A study conducted during Infosecurity Europe 2026 has found that AI-powered attacks at scale are the biggest security concern facing many cybersecurity professionals.

The survey of 168 cybersecurity leaders across various sectors conducted by Filigran during the three-day event found 41% cited AI-powered attacks as a top challenge, double that of those who cited supply chain risk (21%) or unknown threats (21%).

The research also asked what wastes most time within the security teams. Chasing false positives and low priority alerts the most common issue at 26%, suggesting significant proportion of time is spent validating findings.

A further 25% cited validating whether risks are real, while 17% said manually stitching together data from multiple security tools and 13% pointed to delays waiting for other teams to act on findings.

"Organizations have access to more security data than ever before, but turning that information into action remains difficult," said Julien Richard, CTO at Filigran. "The challenge is determining which exposures actually matter, which can be exploited in their environment, and whether their existing controls will stop them. That's where many organizations are still struggling."

Limits to Threat Intelligence Effectiveness

Threat intelligence plays an important role for security operations; however, many firms find it a challenge to translate data into clear actionable priorities.

Trust is a clear problem with just 19% of respondents stating that they completely trust threat intelligence to tell them what to fix first.

More than half (52%) said it helps inform decisions but still requires significant human judgement, while 21% said the volume of information often creates more noise than clarity.

Cybersecurity professionals remain cautious about the use of AI for decision-making and only 8% said they would trust AI to make security decisions without human approval.

The survey also examined adoption of Continuous Threat Exposure Management (CTEM), a growing framework for prioritizing and validating cyber risk. Only 28% of respondents described their organization as having a continuous, proactive exposure management program in place.

Board-Level Concerns Focus on AI

Boards are increasingly looking for reassurance that their organizations understand how AI could change the threat landscape. The survey respondents were asked what board members ask about most and 32% said AI-driven threats and organizational preparedness to tackle such issues.

This placed AI ahead of more established boardroom cyber priorities, including regulatory compliance such as NIS2 and DORA (19%), supply chain and third-party risk (16%), and cloud and infrastructure exposure (15%).