
























Artificial intelligence is rapidly transforming the cybersecurity landscape. While attackers leverage AI to accelerate reconnaissance, tailor social engineering attacks, identify vulnerabilities, and expand their operations, defenders are using AI to improve threat detection, lessen manual workload, prioritize risks, support analysts, and strengthen overall resilience.
The scale of that challenge is measurable. Fortinet’s 2026 Cybersecurity Skills Gap Report found that 91% of organizations are now using or experimenting with AI-powered cybersecurity solutions—yet 71% say the skills shortage still creates additional cyber risk. AI is arriving faster than the workforce can absorb it.
This conflict highlights the importance of public-private collaboration, as no single organization can address it alone. Governments provide critical policy guidance, insights into national risks, and an understanding of systemic effects. Meanwhile, private cybersecurity experts bring operational skills, threat intelligence, technical expertise, and practical experience in protecting complex digital infrastructure. Platforms that unite these groups naturally foster the sharing of diverse experiences, turning them into practical recommendations.
That is one of the key values of Fortinet’s ongoing engagement with the World Economic Forum’s Centre for Cybersecurity. Through initiatives like the Cyber Frontiers: AI & Cyber, the forum brings together leaders from government, industry, academia, and cybersecurity sectors to tackle challenges beyond the scope of any single sector. The recent forum white paper, titled “Empowering Defenders: AI for Cybersecurity,” exemplifies this collaborative approach, incorporating insights from interviews, workshops, and case studies involving 105 representatives from 84 organizations across 15 industries.
Fortinet was proud to contribute to this work. As named contributors to the paper, we engaged in the broader World Economic Forum process to help determine how organizations can transition from AI experimentation to responsible, practical cyber defense. This contribution highlights two key aspects of Fortinet’s view: integrating AI into real-world cybersecurity workflows and empowering the workforce to use AI effectively.
The most impactful public-private work does not stop at awareness. It helps leaders take action. The forum’s paper is valuable because it treats AI not as an abstract trend but as a tool already enhancing cybersecurity, emphasizing what organizations must do before expanding its use. This includes aligning AI with strategic goals, evaluating readiness, piloting use cases, and scaling while maintaining ongoing monitoring and improvements.
That sequence matters. While many organizations are under pressure to adopt AI quickly, speed without discipline will inevitably introduce new risks. AI must first be aligned with tangible security objectives, including faster detection, improved prioritization, better analyst support, greater compliance readiness, and more resilient operations.
Collaboration with groups like the World Economic Forum is crucial because public-private engagement grounds AI guidance in real-world operations. It helps integrate policy issues, business needs, practitioner insights, and technical knowledge. This approach yields more practical results than a purely technology-focused discussion, as it mirrors how real-world cybersecurity decisions are made within organizations.
Fortinet insights were especially relevant to the paper’s focus on AI as an essential operational cybersecurity ability. AI is not just another tool for security teams to assess. It is increasingly essential for organizations to identify threats, prioritize alerts, correlate activities, and respond quickly to the demands of modern attacks.
The paper emphasizes that AI spans the entire cybersecurity lifecycle, covering governance, risk detection, protection, detection, response, and recovery. This perspective aligns with Fortinet’s view that AI should be embedded within security operations rather than added as an external layer.
For defenders, the advantage comes from applying AI to the right data, workflows, and controls. It helps security teams correlate signals, identify patterns, prioritize risks, and reduce manual efforts that hinder quick responses. However, it must be integrated into a security framework that ensures visibility, connectivity, and coordinated responses.
That operational perspective is critical. AI alone does not automatically enhance cyber defense. It only does so when it is integrated into existing analyst workflows, backed by high-quality data, and managed with well-defined processes for escalation, validation, and human oversight.
AI doesn’t eliminate the cybersecurity skills shortage—it reshapes it. And that distinction matters more than most leadership teams currently recognize.
For security teams under pressure, AI can automate repetitive tasks, reduce alert fatigue, and help analysts work faster. Our 2026 Cybersecurity Skills Gap Report found that 84% of organizations say AI-enhanced tools have made their security teams more effective—up from 80% the prior year. That’s real progress.
But the same report reveals a growing tension: Sixty percent of organizations say their top recruiting challenge is finding cybersecurity talent with specific AI experience. Sixty-three percent expect greater need for AI oversight and governance roles over the next three years. AI is creating demand for skills that don’t yet exist at scale in the workforce.
This is not an argument against adopting AI. It’s an argument for being deliberate about how you adopt it. The forum’s paper reinforces what our own research makes clear: Effective AI implementation requires more than technology investment. It requires executive ownership, quality data, integrated infrastructure, and a workforce that understands not just how to use AI tools but how to question their outputs. Only 50% of leaders believe their board members are fully aware of the risks from AI use—a gap that will widen as AI becomes more embedded in security operations. As AI becomes more integrated into security operations, organizations will require personnel who understand both cybersecurity fundamentals and how AI is transforming cybersecurity practices.
One of the strongest messages from the World Economic Forum guidance is that AI’s value in cybersecurity lies in augmenting human expertise, accelerating decision-making, and strengthening resilience. It is not about automation for its own sake.
This point should guide how organizations implement AI. Security teams are already grappling with alert fatigue, resource constraints, tool sprawl, and increasingly complex attack surfaces. AI can help reduce that burden by filtering out unnecessary noise, highlighting patterns, speeding up investigations, and enabling quicker responses. However, the aim isn't to replace humans but to assist them in concentrating on critical tasks that require human judgment.
The paper also cautions against relying too heavily on AI. Excessive trust in automated decisions can erode expertise and create a false sense of security. Because of this, organizations need fail-safes, human oversight, and the ability to keep security operations running if AI systems fail or produce unreliable results.
Security teams are not going to be replaced by AI. But security teams that don’t know how to work alongside AI will increasingly struggle to keep pace with adversaries who do.
This is another area where public-private cooperation is essential. Governance models, workforce expectations, operational safeguards, and technical practices must evolve together. Industry cannot handle this independently, and government cannot address it through policy alone. Progress requires shared frameworks informed by real-world deployment experience.
The forum’s report provides examples of AI improving operational efficiency, reducing investigation time, and assisting defenders in managing threat activities at scale. These examples are significant because they show AI moving from theoretical concepts to measurable security outcomes.
The key takeaway is not that every organization should adopt identical use cases. Instead, AI implementation should start with addressing the specific security challenge the organization needs to solve. For some teams, this might be threat intelligence correlation. For others, it could be phishing detection, vulnerability prioritization, incident triage, cloud configuration analysis, or analyst enablement.
The adoption path should be practical: identify the workflow, define the outcome, validate the model, measure performance, and govern the process. Scaling should occur only when the organization is ready.
That is the kind of guidance that public-private collaboration can provide. It assists organizations in avoiding two pitfalls: ignoring AI until attackers have the upper hand or rushing to adopt AI so rapidly that governance, skills, and accountability cannot keep up.
As AI becomes a core part of cybersecurity, its effectiveness depends on responsible use by organizations. This involves more than just investing in technology. It also demands strong leadership, proper governance, staff training, seamless integration, and continuous collaboration between the public and private sectors.
Fortinet’s contribution to the forum’s “Empowering Defenders” paper reflects our belief that cyber resilience is a collective responsibility. Defenders require practical tools, shared knowledge, reliable frameworks, and a workforce prepared to operate in an AI-enabled setting.
The future of cyber defense will be shaped by AI but won by the organizations that use it responsibly, govern it deliberately, and invest in the people operating it. Public-private cooperation is how we build and sustain those standards. Fortinet is committed to that work.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。