Venture capital may be flowing to trendy AI security startups, but battle-tested CISOs seem to be sticking with tried-and-true, name-brand technology partners for their AI-enabled security needs.
That’s the key takeaway from CSO’s 2025 Security Priorities Study, which collected responses from more than 640 senior security executives from across the globe. When asked to rank leaders in AI-powered security, the largest and most well-known security vendors topped CISOs’ lists.
The criteria CISOs used to rank industry leaders starts with product innovation. But CISOs also leaned heavily into practical matters, rather than flash and sizzle. The vendor’s reputation and whether they had been victimized by a high-profile breach was the second most important factor. Then came business value of the solution, cost/pricing, name recognition, vendor age, time to integrate the solution, and whether peers also use the technology.
As Grandview Research points out, “The AI in cybersecurity industry is expanding due to the seamless integration of AI technologies with existing cybersecurity frameworks. Organizations prefer solutions that complement their current systems, ensuring minimal disruption and maximum efficiency.”
Also making a strong showing on the list were service providers, either full-on managed security service providers (MSSPs), cloud-based proxy services, or content delivery network providers that have expanded into cybersecurity. Clearly, CISOs are looking for ways to lift the burden of incident response off short-staffed and harried security teams.
Here are the top 10 leaders in AI-enabled security in order of their ranking in our survey.
1. Cisco
Why they’re here: With its strong roots in networking, Cisco has an established foothold in the enterprise — and a stranglehold on the data that networking gear generates. The acquisitions of Duo Security (multifactor authentication and zero trust), Thousand Eyes (visibility), and Splunk (AI-powered SIEM), have enabled Cisco to integrate networking and security capabilities. Cisco recently launched AI Assistant for Security, an interface trained on massive security datasets to help analysts with event triage, root cause analysis, policy design, and simplifying firewall management.
Power moves: Introduced “Foundation-sec-8b-reasoning,” an AI foundational model designed to apply AI-powered reasoning to security tasks such as threat modeling, attack vector analysis, risk assessment, and security architecture evaluation.
Outlook: John Grady, principal analyst at Enterprise Strategy Group, says, “The AI era demands a transformative approach to security. Organizations need distributed, identity-based, zero trust protection for applications, users, AI models, and agents, supported by a unified policy framework. Cisco is in a very unique position to support this with its ability to embed advanced protections directly into the network.”
2. Microsoft
Why they’re here: Similar to Cisco, Microsoft is embedded in virtually every enterprise, and is also a vendor that has marshalled its considerable resources to build an AI-powered security ecosystem. The platform includes Microsoft Defender for securing cloud environments, Microsoft Sentinel for cloud-native SIEM, Microsoft Purview for data governance, Microsoft Intune for endpoint management, Microsoft Entra for identity and access management, and Microsoft Defender XDR for threat detection and response.
Power moves: Introduced Microsoft Security Copilot, a generative AI-powered security tool that helps increase the efficiency and capabilities of security teams.
Outlook: Microsoft visionary investment in OpenAI has paid off in catapulting Microsoft to a leadership position in the AI era. A new agreement inked in October cements Microsoft’s position as the key beneficiary of OpenAI Foundation’s research. The agreement gives Microsoft a 27% stake in OpenAI (valued at $135B), but more importantly it preserves Microsoft’s relationship with OpenAI as its “frontier model partner.” Microsoft said its IP rights for both OpenAI’s models and products have been extended through 2032.
3. Google
Why they’re here: Google has a well-deserved reputation as an innovator in cloud-based security services. Google is a leader in Gartner’s Magic Quadrant for SIEM. Gartner says, “Use of AI is a core competency for Google and its SecOps platform offers strong AI functionality throughout many of the common activities and functions associated with SIEM operations.” IDC names Google a leader in its 2025 MarketScape for Worldwide Incident Response.
Power moves: Announced plans to buy cloud security platform vendor Wiz for $32B. The deal is expected to close in 2026.
Outlook: Google offers a broad range of AI-powered security solutions, many based on its purchase of Mandiant in 2022. These include Google Threat Intelligence, Google Security Operations, Google Unified Security, Google AI protection, and Google Agentic SOC, which combines AI-driven automation with human expertise. Once the Wiz acquisition is finalized, Google will have expanded capabilities across multicloud environments.
