Despite the hype, cybersecurity teams are still taking a cautious approach to using AI tools
Most teams are enthusiastic about AI tools, but they're not going all-in just yet
AI tools are taking off in cybersecurity, but security workers aren't quite ready to go all-in.
According to a new study from ISC2, three-in-ten practitioners already AI tools in their daily workflows, while 42% are exploring or testing their adoption.
Just 10% of respondents to the survey said they have no plans at all to use AI at work.
In terms of industries, industrial enterprises (38%), IT services (36%), and professional services organizations (34%) lead in the adoption of AI security tools.
Financial services and the public sector have the lowest current adoption rates, at 21% and 16% respectively.
Of those who have already adopted AI security tools, 70% reported positive impacts on their team’s overall effectiveness.
Similarly, they're seeing benefits in network monitoring and intrusion detection, cited by 60%, endpoint protection and response with 56%, and vulnerability management, cited by half.
Meanwhile, 45% said they saw improvements in threat modelling and 43% in security testing.
Casey Marks, chief qualifications officer at ISC2, said the report shows enthusiasm for AI is growing in security alongside other industries, but professionals in this space are far more cautious about adoption and integration.
“Our latest AI survey shows cautious but growing interest in AI security tools, with adoption expected to accelerate in the future,” Marks commented.
What companies are using AI tools for cybersecurity?
It's the biggest organizations - those with more than 10,000 employees - that are leading the adoption of AI security tools, with 37% actively using them.
ISC2 also noted that mid-sized firms with between 500 and 2,499 employees and those with fewer than 99 employees show the lowest adoption rates. Only 20% in each of these groups are actively using AI for cybersecurity purposes.
Naturally, the smallest organizations are also the most conservative, with 23% reporting no plans to evaluate AI security tools.
Teams do expect to see an effect on hiring, with just over half saying that AI will probably reduce the need for entry-level staff.
However, 31% reckoned that AI will also create new types of entry- and junior-level roles or increase demand, helping to counter the decline in early career opportunities elsewhere.
More than four-in-ten said their organization’s cybersecurity hiring hadn't yet been affected by the introduction of AI security tools, with only 21% saying AI has changed their hiring plans and priorities.
However, 44% said their organization was actively reconsidering the roles and skills needed to support the adoption and use of AI security tools.
"Encouragingly, 44% of professionals report no impact on hiring from current or expected adoption of AI security tools, and 28% see AI creating new opportunities for entry-level talent," said Marks.
"Findings suggest that AI is helping cybersecurity professionals by automating repetitive tasks and enabling them to focus on more meaningful work.”
There is, though, some hesitancy about the pace of change. Almost half of security leaders and practitioners recently told penetration testing firm Cobalt that they'd like a 'strategic pause' to recalibrate their defences.
Meanwhile, some experts have warned practitioners could become over-reliant on AI, which will ultimately lead to a loss of important skills, complacency, and dangerous consequences for enterprises.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Salesforce targets telco gains with new agentic AI toolsNews Telecoms operators can draw on an array of pre-built agents to automate and streamline tasks
-
Four national compute resources launched for cutting-edge science and researchNews The new national compute centers will receive a total of £76 million in funding
-
CrowdStrike says AI is officially supercharging cyber attacks: Average breakout times hit just 29 minutes in 2025, 65% faster than in 2024 – and some attacks take just secondsNews Cyber criminals are actively exploiting AI systems and injecting malicious prompts into legitimate generative AI tools
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
Harnessing AI to secure the future of identityIndustry Insights Channel partners must lead on securing AI identities through governance and support
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
