Generative AI has become a pervasive tool in the enterprise.
According to a recent Boston Consulting Group survey, 50% of organizations are using the technology to redesign workflows, and 77% of respondents believe AI agents will be vital to their enterprise functions in the next three to five years.
No strangers to the power of artificial intelligence, CISOs and their security teams are as impacted by AI’s advancement as any other function in the enterprise.
While machine learning has been a key component in cyber operations for years, recent AI advancements — in gen AI in particular — see the technology spreading deeper into cyber operations. These tools, some of which are homegrown and others provided by vendors, aid in forensics, incident response, log analysis, orchestration, vulnerability management, and report writing.
This increasing use of AI for security process is transforming CyberOps, boosting the effectiveness and productivity of security professionals, and changing how cybersecurity work gets done.
“It’s not the what of CyberOps that AI is changing, but the how. It’s changing the speed at which we can do certain operations, and it’s letting us use humans to concentrate on the higher-end tasks,” says Matt Gorham, leader of the Cyber & Risk Innovation Institute at PwC.
Augmenting skills, automating tasks
Because AI can perform tasks at speeds that supersede human capacity, it exponentially scales the amount of work that a cybersecurity function can do, says Rob T. Lee, chief of research for AI and emerging threats and head of faculty at SANS Institute.
Moreover, AI excels at doing repetitive tasks near perfectly every time, so it delivers a consistency unmatched by human employees, experts say.
“If someone isn’t on their A game for whatever reason, the results can vary. But AI has a deterministic approach for doing the same thing over and over again, so the consistency in output is remarkably better and more predictable than what you get from humans,” says Dan Mellen, US and global cyber chief technology officer for EY.
But AI can not only boost the speed and scale of the security team, it can improve skill levels as well, contends Jeffrey Brown, faculty at IANS Research, cybersecurity advisor for financial services at Microsoft, and former CISO of the State of Connecticut.
“It’s a force multiplier for the defense, and it’s a force multiplier in two ways. It uplifts the knowledge of junior staffers quite a bit and helps them come up to speed faster, and it helps more senior worker be more effective; it helps redefine productivity at the higher end,” he says.
Take the use of AI in a security operations center (SOC), where AI can handle a significant amount of — and some cases all — level 1 support tasks, such as ticket triage and routing, freeing up SOC personnel to handle more level 2 or level 3 issues. Generative AI can also provide human SOC workers automated case studies and guidance on higher-level tasks, improving their efficiency and productivity.
Despite fears of job loss to AI, Brown to date has observed that CISOs are using AI not to replace workers but to enhance their efforts. “The most effective use of AI is when there is still a human in the loop,” he says.
As such, AI is expanding the work CISO’s teams can do and empowering more team members to do it. For example, the use of AI for threat modeling has helped organizations with smaller, less specialized teams to proactively identify, analyze, and mitigate potential security threats — work they could not perform prior to adopting AI.
“In general what we’re seeing is that SecOps teams are doing more with what they have and the skill level is moving up; we’re seeing an effective shift up in the work,” says Wolfgang Goerlich, IANS Research faculty and a public sector CISO.
Smaller teams, new skills paradigm
All this has an impact on staffing strategies.
To start, security leaders say traditional entry-level security positions will soon go away and those new to the profession will have to be ready to start higher up the ladder.
That’s particularly true as agentic AI matures, becomes part of more security departments, and handles more of the security, Brown says.
“We need to consider how many experts and which kinds of experts we need,” he adds.
For example, when Brown was CISO for the State of Connecticut, he had one security team member focused on phishing. He now questions whether a security department would need such a specialized staffer if agentic AI can automatically handle much or all of the workflow that responds to a phishing attempt or attack.
With AI, Brown sees cyber teams getting smaller — and having fewer experts. Rather, “they’ll be managers of agents who will help get their jobs done,” he says.
Considering the longstanding gap between open security positions and qualified professionals to fill those jobs, Brown doesn’t see that as a negative.
But he acknowledges that use of AI in CyberOps will require security professionals to acquire new skills — and CISOs to hire for them, noting that skills around AI governance, prompt engineering, and data science will become must-have skills for security professionals at all levels.
