CISOs are keen on agentic AI, but they’re not going all-in yet
Many security leaders face acute talent shortages and are looking to upskill workers
CISOs are upbeat about the potential of AI tools in security operations, new research shows, but the priority focus for many right now is filling workforce gaps.
Findings from Splunk’s annual CISO Report show AI adoption is a key priority, with 68% highlighting investment in this domain as a leading focus alongside improvements to threat detection and response capabilities and identity and access management (IAM).
Indeed, around 92% said the technology is helping their teams to review more security events while 89% reported improved data correlation.
Yet despite this, just 6% have fully deployed agentic AI in security operations, pointing to sluggish adoption rates.
More than one-third (39%) of CISOs who have partially or fully adopted agentic AI strongly agree it has increased their teams’ reporting speed - more than twice the rate of those who are still exploring the technology.
More than eight-in-ten (82%) of CISOs, meanwhile, believe agentic AI will increase the amount of data reviewed, and 82% said it will increase correlation and response speeds.
While the potential benefits of AI are tantalizing for security leaders, the other side of the coin is that 86% fear agentic AI will increase the sophistication of social engineering attacks.
Similarly, 82% believe it will increase deployment speed and complexity of persistence mechanisms.
New tools mean nothing without talent for CISOs
Although AI is increasingly prevalent, CISOs don't expect technology to replace any security analyst jobs. Instead, they're prioritizing human capital to address critical skills gaps: upskilling current workforces, hiring new full-time employees, and engaging contractors.
The skillsets CISOs are most lacking in their security programs are threat hunting, engineering support - for vendor tooling, detection engineering, or maintenance - software development, and network and cloud architecture.
"Because of AI, CISOs will need to constantly reskill, upskill and bring in new talent required to achieve the ROI leadership wants. In this sense, AI will be creating jobs, not eliminating them," said Ryan Fetterman, senior manager, SURGe by Cisco Foundation AI.
Among those who rank threat hunting as their team’s biggest skills gap, 71% said upskilling their current workforce was a top means for addressing shortages. T
hose with bigger engineering gaps tend to focus on hiring new full-time employees, while hiring contractors is the answer for most of those whose biggest gap is software development.
This is easier said than done, however, with only 16% expecting to fill all their shortages.
“Investing in your teams, in part, means rethinking your hiring strategy. I challenge conventional wisdom that demands a cybersecurity degree or a decade of experience,” said Fanning.
"In a field where technical knowledge becomes obsolete quickly, a candidate’s foundational understanding of computing, systems, and networks — as well as curiosity, adaptability, and problem-solving skills — are far more valuable. Cyber knowledge can be taught, where needed, on top of that foundation.”
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Five Eyes agencies sound alarm over risky agentic AI deploymentsNews Security agencies have urged organizations to establish clear boundaries and guardrails for AI agents
-
Enterprises are adopting agents faster than they can secure and govern them – experts warn it’s a disaster waiting to happenNews Identity systems developed for human interaction fail to cope with the new demands
-
UK firms left in the dark over what workers are sharing with AINews Security teams can’t keep track of what workers are sharing with AI applications, regardless of whether they’re approved or unauthorized
-
'The goal for this year will be to automate all security processes': Google Cloud is betting on Wiz to usher in a new era of AI securityNews Wiz wants to deploy its agents for continuous penetration testing, and in Google it’s found a parent company that can achieve this vision at scale
-
AI is now a ‘standard part of the attacker toolkit’News Cyber attacks are increasing in scale, intensity, and velocity thanks to AI, and it’s forcing defenders to react faster than ever before
-
Agent identity governance can't keeping up with adoption rates – and it’s creating a security nightmareNews Enterprises are leaving high-privilege keys unchanged for months or years at a time
-
Systems are deterministic, people are probabilistic – AI is both, and that's a headache for cyber teamsNews AI combines both the risks associated with IT systems and the people using them, creating headaches for practitioners
-
AI agents are creating new identity security risks: 1Password wants to solve thatNews The Unified Access system from 1Password will help enterprises manage AI agent access across different devices and users
