SECTION 5

AI as

a friend or foe

How AI is reshaping cybersecurity for 2026

While AI is a powerful tool for defense, it's also a double-edged sword. Cybercriminals are using generative AI and large language model to create more convincing and scalable attacks

Rapidly escalating cyber threats

AI is driving a shift in cyber attacks – making them more frequent, targeted, and difficult to defend against.

More than three-quarters (77%) of CISOs believe that AI-driven threats are outpacing their teams’ ability to respond. Just 7.2% of cybersecurity leaders say they have no worries about AI. Instead, three-quarters (76%) agree that within five years, today’s security and risk models will be almost unrecognizable, so great is the impact of AI on the threat landscape.

It comes as no surprise then that AI sits squarely at the top of the CISO worry list for 27% of leaders surveyed – with many concerned about how to manage an ever-evolving threat landscape against a backdrop of regulatory compliance, stretched resources, and limited budgets.

As one CISO described, “The biggest challenge facing CISOs in the next 12 months is managing growing regulatory pressure while keeping up with increasingly sophisticated cyber threats. AI is a huge threat to our systems as there are still so many unknowns, so we cannot develop appropriate protocols to combat these if we need to.”

40% agree that improving defenses against AI-powered attacks is their top strategic priority for 2026.

Biggest AI-driven concerns for 2026

Strengthening cyber hygiene for AI-powered attacks

8 in 10 CISOs

Say AI threats move faster than their teams can respond.

And we know why: Control failures keep opening doors, tool overload and data silos hide the signals, and the relentless audit cycle eats up the hours needed for real defence.

0%

Agree cyber teams are yet to tap into the potential of AI

In this alarming reality, the old way of doing things. Manual checks, scattered reports, and slow audits simply can’t keep up.

It's why 61% of leaders agree that their current controls assurance model isn’t right for the AI era.  Yet many CISOs know AI itself isn’t "rewriting the defensive playbook" or a replacement for basic discipline. Nearly two-thirds (65%) of those surveyed say strong cyber hygiene and control monitoring are still what counts most, even in the face of AI-powered attacks.

But currently it’s an overlooked advantage; 83% of CISOs believe AI could do much more to help, yet most organizations aren’t tapping into its real potential. Used smartly, AI can automate repetitive tasks and analyse data intelligently, helping teams to prioritise risk reduction by criticality or business function – closing the gap between sprawling data and actionable insights and outcomes.

MAIN TAKEAWAY

The pace of change is moving faster than CISOs can keep up

The advances in AI-driven attack techniques are leaving leaders bracing for radical disruption. But despite the rate of change, the playbook of good cyber hygiene and strong controls remains the same. The challenge for CISOs, however, is to find a way to optimize their current controls monitoring approach so it can keep pace with AI-driven threats.

How to leverage AI and automation in 2026

One in four (28%) of CISOs say that better leveraging AI for defense measures will be their key priority for 2026. For many, the first step will be exploring how AI and automation can reduce the busy work of data analysis and reporting, empowering their teams to focus on the higher-value tasks of remediating control gaps and reducing risk.

© 2025 Panaseer Limited. Reg in England and Wales with the company registration 09098199 Reg address: Ashcombe Court, Woolsack Way, Godalming, Surrey, GU7 1LQ UK.