“That’s going to be a very big paradigm shift,” he says. “We will need people who are skilled in working with agents, who know enough to say, ‘Yeah, that’s the right answer [from the agent],’ and who can recognize when it’s not.
“The future of security operations will be tapping into agents, but that human intuition is irreplaceable,” he says. “It will be more a human-AI symbiosis, creating a partnership, and making sure we’re using AI to be more productive but always with a human in the loop.”
The need for governance, agility, and speed
Accelerating AI use across the enterprise is also reshaping security operations given cybersecurity’s need to keep pace with securing AI and the data it uses everywhere it’s being used.
Security teams are already struggling with that.
According to the State of Cybersecurity Resilience 2025 report from Accenture, “a concerning 77% of organizations lag in adopting essential Data & AI security practices. Only 22% have implemented clear policies and training for generative AI use, and a handful maintain a comprehensive inventory of AI systems, crucial for managing supply chain risks. Additionally, data protection remains inadequate — only 25% of organizations fully leverage encryption methods and access controls to safeguard sensitive information in transit, at rest and during processing.”
Moreover, the report found that “security gaps extend into cloud infrastructure as well. Despite AI’s reliance on cloud-based processing, 83% of organizations have not established a secure cloud foundation with integrated monitoring, detection and response capabilities.”
Similarly, Gartner writes in its July 2025 A CISO’s Guide to AI Cyber Stewardship report that “CISOs are falling behind on securing AI across the enterprise.”
The report advises CISOs to “adopt and lead an AI cyber stewardship approach based on literacy, life cycle governance, interdisciplinary bridges, human oversight, baseline controls and AI TRiSM [trust, risk, security management] to manage AI-related cyber risk.”
Security leaders say CyberOps needs to step up its AI governance function and its ability to onboard, identify and authorize AI agents deployed by their own organization as well as those from outside organizations that seek access to their systems.
“There needs to be some checks and balances to make sure they’re not going outside the bounds of what they’re authorized to do, the same way we think about authorization for humans,” Mellen says.
Security also needs to move faster than they have been in securing AI used in the enterprise.
“The speed of business change will speed up, and the CISO will have to keep up with that,” Gorham says. “The skills needed to do that will shift; cybersecurity teams will need a confluence of AI skills like prompt engineering and data science skills along with traditional cybersecurity skills.”
Remaking cyber teams
Avivah Litan, distinguished VP analyst with research firm Gartner, believes AI will create at least as many jobs as it displaces and, like others, believes “it will elevate people to do more things better.”
Those new CyberOps roles will be needed, she notes, as hackers use AI to launch more and more sophisticated attacks.
“AI will allow organizations to fight that more effectively,” she adds.
Still, all this does require CISOs to rethink their operations teams to ensure they use both AI and humans to maximum advantage.
“They need to ask, ‘Where does it make sense to have a human and what do I offload to AI? And what is the cognizant cost of that because I no longer have that muscle on my team?’” CISO Goerlich says. “We’ve been short-staffed in security for a long time, so there’s a great story to be had there. But on the other hand, you don’t want to end up with a SOC team just clicking buttons.”
Goerlich says CISOs need to update their talent strategies, creating a roadmap for developing existing staffers as well as hiring new workers to fill the positions of the future, where they’ll be working side by side with AI and AI agents. But they’ll need to do so without losing the human intelligence needed within security operations.
That’s especially key because, as CISOs know, the bad actors are harnessing AI, too, and they’re doing so at greater pace because they’re not bound by the ethics and regulations governing enterprise use of the technology.
The fact that adversaries are using AI to generate malware that can change on the fly, diminishing the effectiveness of traditional pattern-matching tools and other conventional cybersecurity capabilities, means the stakes for CISOs to harness AI effectively on the defensive side are only getting higher.
As Goerlich observes, “The future of security operations is going to be AI versus AI. It’s going to be machine on machine, with people in the cockpit making sure the right things are happening — or on the adversity side, making sure their attacks will be carried out. That’s really going to make us rethinking how we’re doing our security operations.”
No Responses