AI Adds a Human Oversight Tax to Cybersecurity

AI Adds a Human Oversight Tax to Cybersecurity

AI Adds a Human Oversight Tax to Cybersecurity

https://www.bankinfosecurity.com/ai-adds-human-oversight-tax-to-cybersecurity-a-32226

Publish Date: 2026-07-14 17:54:00

Source Domain: www.bankinfosecurity.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
,
Recruitment & Reskilling Strategy

Security Teams Save Time on Tasks but Spend More Time Checking AI’s Work

Jennifer Lawinski •
July 14, 2026    

New ISC2 research finds that security teams are spending more time validating AI outputs and facing accountability for AI errors. (Image: Shutterstock)

Artificial intelligence is reshaping cybersecurity work, but not necessarily reducing it, as professionals spend more time determining whether AI-generated recommendations can be trusted, according to new ISC2 research.See Also: AI Is Transforming the Chief Data Officer Role

The findings suggest that while organizations may automate triage, log analysis, reporting and vulnerability prioritization, that may not translate directly into reduced workloads or staffing requirements because teams spend more time validating AI findings and deciding whether to override the technology.

Nearly two-thirds of cybersecurity professionals who use AI said they are spending more time deciding whether to trust or act on AI-generated recommendations, and 63% said they now spend more time validating or reviewing AI outputs, the research found. ISC2 surveyed 856 cybersecurity professionals in May about how they use AI in their jobs.

The stakes are high for cybersecurity teams, and 89% said they had experienced an AI recommendation leading to an incorrect outcome. When that occurred, 50% said that the human decision-maker was ultimately held responsible. Another 21% said accountability varied, depending on the severity of the issue, and 18% reported ambiguity or a lack of clear ownership.

“Oftentimes it’s not right, and when it’s not right, about half the time our members are finding that humans are being held responsible for it,” ISC2 CEO Scott Beale told ISMG.

At the same time, 24% of respondents said they are “often” or “very often” expected to act on AI-generated security outputs without fully understanding how those outputs were produced. Another 40% said they sometimes face that expectation.

“Companies need to be not just investing in AI, but investing in the training, the staff and the support” required to validate information and deploy the tools safely, he said.

Cybersecurity professionals understand that AI can move quickly and assist with a growing number of tasks, Beale said, but consequential security decisions cannot be treated like low-stakes consumer recommendations.

“Cybersecurity professionals know that AI is very effective at moving quickly and helping with a number of tasks, but you can’t just trust it the same way you’ll trust a restaurant review,” he said. “You need to validate the thing. The stakes are way too high.”

AI Stress Falls on Employees

Increased stress was most common among employees spending more time reviewing AI outputs and deciding whether to trust them. Nearly half of respondents said using AI has decreased their work-related stress in the past year, but 32% said they are experiencing more stress.

Among those reporting increased stress, 76% spent more time deciding when to trust AI recommendations and 74% spent more time reviewing AI outputs. In both cases, the figure was 57% among respondents whose stress declined.

“I thought it would be a little bit more balanced because the technology assists both the attackers and the defenders,” Beale said. “The challenge is that the defenders aren’t getting the support that they need to fully understand and leverage it in a way that’s effective.”

Entry-Level Cybersecurity Is Changing, Not Disappearing

The research indicates that the next generation of cybersecurity professionals will need to both acquire new kinds of skills and learn the fundamentals of the trade in new ways as AI automates the tasks traditionally assigned to junior employees.

“There’s not a diminishing demand for cybersecurity workers,” Beale said. “Entry level is changing, but there’s going to be an entry point.”

For 56% of respondents, AI has reduced the need for entry-level cybersecurity positions in the past year, but 53% said they believed AI was creating new entry-level opportunities, and 48% said AI made them more optimistic about their long-term cybersecurity careers.

Respondents were almost evenly divided over whether AI had reduced hands-on learning opportunities. Thirty-seven percent said it had, while 36% said it had not. But 62% said AI had not reduced the need for foundational cybersecurity skills.

Organizations may need to replace lost learning opportunities with simulations, supervised investigations and mentoring that teaches employees how experienced practitioners evaluate AI evidence and challenge its conclusions. Without those investments, companies risk creating an experience gap in which fewer employees develop the judgment needed to oversee increasingly autonomous security systems.

“As people enter cybersecurity, they’ll be filling different roles, but they’re going to have to learn how to do cybersecurity with AI,” Beale said. “They’re going to have to learn how to do cybersecurity with everything in the cloud from day one.”