Sysdig named a Leader in CNAPP as runtime redefines cloud security in 2026. Committed to real-time, AI-powered cloud defense, Sysdig is recognized as a Leader in CNAPP by an industry-leading analyst firm SAN FRANCISCO-(BUSINESS WIRE)-Sysdig today announced that it has been named a Leader in "The Forrester Wave(TM): Cloud Native Application Protection Solutions, Q1 2026" report, earning the distinction alongside just two other companies. Out of 14 vendors evaluated, Sysdig was also one of only three cloud security providers rated above average for customer feedback, which Sysdig sees as a reflection of strong customer trust as organizations continue to realize increasing value from Sysdig's runtime-powered platform. The Forrester report recognized that, "Sysdig's formidable vision focuses on articulating and tracking business outcomes (application risk management) from code to cloud. The vendor's roadmap includes connecting posture with vulnerability and runtime telemetry, role-specific workflows for admins and incident responders, and a semantic attack graph. Pricing flexibility and community strategies are also strengths..." To stay ahead of modern threats, organizations need unified, real-time security. Unlike posture-first and point solutions, the Sysdig cloud-native application protection platform (CNAPP) was born in runtime and built on the deepest telemetry in the cloud. This empowers security teams to make the most informed decisions and take the most precise actions to reduce risk. "We built Sysdig with the steadfast belief that runtime would decide the future of cloud security," said Loris Degioanni, Founder and CTO of Sysdig. "In an AI-driven world where attacks can unfold in 10 minutes, understanding what's running and acting with precision is the only way to defend the cloud. For us, Forrester's recognition confirms what our customers already know: runtime wins." You can't defend what you don't understand Early cloud security focused on posture, compliance, and static indicators of risk. That approach is no longer sufficient. Cloud environments are growing faster and more dynamic, fueled by the rapid rise of AI adoption and agentic coding. Kubernetes now runs 82% of AI workloads, up from 54% just two years ago, according to the Cloud Native Computing Foundation. As attack surfaces expand and AI-assisted threats accelerate the pace of exploitation, cloud-native security demands real-time understanding and action. Sysdig sees the Forrester evaluation's results as reinforcement of its long-held conviction that runtime insights are the foundation of effective cloud defense, enabling teams to cut through alert noise, understand true risk, and act with confidence across the application lifecycle. "The industry used to say, 'You can't protect what you can't see.' But just seeing is no longer enough," said Enrique Salem, Chairman at Sysdig. "In a threat landscape increasingly driven by AI, you can't defend what you don't understand. Security that can't take action in real time has become irrelevant." As a trailblazer in real-time, AI-powered cloud defense, Sysdig delivers a complete CNAPP built on the truth of runtime. Sysdig Sage(TM), the industry's first agentic AI cloud security analyst, leverages Sysdig's deep runtime telemetry to help teams focus on the risks that matter most, accelerate threat investigations, and take precise action across complex multi-cloud environments. To date, Sysdig Sage has helped users reduce mean time to respond by 76%, shrink exposure to critical vulnerabilities from days to minutes, and reclaim more than 80 hours per week previously lost to manual triage. Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester's objectivity here. About Sysdig Sysdig delivers cloud security the right way with open innovation, agentic AI, and the uncompromising truth of runtime. In a world of black boxes and blind spots, Sysdig helps security and development teams prevent, detect, and respond to threats in the moment. AI is only as powerful as the signals it receives, and Sysdig Sage(TM)- the first agentic AI analyst for cloud security - is fueled by the deepest runtime intelligence in the industry. It doesn't just observe. It reasons and acts with the context, speed, and precision that modern teams need to build and defend innovation in real time. Founded by the creators of Falco and Wireshark, Sysdig is trusted by more than 60% of the Fortune 500 and is built for those who refuse to compromise on security.