4. Akamai Technologies
Why they’re here: Akamai has successfully pivoted from being a content delivery network (CDN) provider to offering a platform for developing and running applications in the cloud, as well as providing a broad range of complementary cybersecurity services. These include web application and API protection (WaaP), Akamai firewall for AI, and zero trust security. In a recent evaluation conducted by SecureIQ Lab, Akamai outperformed competing vendors in a test of WaaP capabilities.
Power moves: Akamai continues to aggressively build out its platform; key acquisitions include Linode, Neosec, and Noname Security.
Outlook: IDC analyst Dave McCarthy says, “By extending compute capabilities to its vast network of over 4,400 locations across 134 countries, Akamai provides a differentiated value proposition in the crowded cloud market. This focus on low-latency, high-performance, and secure edge-native applications enables Akamai to avoid a direct, head-on confrontation with hyperscalers. Instead, it positions Akamai to cater to the growing demand for applications that require processing and data storage closer to the end user, thereby enhancing performance and security for distributed workloads.” The company recently launched Akamai Inference Cloud, a platform for securely distributing AI workloads across cloud and edge environments.
5. IBM
Why they’re here: Another gold standard name in the industry, IBM offers a broad range of managed security services that leverage the power of AI. The IBM portfolio includes IBM Guardium for AI-driven data security; Trusteer, which uses AI and machine learning for digital identity management; MaaS360 for AI-powered device security; and watsonx.governance for AI governance. IDC places IBM in the leader category of its MarketScape for worldwide managed detection and response (MDR). The crown jewel is IBM’s X-Force team of incident response experts. IDC says that IBM’s MDR leverages the X-Force protection platform, AI, contextual threat intelligence, and a global team operating in over 110 countries.
Power moves: IBM inked a complex strategic partnership with Palo Alto Networks designed to enhance AI-powered security offerings for enterprise customers.
Outlook: The deal with Palo Alto Networks gives IBM the inside track on providing consulting services for Palo Alto customers. According to IDC’s MarketScape, IBM’s consulting services, which include incident readiness planning, risk assessments, security testing, and vulnerability assessments, are a key differentiator for enterprise customers.
6. Abnormal AI
Why they’re here: Despite all the time, money, and effort poured into security, the one persistent vulnerability that seems most difficult to solve is social engineering attacks targeting email recipients. Enter Abnormal AI, which uses the power of AI, machine learning, and anomaly detection to analyze human behavior and protect end users from phishing and related email-centric attacks. Abnormal is a leader in the latest Forrester Wave for email, messaging, and collaboration security. And it is a leader in Gartner’s Magic Quadrant for email security.The company also offers phishing simulation training.
Power moves: The company was originally named Abnormal AI when it launched in 2018, but the market wasn’t ready for AI, so the company switched to Abnormal Security. Now, it has rebranded back to its original name, a reflection of market acceptance of AI-powered security solutions.
Outlook: Abnormal AI is expanding beyond just email to a broader AI-driven platform. Says CEO Evan Reiser,“We started with email security because it was the biggest problem to solve at the time, and because it provides the richest data set of human behavior. Our goal is to become the most trusted and dependable AI in cybersecurity — one that protects people from the full spectrum of modern threats, utilizing AI to make decisions at superhuman speed.”
7. CrowdStrike
Why they’re here: An innovator in cloud-native, AI-driven cybersecurity, CrowdStrike’s Falcon platform encompasses endpoint security, threat intelligence, and incident response, offered as a fully managed service. GigaOm rates CrowdStrike as a leader in its evaluation of autonomous SOC solutions. GigaOm cites CrowdStrike’s strength in AI-powered detection, unified EDR, next-generation SIEM, and SOAR, as well as agentic innovation with Charlotte AI. CrowdStrike is also a leader in Gartner’s analysis of endpoint protection platforms, and a leader in IDC’s MarketScape for cloud-native application protection platforms (CNAPP).
Power moves: Acquired AI security vendor Pangea. The deal will enable CrowdStrike to extend its Falcon platform into AI detection and response.
