The World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents.

The paper found that 77% of organizations already use AI in cybersecurity, with much of the activity focused on phishing detection, anomaly monitoring, vulnerability management and incident response.

“AI has the potential to shift the balance towards defenders,” said Akshay Joshi, Head of the Centre for Cybersecurity, World Economic Forum. “Organizations that treat it as a strategic capability instead of a standalone tool will be better placed to turn growing cyber risk into resilience and competitive advantage.”

AI is moving deeper into security operations

Security operations centers are changing quickly as teams push more alert handling and investigation work into automated systems. AI tools are being used to filter alerts, summarize investigations and help analysts process large volumes of telemetry and threat data. The report noted that 76% of cybersecurity professionals reported exhaustion in 2025, and 55% of teams reported understaffing.

Threat detection remains one of the most common deployment areas. Security tools are examining communication patterns, language cues and impersonation tactics to identify suspicious messages and unusual behavior that older detection methods may miss.

Software and cloud security teams are folding automated analysis into routine vulnerability and configuration reviews. Development and infrastructure teams are using AI to identify insecure code, detect configuration weaknesses and prioritize vulnerabilities in large environments.

Operational pressure behind adoption is growing on both sides of the threat landscape. Attackers are using automation to speed up reconnaissance, malware development and large-scale campaigns. Defensive teams are pushing more analysis and investigation work into automated systems.

Organizations using AI extensively in security shortened breach lifecycles by approximately 80 days and reduced average breach costs by up to $1.9 million.

Governance and readiness are becoming larger concerns

Companies expanding AI deployments are addressing operational readiness, governance and data quality before scaling systems further. Stable processes, reliable datasets, governance controls and infrastructure readiness were identified as basic requirements for wider deployment in security environments.

Data quality emerged as a recurring concern. Incomplete or inconsistent security data can produce false alerts, missed threats and unreliable outputs. Automated systems require ownership, oversight and review processes as organizations expand deployments.

Hiring pressure is carrying into AI deployments. Security teams are looking for staff who can interpret automated outputs, investigate incidents and work alongside increasingly automated systems. Excessive dependence on automation could weaken hands-on investigative skills over time.

Controlled pilot projects were identified as an important step before broader deployment. Continuous monitoring was presented as necessary to address model deterioration and operational drift during threat activity changes.

Agentic AI is starting to change cyber workflows

Security teams are starting to test agentic AI systems inside defensive workflows. These systems are designed to investigate alerts, coordinate defensive tasks and carry out selected actions with different levels of human involvement.

Some 88% of enterprises are actively investing in AI agents. Security teams are moving toward systems capable of handling limited autonomous actions under policy controls.

Greater autonomy introduces additional operational risk. Governance gaps, unintended system behavior and expanded attack surfaces were identified as growing concerns as automated systems move deeper into security operations.

Human oversight remained a core requirement, particularly for higher-risk decisions tied to containment, recovery and incident response.