and are actively seeking deeper context into how data moves through the automated cloud lifecycle.
Inside the Initiatives: How Sages Are Navigating Cloud Risk
We have highlighted four high-impact initiatives that define the current landscape. These projects, led by Sages at global enterprises, illustrate the shift toward complex, identity-centric protection.
Defending the Multi-Cloud Perimeter Against Federated Identity Abuse
A security leader at a global banking institution is leading an active initiative focused on detecting credential misuse and lateral movement across complex federated environments. By correlating identity and session signals from AWS, Azure, and GCP, the goal is to generate near-real-time, explainable verdicts for session hijacking — solving the critical visibility gap in distributed cloud ecosystems.
Use Cases
Artificial Intelligence (AI)
Cybersecurity
Cybersecurity Services
Security
This initiative aims to evaluate security platforms that move beyond reactive detection toward true attack prevention. We are specifically focused on solutions that reduce exploitable misconfigurations, excessive identity permissions, lateral movement paths, and privilege escalation risks across multi-cloud and hybrid environments. The platform must demonstrate the ability to prioritize risk using business and technical context rather than raw vulnerability volume.
In addition, we are assessing capabilities that address emerging AI-driven threats, including prompt injection, model abuse, data exfiltration through LLM workflows, and insider misuse amplified by AI tooling. The solution should provide proactive controls, automated remediation guidance, and measurable reduction of attack surface.
Integration is critical. The platform must align cleanly with existing IAM, SIEM, VM, CNAPP, and governance workflows without creating additional operational noise. We are looking for demonstrable prevention outcomes, reduced remediation backlog, and clear ownership mapping to accelerate time to fix.
Success criteria include improved remediation velocity, reduced high-risk exposure windows, and strengthened cloud security posture in a regulated enterprise environment.
Products Considering: Above Security, Amplifier Security, Archer Faris, Auditive, Clarity Security, Clover Security, Cogent Security, Conceal, Entro Security, Ghost Security, KnowBe4, LayerX Security, Mate Security, Mitratech's Enterprise Risk Management - Fully Integrated GRC Platform, Mitratech's Third-Party & Vendor Risk Management - AI-Powered Third-Party Vendor and Supplier Management, Rig Security, RunReveal, Secludy AI, Shift Security, SurePath AI, Token Security, Unit6, Vorlon, moonfort, watchTowr
Governing the New Workforce: SaaS Posture and AI Agents
A Sage at a major financial services firm has launched an active cloud security initiative to assess the posture of the enterprise SaaS ecosystem and identify high-risk connections from autonomous AI agents. By hardening cloud-native configurations and strictly limiting agentic permissions, the project aims to prevent unauthorized access and data leakage across distributed cloud environments.
Use Cases
Artificial Intelligence (AI)
SaaS Security
We have a project in plan for this fiscal year, with budget allocated, to evaluate solutions that will assess the security posture of SaaS applications, identify connected applications and AI agents, and help us to reduce risk through more secure configurations and by limiting the actions of connected applications and AI agents.
I am the executive sponsor of this project. The cost of the solution will be borne from my budget, and my team will conduct the evaluations.
Products Considering: Valo
Securing Data at Scale in Multi-Tenant AWS Environments
A senior practitioner at a large software company has moved into the Proof of Concept (POC) stage for an enterprise-grade Data Loss Prevention (DLP) solution. In a multi-tenant SaaS environment on AWS, the project involves scanning data flows for customer PII, payment card information, and contractual documents to ensure robust compliance with PCI-DSS and SOC 2.
Use Cases
Content Detection
Data Encryption
Data Loss Prevention (DLP)
GenAI DLP
We are planning to deploy an enterprise-grade Data Loss Prevention (DLP) solution to proactively identify, monitor, and prevent the unauthorized disclosure or exfiltration of sensitive data, including customer PII such as names, addresses, and financial details, payment card information, contractual documents, and operational records across endpoints, networks, cloud services, and email systems in a multi-tenant SaaS environment on AWS.
This initiative will strengthen data protection posture, ensuring robust compliance with PCI-DSS, SOC 2, GDPR/CCPA regulations, and addressing evolving privacy risks.
Products Considering: ORION Security (POC)
Bridging the Compliance Gap with Automated Cloud Governance
An infrastructure leader at a prominent insurance provider is currently in a POC to evaluate cloud management solutions that improve efficiency through automation while ensuring scalability and compliance. The target outcome is to establish a unified source of truth for global compliance across an international markets platform, streamlining the path to audit readiness.
Use Cases
Cloud Management
Automation
Compliance
Identify and evaluate cloud management and service solutions that improve efficiency, collaboration, and automation while ensuring scalability, security, and compliance.
Target outcome: select one or more providers for PoC/PoV within the international markets platform.
Products Considering: Shinobi Security (POC)
Top Cloud Security Vendors Sages Have Evaluated in Q1 2026
Based on the 170+ cloud-relevant initiatives launched since January 1, three vendors have seen the highest frequency of evaluation for their specialized capabilities.
Conceal's Browser-Native Security Service Edge (SSE) platform embeds security, identity, and policy enforcement directly into the browser experience. By moving protection to the user's point of interaction, the solution eliminates the latency and privacy risks associated with routing sensitive cloud traffic through traditional legacy proxies and tunnels.
What Sages evaluated it for: Identifying and managing enterprise-wide AI tool usage, setting data leakage guardrails for unmanaged LLMs, and providing a secure "browser-as-a-service" layer.
Akto's code-to-runtime API security platform enables organizations to discover all APIs, monitor security posture, and test for vulnerabilities. The platform utilizes its Atlas engine to provide lightweight endpoint enforcement and continuous automated red teaming to protect the complex execution layers of agentic AI workflows.
What Sages evaluated it for: Automated API discovery and security testing for cloud-hosted microservices, protecting the "AI digital stream," and securing internal LLM integrations.
Daylight's agentic services are designed to eliminate security blind spots by integrating seamlessly with an organization's stack to ensure coverage across cloud infrastructure. Unlike traditional MDRs, Daylight uses mission-aware agentic AI to automate Tier 1 triage and context-heavy investigations at a scale that elite human teams alone cannot match.
What Sages evaluated it for: Real-time security observability for cloud-native applications, automating incident response, and gaining visibility into anomalous behavior in containers.
Sages' Key Consideration Factors
When evaluating new cloud tools, Sages are prioritizing technical efficacy and platform integration over traditional vendor relationships.
- Features and Price as Deciding Factors: Across 2026 deal activity to date, Features and Price have emerged as the dominant selection criteria, listed in over 60% of tracked deals.
- Native Platform Deep-Dives: Sages are prioritizing vendors with native integration into existing stacks like Entra ID, CyberArk, and cloud hyperscaler APIs to reduce privilege drift and operational overhead.
- Non-Human Identity (NHI) Focus: A recurring theme in evaluations is the need for specialized governance over service accounts and AI agent identities that traditional tools cannot reach.
Bottom Line
The transition toward specialized cloud security is being documented in real-time by the Sage community. As demonstrated by the strategic overhaul of IAM in banking and the move toward multi-cloud federated abuse detection, the market is favoring solutions that can manage the unique risks of the modern, automated cloud lifecycle.
Want to see the specific requirements and evaluations for your peers' cloud security initiatives?
Explore Peer Security Initiatives on Sagetap
Get Started
.svg){kind=logo}
