Navigating the AI Revolution in Cybersecurity: Risks, Rewards, and Evolving Roles
Navigating the AI Revolution in Cybersecurity: Risks, Rewards, and Evolving Roles
Publish Date: 2026-02-04 02:41:00
Source Domain: securityboulevard.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
You’d be hard-pressed to find a cybersecurity professional who doesn’t recognize the benefits of AI, or who isn’t using AI. Still, likewise, nearly all companies are moving forward with trepidation, expressing concern about AI Agents’ potential to negatively impact cybersecurity, new research from Darktrace shows. Almost all (96%) of the 1,500 cybersecurity professionals surveyed for Darktrace’s annual 2026 State of AI Cybersecurity Report understand that AI amps up the speed and efficiency of their work. And 77% have taken the next step, embedding generative AI into their security stacks. More than three-quarters (77%) of security professionals reported that generative AI is now embedded in their security stack. And nearly all (92%) say that AI-powered threats are compelling them to make significant upgrades to their defenses, potentially quelling the concerns of more than half of respondents who say they aren’t prepared to defend against those threats. A whopping 87% had acknowledged that AI has improved outcomes for malware. “Across every industry, from criminal gangs to nation-state actors, attackers are utilizing AI to accelerate their pace and frequency of attacks, increasingly causing defenders to be outmatched like never before,” says Dave Gerry, CEO at Bugcrowd. That’s crucial as attackers use AI to automate attacks, because “they move faster in gaining access and spreading inside the network; defenses built for human response times fail silently,” says Ram Varadarajan, CEO at Acalvo. “CISOs investing in AI-native security aren’t chasing efficiency,” says Ram Varadarajan, CEO at Acalvo. “They’re closing a fundamental speed gap between attack and defense.” AI can help by improving vulnerability reporting. “Artificial Intelligence (AI) improves the quality and clarity of vulnerability reporting by the hacking community,” says Kamal Shah, CEO at Prophet Security. “Researchers are using AI to draft clear guidance based on their findings, while documenting impact for multiple audiences within an organization,” Shah says, with some hackers building “AI agents to capture and annotate screenshots and network requests automatically, providing the necessary evidence that enterprises need to validate their findings.” The result? Organizations receive “standardized, professional reports that are easier to reproduce and fix, effectively reducing the expensive back-and-forth typical of manual triage,” he says. Mirroring the current sentiment among cyber defenders across industries, cyber professionals surveyed by Darktrace are really worried about AI Agents, which are particularly daunting since they’re proliferating nearly unchecked. Most (92%) are concerned that the agents will have a negative impact on cybersecurity. “Security teams are no longer just defending human users; they’re supervising autonomous systems that generate their own integrations. The challenge isn’t only technical, it’s also organizational and cultural,” says Randolph Barr, CISO at Cequence Security. Instead, they now have to manage “shadow AI” and “shadow APIs,” which, Barr says, introduces “risks far beyond traditional DevOps oversight.” Noting that “we are approaching a future where the use of AI agents will outpace the readiness of security measures,” Barr says, “we have seen several advisories over the past year which help highlight the gaps and hopefully drive the industry toward more secure, transparent designs before these tools become deeply embedded in enterprise ecosystems.” Governance and visibility have become the new frontline, he says, explaining that “without unified oversight, a single misconfigured API or orphaned key can compromise entire AI pipelines.” The way security works is changing. “AI is already reshaping cyber work, and the next 12 months will fast-track that shift. AI agents are reducing demand for some entry-level roles, such as basic alert triage, log review, and first-pass investigations,” says Diana Kelley, CISO at Noma Security. Because “AI is increasing demand for higher-context roles involving agentic system design, advanced prompt engineering, context-based threat modeling, and human-in-the-loop oversight of agentic systems,” says Kelley, “CISOs see AI changing the mix of skills and roles on their teams, not eliminating security organizations wholesale.” That doesn’t mean a growing workforce. “Rather than expanding teams, CISOs are looking to AI to multiply their existing workforce’s effectiveness—still, leaders remain cautious, continuing to evaluate how AI adoption will ultimately affect team dynamics and resource needs,” says Robb Reck, chief information, trust and security officer at Pax8. But he was quick to point out that “AI isn’t replacing cybersecurity professionals in 2026—it’s augmenting them.” Still, CISOs might be hesitant to hire. “Many companies are slowing hiring while they wait to see how AI agents will actually perform. The candidates who are getting hired? Those who lead with an AI-first mindset and can articulate how they’ll drive transformation, not just use the tools,” says Reck, those who “treat AI as something that will amplify their work rather than threaten it are the ones landing roles.” The next two years will tell the tale. “Cybersecurity will no longer be a people-scaling problem. It will become an intelligence-scaling issue. AI-driven attacks force AI-driven defense,” says Varadarajan. “Teams stay lean, budgets get smarter, and machines take on the work humans were never meant to do at machine speed. By the end of the year, AI will handle a significant percentage of detection, investigation, and initial response, while humans focus on strategy, oversight, and high-risk decisions.” Regardless, though “whether through internal security teams or outsourcing part of their security operations to managed services firms, security teams must rapidly ramp up their usage of AI in response to the increased threat environment,” says Gerry.
