Cyber professionals are flocking to AI tools, but they’re getting tired of fixing mistakes and reviewing outputs
Cyber pros are spending significantly more time validating AI outputs and deciding when to trust AI-generated recommendations
AI isn't replacing cybersecurity roles but it is changing them, and not always for the better, according to new research.
A study from ISC2 found that 65% of cybersecurity professionals who use AI in their roles are spending time deciding when to trust or act on AI-generated recommendations.
Nearly two-thirds (63%) said they often find themselves reviewing and validating AI outputs. While this is basic best practice from a safety perspective, these processes are wasting valuable time.
Regardless, the influx of AI tools within the profession has been welcomed by practitioners, according to the study.
More than half (53%) believe the technology is creating new entry-level opportunities, while 48% said AI makes them feel more optimistic about their long-term career prospects.
“AI is not replacing cybersecurity professionals; it is changing what the profession requires of them,” said ISC2 CEO Scott Beale.
“As AI takes on more repetitive tasks, as well as performing some complex cybersecurity analysis at speed and scale, cybersecurity roles are shifting toward higher-value work, from asking the right questions to validating findings, interpreting outputs and applying human judgment."
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Beale noted that the use of AI is changing “how work is distributed across security teams”, meaning investment in areas such as governance, skills development, and validation practices is “essential”.
Too much time fixing problems
While nearly half of cybersecurity professionals reported that AI has reduced workplace stress, 32% said it has made it worse. A key factor here lies in the aforementioned validation and reviewing practices, the study noted.
Those experiencing higher levels of stress were significantly more likely to spend longer periods deciding when to trust AI-generated outputs and recommendations.
When AI-recommended actions lead to incorrect outcomes – which nine out of ten said had happened – half of the participants said their organization holds human decision-makers ultimately accountable.
Put simply, poor AI-related outcomes have a direct impact on wellbeing for cybersecurity practitioners when it’s their neck on the line.
Confusion over accountability and ownership of AI also adds to stress, the study noted. Nearly a quarter (21%) of respondents said accountability of AI-related issues varies depending on the severity.
Over-reliance is a worry
Other top concerns cited by ISC2 included over-reliance on AI, a recurring worry not just for cyber professionals but workers across a range of industries.
As ITPro reported in May, a study from GoTo warned over-reliance on the technology could erode key skills. Similar concerns have been highlighted in software development, particularly among entry-level workers entering the workforce.
62% of respondents identified this as a key concern in the ISC2 study while 56% also highlighted worries about reduced human judgement capabilities when it comes to business-critical decisions.
Foundational cybersecurity skills remain essential, according to ISC2, especially with AI in the mix. Notably, nearly two-thirds (62%) said they don't believe the technology has reduced the need for these skills, compared with just 26% who say it has.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Meta used AI systems to identify workers in layoffs, lawsuit claimsNews Former Meta employees allege that an AI system used to select people for layoffs was biased
-
UK firms still can't master the basics when it comes to AI adoptionNews Brit enterprises have doubled AI spending but won't see results until they sort IT foundations like data management and governance
-
'It’s a marker of where extortion tradecraft is heading': Cyber experts say they've identified the first case of ‘agentic ransomware’ – but there’s a catchNews While the JadePuffer ransomware has alarm bells ringing, it still needed a human in the loop
-
Three quarters of firms have halted AI projects over safety and security concerns – and cyber pros think things will deteriorate as models like Claude Mythos improveNews AI has become a leading problem for enterprise security teams, they can't automate their way out of trouble
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
IT teams are bullish on AI tools, but they’re worried security practices can’t keep paceNews Executives and IT teams are at odds over the risks associated with AI adoption
-
‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackersNews AI is making it harder to differentiate between high and low-skilled actors
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI