Artificial Intelligence is making significant strides in the cybersecurity space, but security professionals are not rushing headlong into adoption. According to a new survey from ISC2, only 30% of cybersecurity professionals currently use AI in their day-to-day operations, though 42% are actively testing or exploring its use. The report paints a picture of widespread enthusiasm mixed with a clear desire for caution and strategic implementation.

The sectors most active in adopting AI tools include industrial enterprises and IT services, with security professionals reporting increased effectiveness in areas like threat detection and vulnerability management.

Yet challenges persist, especially in smaller organizations and public sector entities, which are slower to embrace AI due to concerns around cost, reliability, and organizational readiness.

Why It Matters: The evolution of AI tools presents a major opportunity to strengthen cybersecurity defenses, but only if implemented with care. The cautious approach shown by many professionals underscores real concerns about skill displacement, over-reliance, and unintended consequences. Organizations that balance automation and human expertise will be better positioned to protect themselves in a fast-changing threat landscape.

• Growing, but Not Exploding: The gap between enthusiasm and full deployment speaks to the value teams hold in maintaining infrastructure integrity. The most active sectors include industrial enterprises (38%), IT services (36%), and professional services (34%), while public sector (16%) and financial services (21%) lag significantly behind. This illustrates a cautious pattern, where organizations want to validate AI’s value and reliability before rolling it out more broadly.

• Larger Enterprises Are Leading the Charge: Company size plays a key role in AI adoption. The survey found that 37% of organizations with more than 10,000 employees are already using AI for cybersecurity. In contrast, only 20% of mid-sized businesses (500–2,499 employees) and small firms (fewer than 99 employees) are doing the same. Notably, 23% of the smallest organizations say they have no plans to use AI at all. Larger companies have more resources to experiment and implement new technologies, while smaller firms often lack the budgets or personnel to do so confidently.

• AI Benefits in Key Security Tasks: Among those already using AI tools, results are largely positive. About 70% of adopters say their teams are more effective thanks to AI, with the biggest gains reported in network monitoring and intrusion detection (60%), endpoint protection and response (56%), and vulnerability management (50%). Additionally, 45% say AI has improved their threat modeling, and 43% cite benefits in security testing. These capabilities suggest AI is particularly suited to areas that require fast, repetitive analysis, freeing up human analysts for strategic work.

• Job Impact Is Complex and Ongoing: Over half (52%) of respondents believe AI will reduce the need for entry-level cybersecurity positions, as automation handles more routine tasks. However, 31% believe AI will also generate new types of junior roles such as data interpreters, AI tool operators, or junior analysts who work with generated insights. While only 21% of organizations have adjusted hiring based on AI adoption, 44% are actively re-evaluating what roles and skills they’ll need soon. This shift suggests organizations are preparing for a hybrid workforce that blends human expertise with AI efficiency.

• Security Leaders Support a ‘Strategic Pause’ on AI: Despite strong interest in AI, nearly half of cybersecurity leaders say they would welcome a deliberate slowdown or reassessment before further adoption. This hesitancy is partly due to concerns about over-reliance on AI tools, which could erode vital hands-on skills, create blind spots, or foster complacency. Experts warn that without proper oversight, organizations risk becoming vulnerable in new ways, especially if they assume AI is infallible.

Go Deeper → Despite the hype, cybersecurity teams are still taking a cautious approach to using AI tools – ITPro