Its customers have spoken: Sysdig rated a Strong Performer in gartner(r) Voice of the Customer for Cloud-Native Application Protection Platforms. Since Gartner coined the term cloud-native application protection platform (CNAPP) in 2021, both the demand and supply of CNAPP solutions have continued to grow. After all, traditional tools can't offer the visibility and security needed in its brave new world of microservices, containers, Kubernetes, and multicloud architectures. A CNAPP is an integrated cloud security solution that helps organizations secure applications and infrastructure across the entire application lifecycle. It combines the functions of cloud security posture management (CSPM), cloud workload protection (CWP), cloud infrastructure entitlement management (CIEM), and more into a single, unified platform. To help security teams choose from the ever-growing array of CNAPP vendors, Gartner releases their Voice of the Customer for Cloud-Native Application Protection Platforms report. "Voice of the Customer" is a document that synthesizes Gartner Peer Insights reviews into insights for buyers of technology and services. This aggregated peer perspective, along with the individual detailed reviews, is complementary to Gartner expert research and can play a key role in your buying process. And Sysdig Inc. is proud to announce that Sysdig's customers continue to love its work, which Sysdig Inc. believe has led to Sysdig Inc. being recognized as a Strong Performer in this category. What Sysdig's customers say about Sysdig Inc.. Its customers on Gartner Peer Insights rated its CNAPP a 4.8 out of 5 (based on 287 ratings as of January 2026). Out of the 156 customer responses in the latest Voice of the Customer report, a full 94% said they would recommend its CNAPP solution. Sysdig Inc. also received high ratings across the board for its product capabilities (4.6/5 based on 156 reviews), sales experience (4.8/5 based on 119 reviews), deployment experience (4.7/5 based on 150 reviews), and support experience (4.9/5 based on 154 reviews). Here are just a few quotes from the reviews its customers left: "Sysdig's CNAPP Suite Offers Robust Security Features through Detailed Threat Detection and AI Capabilities "The Sysdig CNAPP security suite is amongst the best in the business. The product itself is fairly comprehensive and they are able to capture signals that most other vendors can't. The account team has been phenomenal and has been engaged since we first reached out. Overall, we're very happy with the service and the team." "Sysdig Platform Provides Unified Cloud Security With Real-Time Threat Detection "We chose Sysdig because it successfully unifies multiple tools (CSPM, Vulnerability Management, Runtime Security, etc.) into a single platform, eliminating siloed views and tool sprawl. The primary benefit is the shift from static scanning to real-time, runtime security. It gives us confidence that threats are detected and contained instantly in our cloud environments." Comprehensive cloud security, the right way. What makes Sysdig's CNAPP stand out from the crowd? Sysdig Inc. is committed to providing a new standard for cloud security: transparency instead of black boxes, clarity instead of guesswork, and speed without sacrificing security. From code to cloud, builders stay in control, and defenders stay uncompromised. Its CNAPP is built on agentic AI, open source, and runtime insights, all in one seamless solution to provide true real-time, end-to-end security. Gartner, Voice of the Customer for Cloud-Native Application Protection Platforms, Peer Community Contributor, 24 December 2025 Gartner and Peer Insights are trademarks of Gartner, Inc. and/or its affiliates. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sysdig.

Sysdig Falco and Stratoshark strengthen open source cloud security. Sysdig introduces new Falco features that integrate seamlessly with Stratoshark. These updates enable automatic capture of system data for forensic investigation in the event of specific threats. Falco, which graduated from the CNCF in February 2024, can now store system capture (SCAP) files as soon as certain security rules are triggered. These files can be used directly in Stratoshark, known as the "Wireshark for the cloud." The integration enables moving from real-time detection to in-depth post-event analysis. The platform has now reached more than 175 million downloads. Users have access to comprehensive tools for investigating cloud threats. Improved plug-ins for contextual insight. Sysdig has also optimized the Falco plugins k8saudit and gcpaudit. These plugins help Stratoshark uncover crucial context in source events. As a result, teams can convert raw security data into actionable information. The combination leads to a process that combines rapid detection and forensic investigation. "Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry's tool of choice for deep cloud system analysis," said Loris Degioanni, founder and CTO of Sysdig. These developments bring the open source community closer to a platform-like experience for complete detection and response in the cloud. What users can expect. The enhanced integration between Falco and Stratoshark means users can detect attacks in real time and search captured data with precision. "With Falco now producing Stratoshark-consumable SCAP files and enriched cloud log metadata, we're bridging the open source gap between real-time threat detection and granular forensics," said Gerald Combs, Director of Open Source Projects at Sysdig. The new capabilities offer three concrete benefits. First, teams gain uniform workflows. They detect threats in real time with Falco, capture in-depth incident details from the moment Falco flags suspicious behavior, and investigate with precision in Stratoshark. Second, the developments are driven by the community. Open source security is strengthened by collaborative progress, transparency, and collective insight. Teams can easily zoom in and out on system activity. This power and extensibility, previously reserved for commercial cloud platforms, is now open source and available for free.