SANS report highlights growing AI governance gap in cybersecurity – Intelligent CISO
SANS report highlights growing AI governance gap in cybersecurity – Intelligent CISO
Publish Date: 2026-07-15 03:30:00
Source Domain: www.intelligentciso.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
The 2026 SANS AI Survey Insights report found that Artificial Intelligence adoption has accelerated across cybersecurity teams, while governance and workforce development have struggled to keep pace.
SANS Institute has released its 2026 SANS AI Survey Insights report, highlighting rapid growth in the use of Artificial Intelligence by cybersecurity teams alongside increasing concerns over governance, skills and operational readiness.
Based on responses from 536 cybersecurity and IT practitioners and 57 senior security leaders, including CISOs, the report found that 78% of organisations now use AI in cybersecurity, up from 50% in 2025. However, only 27% of respondents described their AI deployments as mature production environments.
The research also found that 76% of security teams now have responsibility for governing enterprise AI, yet more than half said they lack formal audit frameworks to support those responsibilities. At the same time, 63% reported significant shortcomings in AI-driven threat detection and response, compared with 45% a year earlier.
“For two years now, we’ve asked security teams where they actually stand with AI,” said Matt Bromiley, SANS Certified Instructor and author of the report. “Both years, the honest answer has been some version of moving fast and working it out as we go. What’s changed in 2026 is how much weight is now sitting behind that answer.”
The report also found that AI use in red teaming increased from 33% in 2025 to 61% this year, while 78% of organisations reported confirmed or suspected AI-enabled cyberattacks during the past 12 months. In addition, 95% of respondents believe threat actors are using AI as part of their operations.
According to the findings, behavioural detection remains the most effective defence against AI-enabled threats, followed by user awareness training and human analyst review.
“You can’t fix these gaps without people who can catch what the tools miss,” said Bromiley. “The teams that invest in upskilling now are also the ones positioned to get more out of the AI they have already bought, because the people running it know when to trust it and when to step in.”
The report concludes that organisations should prioritise AI validation, embed governance into day-to-day security operations and invest in workforce development to support the continued adoption of Artificial Intelligence.