A CISOs Guide to Navigate AI’s Security Impact: SANS Report Summary

A CISOs Guide to Navigate AI’s Security Impact: SANS Report Summary 

Artificial intelligence is no longer a future concept. It’s no longer a matter of when we will embrace AI, but rather security leaders should be asking themselves how are we going to do it responsibly. 

To help you understand and strategically apply AI within your Security Operations Center (SOC), the SANS Institute conducted a comprehensive survey. This report, “SANS 2025 AI Survey: Measuring AI’s Impact on Security Three Years Later,” authored by Ahmed Abugharbia and Brandon Evans, provides critical insights into how organizations are currently using AI, the challenges they face, and what the future holds for security professionals.

This summary highlights key findings from the SANS report, offering a clear view of the current state and future trajectory of AI in cybersecurity.

Where AI Stands in Cybersecurity Today

The SANS survey reveals a significant gap between awareness and robust implementation of AI in security. While half of the surveyed organizations currently use AI for cybersecurity tasks, and a staggering 100% plan to incorporate generative AI (GenAI) within the next year, widespread adoption for critical functions remains limited. Only 50.3% of respondents actively utilize GenAI for security purposes.

Incident response teams show a significant interest in AI, with 71.2% believing that AI can enhance existing tools such as SIEM, SOAR, and EDR. However, only a third of organizations plan to use AI for incident investigation in the future. Currently, the primary applications of AI focus on supporting functions, such as alert enrichment, rather than autonomous action. 

When it comes to autonomous SOC actions, the current levels of adoption suggest more about the industry’s comfort and trust in the emerging technology rather than indicating limitations with the technology itself. To overcome this and drive efficiencies, cybersecurity leaders should consider how to utilize existing technology investments, such as rule-based automation, to serve as guardrails that both enable and safeguard AI. 

A Guide to Understanding AI Cybersecurity Challenges 

The report illuminates several pressing challenges and concerns that security leaders must address. A major pain point for analysts is the overwhelming number of false positives generated by AI systems. Many believe this issue stems from stale data within the models.

Despite the limited adoption of AI for defense, security teams are highly concerned about emerging AI-powered threats, specifically highly personalized social engineering and deepfakes. Concerns also extend to attackers using AI to accelerate vulnerability discovery and evade detection.

Organizations also worry about the security of AI platforms themselves. Many leaders are concerned that employees might pass sensitive data to GenAI platforms, leading to leaks. To take this fear a step further, there is concern that attackers could manipulate training data, resulting in detrimental prompt responses. These concerns underscore the critical need for secure, enterprise-grade AI solutions.

It’s Time for an AI Governance and Workforce Evolution

The SANS report highlights a concerning lack of security team involvement in governing GenAI. Many cybersecurity professionals believe they should play a role in enterprise-wide AI governance, but very few organizations have a formal AI risk management program in place. This points to a gap between recognizing the importance of governance and actively implementing it.

The impact of AI on the cybersecurity workforce is also significant. Over half of organizations report that AI has affected their security team’s training requirements. A majority emphasizes the need for more specialized AI/cybersecurity courses, as well as continuous learning, to keep pace with the evolving AI technologies.

Despite these shifts, most respondents remain optimistic that AI will not eliminate their jobs, anticipating a growing demand for professionals with expertise in AI and cybersecurity over the next three years. They believe AI will automate tedious tasks, shifting roles rather than replacing human jobs.

The Key to Predictable AI for SOC Teams 

At Swimlane, we recognize that the future of AI in cybersecurity is not just about its capabilities, but also about trust, enablement, and the ability to scale within budget and under scrutiny. 

Swimlane Turbine is an agentic AI automation platform. It integrates with all of your existing security tools, enabling seamless, but selective, data sharing and coordinated incident response efforts. Our core strength is unifying and orchestrating signals from across your environment, seamlessly aggregating, correlating, and enriching data with the full depth of your enterprise and technology stack.

Hero AI, our generative and agentic AI feature set, seamlessly interacts with selected data and playbook actions throughout the Turbine platform. By combining AI and classic automation in this manner, the predictability of deterministic automation acts as guardrails for predictable AI adoption. 

Embracing AI, a Strategic Imperative for Cybersecurity Leaders 

The SANS survey clearly indicates that AI is here to stay and will have a profound impact on cybersecurity. For security leaders and CISOs, understanding these shifts and adapting your strategy is crucial. Embrace AI not as a replacement for human expertise, but as a powerful tool that enhances your team’s capabilities, streamlines operations, and enables your organization to navigate the evolving threat landscape with confidence.

To gain a deeper understanding of these findings and to inform your AI strategy, download the full SANS 2025 AI Survey: Measuring AI’s Impact on Security Three Years Later report today.