A recent SANS survey finds that security teams are worried about AI's impact, but many aren’t using it to its full potential. This survey report uncovers key trends, from the level of AI use in different areas to the state of governance and shifting training needs. Gain a better understanding of how AI is transforming the security landscape and get insights to help you build a stronger strategy inside.
AI is decidedly here —and has been ever since ChatGPT entered the zeitgeist nearly three years ago. Business leaders are clearly interested in using GenAI and are scrambling to incorporate it in any way that makes sense — and many ways that don’t make sense.
Security leaders are also interested in implementing AI, not wanting to fall behind. Yet, only 50% of respondents stated that they are currently leveraging GenAI for security, while 30% said they are planning to within the next 12 months, according to the SANS 2025 AI Survey. Its implementation also varies across different cybersecurity disciplines. Some domains, like application security, are already seeing meaningful integration and benefit. Others, such as incident response and red teaming, remain in earlier stages of adoption.
While some teams are using AI, the survey reveals that governance may be lagging. Most of the cybersecurity professionals surveyed (68%) believe they should have a role in governing AI use across their enterprises, though actual governance maturity lags significantly. Indeed, only 35% have a formal AI risk management and compliance program in place, while 42% are still in the early stages of developing policies. This suggests many organizations understand governance is important, but have not yet built the frameworks to manage it effectively.
Additionally, many teams report AI-related impacts on training needs and job requirements. 65% report that it has required more AI-specialized training for cybersecurity, and 64% emphasized the need for continuous learning to keep up with rapidly evolving AI technologies.
Overall, the data demonstrates that the cybersecurity industry may be underestimating AI’s transformational power. Organizations have made many first steps toward AI adoption and governance. However, much more is needed. Download your copy of the full report for a deep dive into the findings. It's a must-read for any security professional looking to stay ahead of the curve.