Outlook: IDC points out that there is a push toward platformization in cybersecurity. “This is worthy of mention as CrowdStrike has a wide depth and breadth of capabilities built into its Falcon platform that provides the technology muscle for its MDR offering. The added capabilities, such as its managed cloud workload protection (CWP) for continuous runtime protection across hybrid and multicloud environments, workloads, and containers, and its fully managed identity threat protection service called Falcon Complete Identity Threat Protection provide expert management, monitoring, protection, and optimization of identities and identity stores.” IDC adds, “Organizations that are looking to consolidate their disparate technology point products into a unified managed platform should consider CrowdStrike.”
8. Arctic Wolf
Why they’re here: Arctic Wolf provides cloud-based MDR services with an open, flexible, vendor-neutral approach. The Arctic Wolf Platform ingests telemetry from the customer’s existing stack of security tools across endpoint, network, cloud, and identity. There’s no vendor lock-in when it comes to the organization’s choice of security tools. Arctic Wolf is a leader in the IDC MarketScape for MDR. IDC points out that Arctic Wolf addresses the problem of SOC analysts being overwhelmed by too many alerts with its ability to distill telemetry to a manageable number of tickets per day through the use of AI and machine learning.
Power moves: Bought UpSight Security to accelerate the development of AI-powered ransomware protection and rollback capabilities.
Outlook: Arctic Wolf continues to evolve its platform to incorporate use of AI. Arctic Wolf recently introduced its AI Security Assistant, which allows for natural language interaction, enabling customers to ask questions and gain more context about their security environment. At the same time, the human element remains a key part of the Arctic Wolf service: The Arctic Wolf Concierge Security Team consists of security experts who analyze each customer’s security environment and business context and then provide advice on how to shore up security defenses.
9. Cloudflare
Why they’re here: Cloudflare started out as a reverse-proxy CDN with a clear mission: securing the Internet. Over time, Cloudflare has leveraged its global footprint to deliver a broad range of cybersecurity services. The Cloudflare AI Security Suite offers a unified platform to secure workforce AI tools and public-facing applications, discover shadow AI, protect models from abuse, secure agent access, and prevent data exposure in prompts. Cloudflare is a leader in the 2025 Forrester Wave for Web application firewall services.
Power moves: Cloudflare has acquired Replicate, a startup with software that makes it easier to deploy AI models in production.
Outlook: The company’s lineup of AI-enhanced cybersecurity services includes AI-powered threat detection, bot management, encryption, email security, firewall, data loss protection, AI security posture management, and secure AI application development. In its latest quarter, revenue climbed 31% year over year, and analysts are predicting that Cloudflare will reach a $3B annual revenue run rate in 2026.
10. Broadcom
Why they’re here: Known primarily as a chipmaker that shook up the industry with its purchase of VMware, Broadcom is also a vendor with deep connections to the enterprise through its acquisitions of management software leader CA Technologies and security vendor Symantec. Broadcom has combined the Carbon Black EDR technology that was part of the VMware deal with Symantec to create a new division — Enterprise Security Group. Broadcom also offers capabilities that cloud-based security vendors don’t, such as mainframe security.
Power moves: Announced Symantec AI, a fully agentic assistant that leverages Symantec and Carbon Black capabilities to automatically respond to threats.
Outlook: Broadcom does a good job leveraging its alliances, particularly with Google Cloud. Broadcom supplies data center chips to Google, moves enterprise VMware workloads to Google cloud, incorporated Google’s Vertex AI development platform with Symantec AI, and uses Google Gemini models as the basis for its AI agents. Broadcom has also beefed up VMware security with AI enhancements to VMware vDefend lateral security and VMware AVI load balancer. Broadcom’s approach is to provide integrated security from silicon to software, using AI-driven analytics and automation to reduce the burden on security teams and stay ahead of evolving threats.
AI security vendors: Leadership vs. current use
One key point to note: This list represents the vendors that CISOs perceive as leaders, not necessarily the ones that they currently use for AI-enabled security. That top 10 list consists of Cisco and Microsoft in the top two spots, cited by 27% and 24% of respondents respectively. The next batch of vendors came in between 19% and 15%, so not necessarily a statistically significant difference. That group included Akamai, Abnormal, Broadcom, Google, Carbon Black, and Cloudflare. CrowdStrike (12%) and Check Point (11%) rounded out the top 10. So, basically the order is shaken up a bit, but the core list of vendors remains pretty much the same.
No Responses