The year AI adoption went 
mainstream, and the impact 
on security teams

In 2025, we saw generative AI and early agentic systems move from limited pilots into widespread adoption across enterprises. Generative AI tools were embedded into operational workflows and the SaaS products we rely on every day, while AI agents gained more access to data and systems. We also saw glimpses of how threat actors can manipulate commercial AI models in attacks.

As AI reshapes our ways of working, cybersecurity leaders are being challenged to protect a rapidly expanding attack surface and manage never-before-seen risks. For many, the question is not whether AI should be secured, but what “securing AI” actually means in practice. Is it about protecting models? Governing data? Monitoring outputs? Controlling how AI agents behave?

AI systems are complex and dynamic. They operate across multiple business domains at once, with the potential to ingest or generate sensitive information, take action autonomously, and execute logic at scale. Securing AI means understanding where AI exists, how it behaves, what it is allowed to do, and how its decisions impact the broader enterprise. This demands new capabilities, revamped governance frameworks, and fresh thinking.

This is the third year we’ve surveyed more than 1,500 IT security leaders across industry verticals and company sizes to understand their perspective on the challenges—and opportunities—AI presents in cybersecurity. Survey participants come from 14 different countries across five continents, but all are tasked with navigating a fast-changing world. Since last year, we’ve seen enormous progress towards maturity in some areas. In others, there’s a standstill.