Security teams are adopting AI in ever-greater numbers, but the gap between deployment and confidence is growing, SANS Institute has warned.
The cybersecurity training and certifications provider interviewed 536 global cybersecurity and IT practitioners and 57 security leaders to write its 2026 SANS AI Survey Insights report.
It revealed that 78% of organizations now actively use AI in cybersecurity strategy, up from 50% in 2025. Yet at the same time, 63% reported “significant shortcomings” in threat detection and response, up from 45%.
Trust in AI decisions (40%) has replaced “wiring AI into existing systems” as the top integration barrier.
“For two years now, we've asked security teams where they actually stand with AI," said Matt Bromiley, the report's author and a SANS certified instructor. "Both years, the honest answer has been some version of moving fast and working it out as we go. What's changed in 2026 is how much weight is now sitting behind that answer."
Read more on AI governance: Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
AI is being used most effectively by network defenders for behavioral detection (48%) and user awareness training (45%).
Threat actors are also ramping up their use of the technology and 78% percent of organizations reported confirmed or suspected AI-enabled attacks in the past year. The most common type of incident involved deepfakes, vulnerability exploitation, phishing and adversarial attacks on AI models.
Against this backdrop, SANS identified a governance gap which could be holding organizations back. Half (50%) of the cybersecurity leaders polled reported having a formal program.
However, over two-fifths (44%) described their organization as in the early stages of writing AI governance policy, with some claiming both at once.
AI Puts Pressure on Security Upskilling
SANS Institute said the next 12 months will be critical for security teams looking to close their AI readiness gap, especially as three-quarters (73%) now say AI has changed their training requirements, up from 51% last year.
"You can't fix these gaps without people who can catch what the tools miss," Bromiley said. "The teams that invest in upskilling now are also the ones positioned to get more out of the AI they have already bought, because the people running it know when to trust it and when to step in."
The report advised the following three-point plan for investment:
- AI validation infrastructure, including “precision, recall, and continuous comparison,” rather than simply deploying more tools
- Operationalizing governance, with sensitive-data access and AI data exposure treated as core controls, not afterthoughts
- Workforce development handled as an immediate operational need, not a medium-term hiring goal
