It was the best of technologies, it was the worst of technologies.

In a global survey conducted by ISC2, 16,029 cybersecurity professionals indicated that, among all emerging technologies, advancements in artificial intelligence (AI) will have the greatest positive impact on their ability to secure their organizations in the near future. In the same survey, they also suggested that AI is the emerging technology with by far the greatest negative impact on their organization’s security outlook.

It’s an irony without contradiction. On one hand, industry pros are ravenous for anything with those two letters attached, falling over one another to integrate, appear to integrate, or even totally rebrand entire businesses around it. On the other hand, AI has already had a major impact on phishing, and experiments have demonstrated its utility in more sophisticated cyber operations, too. In some ways, the optimism around AI has even contributed to the pessimism, as organizations over-excitedly adopt risky AI products, or loosely tack agentic AI onto existing products, creating new issues for themselves.

Related:What Will Make AI BOMs Real?

AI Powers New Generation of Threats

Some 52% of respondents rated AI among the most negative developments in cybersecurity. Behind it, if one can even call it a separate category, was agentic AI (34%). The only other entry that came close was another long-heralded but even more unproven threat: quantum computing (32%).

More specifically, cyber pros appear to be most worried about AI’s impact on social engineering. More than anything else in 2025, they reported having trouble dealing with AI-powered social engineering and the high fidelity of its deepfakes. Naturally, those same survey respondents expect it to continue being their biggest challenge in the coming couple of years.

Respondents did leave themselves some wiggle room, reporting that their second biggest fear for the next couple of years was “risks of emerging technologies.” Claude Mythos, which takes the threat of AI beyond social engineering, postdated the ISC2 study.

Betraying the subjectivity of survey data, respondents tended to rate AI’s impact on cybersecurity more positively or negatively, depending on AI’s broader impact on their industry in general. For example, cybersecurity workers in consulting — an industry ransacked by AI — rated AI’s impact on cybersecurity more negatively than any of their peers. Respondents in hands-on industries less directly threatened by AI — construction, agriculture, and automotive — were least likely to view its impact as negative.

Related:76% of All Crypto Stolen in 2026 Is Now in North Korea

Goodbye to Low-Value, Repetitive Tasks

In another part of the survey, 41% of respondents told ISC2 that advancements in AI will be among the greatest boons for cybersecurity in the near future. Only automation (35%) and zero-trust network access (33%) ranked similarly high, with formerly trendy areas like extended detection and response (XDR) (19%) and blockchain (8%) trailing far behind.

It could also be that folks are feeling better about AI now that they’re getting more comfortable using it. ISC2 survey data released late last year showed that 41% of cybersecurity professionals were either in some way testing or evaluating AI in their workflows, and 28% of cybersecurity professionals were already AI-integrated. Most of those who’ve tried it have had positive experiences, with 63% reporting significant boosts to their productivity, and only 21% reporting no meaningful impact.

Counterintuitively, survey respondents were most bullish about AI’s potential impact on the cybersecurity job market. Two-thirds of respondents believed that AI will generate more technical and communications jobs in the industry.

“It’s going to get rid of some of those large dataset, highly repetitive, low-value tasks and bring you to decisions quicker,” argues ISC2 chief information security officer (CISO) Jon France. “I think that’s a net positive. If it frees up some of my time from analysis, into decision-making and into higher functions, then I’m not [losing] a job. I’m just focusing on something that’s of higher value to me and my organization.”

Related:Do Ceasefires Slow Cyberattacks? History Suggests Not

For France, AI replacing certain kinds of more menial cybersecurity work will help solve talent shortage problems for companies, without necessarily shrinking the job market. “It’s also shown that some of the other skills that cyber pros have — probably less technical and more human-based — are now being valued higher. The ability to work in a team, to communicate complex business concepts, better critical thinking and logical thinking; these are things that are now more differentiating in the job market,” he argues.

Asked for his personal opinion about whether AI is having a positive or negative impact in cybersecurity, France says: “Yes.”





Source link

#

Comments are closed