What 125 Security Leaders Told Us About AI in Cybersecurity

How Would You Answer These Questions?

• When it comes to using AI, who’s winning right now, attackers or defenders?
• How concerned are you about AI-powered phishing, deepfakes, and multi-platform social engineering attacks?
• Does your team have a clear AI strategy for your cybersecurity, or are you still trying to figure it all out?

We just put these questions (and a whole lot more) to 125 security leaders from some of the largest organizations in the U.S., all companies with 500+ employees or security teams with 50+ members. The answers were eye-opening. Some were validating. Others? Honestly, kind of surprising.

We recently hosted a webinar to break down this report, featuring candid discussions with industry experts. These behind-the-scenes insights were some of the most valuable takeaways from the entire project, and now you can watch it all on demand. If you’re curious about what security leaders really think about AI, you won’t want to miss it. Download the report (no form) and watch the webinar here.

Here's some clips from the pre-webinar meeting we had!

1. Security Leaders Know There’s a Gap, But They Don’t Know How Big

When I first read through the survey results, one stat jumped out like a red flag: only 17.6% of security leaders said they saw a “significant advantage” in AI tools like behavioral analysis and semi-supervised machine learning.

That reaction was validated when Michael Sampson (Principal Analyst, Osterman Research) explained what the data was really telling us:

“The survey reflects accurately... security leaders across a randomized set of organizations don’t have a full grasp of what this could do for their organization.”

Watch Michael explain the reality behind this knowledge gap:

This isn’t just a slow adoption problem, it’s a visibility problem. Security teams know AI is important, but many don’t yet understand how powerful it can be.

2. You Need an AI Plan, Like Yesterday

Here’s another one that hit hard: 80% of security leaders say AI is essential for defending against cyberattacks, but most of them don’t actually have a plan.

That stat didn’t surprise me. It’s something I see all the time when talking with security teams. I said it during our prep call, and I’ll say it again here:

“Strategic AI integration is non-negotiable. It’s not just about buying tools. It’s about asking, ‘Where can we enhance what we already have? Where can we automate? Where can we make defenders faster?’ If you’re waiting for the perfect solution, you’re already falling behind.”

Matthew Martin (Founder of Two Candlesticks and Former Deputy CISO at LPL Financial) jumped in to back this up, pointing out something I’ve seen firsthand working with large organizations:

“Everyone wants AI...security, marketing, IT, but who actually owns it? Without leadership driving a company-wide strategy, you get shadow AI projects popping up everywhere, and no one is aligned.”

Hear us talk through this challenge in our prep call.

Look, I get it. Building an AI strategy sounds like a huge lift. But waiting until you have it all figured out is the wrong move. Start small. Identify a few places AI can support what your team is already doing. Build from there. Because attackers? They’re not waiting.

3. Security Leaders Want AI, But They Don’t Fully Trust It (Yet)

Even among the security leaders who see the value in AI, there’s still a big hesitation around trust and data security. I hear it all the time: What data is going into this system? Who can access it? What happens if it gets compromised?

When we talked about this during our prep, Matthew Martin made the point that for many CISOs, AI looks like just another attack vector they need to defend, and that slows things down:

“There’s a big concern over data. Where does it go? Who interacts with it? How do we secure it? CISOs look at AI and think, ‘Oh, great. Another attack vector.’”

But (and this is key) the business isn’t going to wait. AI is already being adopted across marketing, communications, product teams, you name it. If security doesn’t get comfortable with it, they’ll get left behind.

Listen to Matthew explain the security and trust issues teams are working through:

This is the reality now. AI isn’t just a nice-to-have—it’s the only way we can match the speed and scale of modern attacks. Period.

Missed the Webinar? Watch It On-Demand

AI is transforming cybersecurity (obvious, I know), but let’s be real, defenders are still figuring out how to keep up. That’s why we brought together experts for a no-BS discussion about what’s really happening with AI in security.

Some key moments included:

• Why security teams see AI as essential, but most still don’t have a plan to use it effectively
• Why attackers are moving faster with AI than defenders, and how security teams can catch up
• How to figure out if an AI solution or vendor is an expert or just got on the bandwagon

If you want insights, strong opinions, and maybe even a little controversy, you’ll want to watch this.

Watch the full discussion on demand now!

Get your popcorn ready!