“AI is coming, and will take some jobs, but no need to worry.”
That headline ran atop a CSO story published in 2016. Nine years later, the prediction feels closer to coming true — with questions around jobs being replaced or redefined and whether cybersecurity pros should be worried taking on greater nuance, and still hanging in the balance.
A survey of 1,100 ISC2 members released in February found that 56% of cyber pros believe AI will make “some parts” of their job obsolete. When it comes to being completely replaced by AI, however, only 12% of security pros polled by the Cloud Security Alliance think their role will be made totally redundant by artificial intelligence.
While the issue of AI job displacement has been heating up over the past few years, CrowdStrike’s recent revelation that it plans to lay off 500 people — the equivalent to 5% of its workforce — as part of a greater strategic emphasis on AI has only stirred the pot further. When CEO George Kurtz announced the plan in May, he told staff in a companywide letter that AI is “reshaping every industry … (It) flattens our hiring curve … and drives efficiencies across both the front and back office.”
CrowdStrike didn’t specify whether the job cuts involve technical cybersecurity positions or line-of-business roles, and the company has denied that the layoffs are part of a strategy to replace workers with AI. But there are signs AI may already be having an impact on employment in core functional cyber roles elsewhere throughout the industry.
Cybersecurity jobs data
According to IT training and certification organization CompTIA, the number of US job postings in the category of cybersecurity engineer/analyst fell by 1,703 from April to May 2025. Security recruiting firm CyberSN conducted a more comprehensive analysis, looking at job postings for 45 cybersecurity roles over multiple years. Its data show notable declines in job openings for some positions between 2023 and 2024, including:
cybersecurity software engineer (-38%)
IAM engineer (-26.5%)
security analyst (-13%)
Ebbing demand for certain roles “signal(s) an industry-wide shift toward AI-powered security automation,” CyberSN’s chief security and technology officer, Dom Glavach, concluded in a report based on the data.
In an interview with CSO Online, CyberSN CEO Deidre Diamond attributed some of the job market shifts to IT outsourcing and headcount tightening in an uncertain economy. Yet she says one junior role appears particularly vulnerable to AI displacement: Since 2022, job postings have fallen by almost 53% for security analysts.
“It’s the entry-level role of all entry-level roles in cyber. It had about 68,600 [job postings] in 2022. Then it went to 39,000 in 2023 and now it’s at 36,000. So, it’s the only role that’s taken that big of a hit and then stayed there. I definitely think that there’s some AI [impact] in there,” Diamond says.
SOC alerts and alert triage are two of the most common cybersecurity use cases for AI so far, which could weaken demand for junior security analysts over the next 12 months, says Jerry Perullo, founder of Atlanta-based consulting firm Adversarial Risk Management.
“We’ll start to see the impact there and it may mean [companies] not hiring new people more than AI displacing existing ones,” says Perullo. “I think [displacement] will certainly happen, but I don’t think it’s happening in cyber quite yet. People are still in an R&D phase with AI. Everyone’s just kind of experimenting,” adds Perullo, who’s also a professor of practice at the Georgia Institute of Technology.
As demand for some human cybersecurity roles declines, demand for AI skills in the sector is rising. Figures from CyberSeek indicate 10% of all cybersecurity job postings now require skills in artificial intelligence, up from 6.5% in 2023. Even at organizations that haven’t deployed AI for cybersecurity yet, the prospect of adopting it to reduce security costs is alluring.
Pressure to cut cybersecurity headcount
“We’ve got clients where they’ve been told because of AI, we’d like you to cut your headcount in the cyber function by 50% and still have the same level of control, effectiveness, and risk posture,” says Richard Watson, global cybersecurity consulting leader at EY.
When Watson researched companies that have already used AI to automate parts of their cybersecurity program, he found there was a median cost saving of $1.7 million per year. Watson points out some of those savings stemmed from software consolidation rather than reductions in security staffing. He also asserts using AI in cybersecurity can add value to a business, by freeing up human security teams to focus on work that’s less repetitive and more strategic. His research discovered that, among cybersecurity teams using AI automation:
76% now spend more time on delivering additional cyber projects
63% are spending more time collaborating with other business functions
52% are reinvesting time saved in further cybersecurity use cases for automation and AI
Eyeing numbers like that, it’s easy to see why so many organizations are using or exploring AI for cybersecurity.
Will AI replace or redefine cybersecurity jobs?
In addition to junior security analysts, could other cyber roles be displaced by AI?
CompTIA CEO Todd Thibodeaux says tasks like phishing tests and pen tests will likely be automated by AI agents. He quickly adds this, however: “As for [cybersecurity] jobs wholesale being replaced, I don’t see that.”
Instead, Thibodeaux predicts some cyber roles could “evolve to the point where you have a human guiding a number of different [AI] systems.” Rather than artificial intelligence replacing human cybersecurity roles outright, he says AI will redefine what an entry-level security position entails and the type of skills it requires.
Unlike Thibodeaux, Watson believes the level-one SOC analyst role “is going to be eradicated” by AI eventually. But he agrees with Thibodeaux that AI will move the table stakes forward on the skills needed to land a starter job in cyber. “The thing that will be cannibalized first is the sort of entry-level basic repeatable tasks, the things that people traditionally might have cut their teeth on in order to sort of progress to the next level. Therefore, the skill requirement to get a role in cybersecurity will be higher than what it has been traditionally,” says Watson.
To help cyber professionals attain AI skills, CompTIA is developing a new certification program called SecAI. The course will target cyber people who already have three to four years of experience in a core cybersecurity job. The curriculum will include practical AI skills to proactively combat emerging cyber threats, integrating AI into security operations, defending against AI-driven attacks, and compliance for AI ethics and governance standards.
CompTIA hopes to offer the SecAI certification starting in Q1 2026. Thibodeaux says the course might also give companies a more standardized way to vet the AI skills of cybersecurity job candidates.
AI’s impact on cybersecurity skills gap
Cybersecurity has been plagued by a chronic talent shortage and skills gap for decades. While AI could ease that situation somewhat, Watson contends artificial intelligence use has only stopped the cyber talent shortage from worsening so far, by “stabilizing it over the last two or three years at about four million [unfilled positions].”
An ISC2 report asserts that although AI is “unlikely … to make major inroads into closing” the global cyber talent gap, it will allow current cyber professionals “to focus on more complex, high value and critical tasks” on the job, echoing the findings of Watson’s EY research.
Looking further into the future, Thibodeaux wonders if predictions of mass AI-based job losses in cybersecurity are hyperbolic rhetoric run amok. He points to the fact that, contrary to predictions made a decade ago, autonomous vehicle technology hasn’t put millions of truck, taxi, and bus drivers out of work worldwide.
“It’s like that Bill Gates quote that we overestimate things in the short term and underestimate them in the long run,” Thibodeaux says. “AI is evolving. We don’t know if any of these cyber job roles will be completely eliminated.”
As artificial intelligence takes over a rising number of technical cybersecurity tasks, Watson says one of the best ways security workers can boost their employment value is by sharpening their human skills like business literacy and communication: “The role is shifting to be one of partnering and advising because a lot of the technology is doing the monitoring, triaging, quarantining and so on.”
Diamond similarly argues that the biggest issue in cybersecurity isn’t AI, it’s EQ (emotional intelligence quotient). “Our EQ skills and executive leadership are still way too technical versus people skills.”
Diamond cites a survey conducted at the 2025 RSA conference in which 44% of cyber professionals said they’re in a “toxic work culture” – perhaps the one vulnerability on any security team that can’t be resolved by AI or automation.
No Responses