Only 21% use AI to automate away configuration management and system hardening

Among those security departments that do their own custom AI work, 66% report that they have hired their own internal data science staff within their security teams

35% cited reporting as a security function where AI will provide the most value in the next 3 years

A lack of transparency and explainability was the top reason for turning off AI functionality, cited by 58%

The top use case where security leaders say AI will offer most value is vulnerability and risk management, named by 74% of respondents

Third-party and supply chain risk was a big security pain point (42%)

Just 25% of teams use AI to power vulnerability prioritization

Just 18% have utilized GenAI to speed up summarization and reporting work

82% were optimistic about AI applicability to sifting through disparate results from scanning tools

81% were optimistic about AI applicability to dealing with overload of data

Lack of skilled personnel is the biggest obstacle to the effective use of AI in cybersecurity today, cited by 55% of respondents

Lack of transparency in AI decision making was an obstacle for 46% of respondents in the effective use of AI.

Just a fraction of respondents said that their tools come trained and/or tuned — 5%

Costs were an obstacle for 46% of respondents in effective use of AI.

Just over half of respondents said that they regularly disable AI functionality in some or all security tooling due to a range of considerations

1 in 5 respondents reporting that 75% or more of their tool stack promotes AI capabilities

Nearly a third of respondents reported that their team spends at least four hours per week training AI models within their own tools or within commercially available AI functionality

Approximately 19% say they primarily apply AI to security through their own internal data science work

55% of Security Managers/Directors added data governance duties for AI training.

Approximately 1 in 4 organizations said they’re concerned about how AI use in the enterprise will make them more attackable (AI and generative AI concerns)