The SANS 2025 AI Survey: What Security Leaders Need to Know

The media is still framing AI as an emerging trend. But those of us in cybersecurity know it’s already reshaping the landscape—both in how adversaries operate and how defenders do business. From application security to incident response, security teams are testing the waters with AI tools. Yet adoption isn’t keeping pace with the risk.

The 2025 SANS AI Survey takes the pulse of how security professionals are (and aren’t) leveraging AI today. The findings reveal a widening gap between how adversaries are weaponizing AI and how defenders are deploying it. For security leaders, the question isn’t if AI will play a role in operations. It’s how fast and how responsibly you can integrate it.

At ZeroFox, we believe AI shouldn’t add noise or complexity. It should scale visibility, contextualize data to enable faster decision-making, and ultimately strengthen defenses. Here’s a closer look at what the SANS survey uncovered and what it means for your team.

Key Points from the SANS 2025 AI Survey

Is AI Closing the Gap or Widening It?

Security teams are experimenting with AI, but adoption is still shallow compared to the speed of adversary innovation. While roughly half of survey respondents say their organizations are testing AI in some form, more than 80% worry about AI-powered threats. That imbalance leaves defenders on the back foot. And it’s not just theory. Cisco’s 2025 Cybersecurity Readiness Index found that 86% of security leaders reported at least one AI-related incident in the past year, underscoring how quickly the threat has moved from potential to reality.

ZeroFox POV: Attackers don’t share defenders’ constraints. They’ll use AI to scale phishing, accelerate vulnerability discovery, and evade detection. Security teams need to close the gap, not by chasing every shiny tool, but by strategically integrating AI where it reduces risk.

Is the Workforce Ready for AI?

Survey respondents pointed to training as one of the biggest needs: more than half said AI is already reshaping security team training, and nearly two-thirds stressed the need for continuous learning. Yet many organizations admit they aren’t equipped with the specialized courses or programs needed to bridge that gap.

ZeroFox POV: AI isn’t a plug-and-play miracle solution. While it frees analysts to focus on strategic tasks, it also demands new skills and new ways of thinking. Security leaders who prioritize upskilling now will not only strengthen their defenses but also attract and retain talent in a tightening cybersecurity job market.

Can AI Reduce Risk if It Increases Noise?

AI is supposed to bring clarity, but survey respondents highlight the opposite: too many AI systems generate overwhelming false positives. Alert noise erodes trust in the tech and drags analysts into repetitive triage.

ZeroFox POV: The solution isn’t “more AI,” it’s better AI. Models tuned with curated data and embedded analyst expertise can reduce noise instead of multiplying it. That’s why relevant training data and a human-in-the-loop approach remains essential.

Who Owns the AI Rulebook in Security?

Most security professionals agree they should play a role in governing AI, but few organizations have formal programs in place. Policies exist on paper, yet technical validation, testing, and enforcement often lag far behind.

ZeroFox POV: Compliance pressure will only grow. Forward-leaning security teams can turn governance into a strength by pairing clear policies with practical controls—from monitoring model behavior to auditing third-party AI tools.

Beyond the Numbers: What AI Adoption Means for Security Leaders

Adversaries Aren’t Waiting for Defenders to Catch Up

The survey highlights a clear mismatch: attackers are already experimenting with AI at scale, while defenders are slower to integrate it. This creates an opening for adversaries to exploit. Accenture research reinforces this gap, finding that only one in ten organizations globally are prepared to defend against AI-augmented cyber threats even as adversaries accelerate their adoption of these capabilities. Clearly, security leaders can’t afford to treat AI as optional experimentation. It’s quickly becoming table stakes for defense.

AI Governance Needs to Move from Policy to Practice

Policies are emerging, but the hard work of testing, validating, and enforcing AI controls is lagging. Without that, governance risks becoming a check-the-box exercise. To truly mitigate risk, organizations need to pair clear rules with technical validation, continuous monitoring, and accountability for both internal AI and third-party AI use.

Human Context Is Still the Deciding Factor

Even as AI adoption grows, human oversight remains critical. From fine-tuning models to filtering out false positives, analyst expertise ensures AI strengthens defenses instead of adding noise. Security teams that balance automation with skilled human judgment will be better positioned to adapt as adversaries weaponize AI further.

Looking Ahead: AI’s Role in Security Operations

The SANS 2025 AI Survey makes one thing clear: AI isn’t replacing cybersecurity professionals, but it is reshaping their roles. Routine tasks are already being automated, freeing up analysts for higher-value investigations and strategic decision-making. Security leaders should prepare for a market where AI fluency becomes as essential as cloud or network expertise.

Many organizations admit they lack the training and expertise needed to fully leverage AI in security operations. The next generation of defenders will need cross-disciplinary skills spanning machine learning, data science, and threat intelligence. Organizations that invest early in upskilling their teams will gain an advantage, both in defense and in attracting top talent.

Those who treat AI as a transformative shift—not just another tool in the stack—will shape how the industry evolves. That means moving beyond pilots and proof-of-concepts into integrated, resilient deployments. The winners won’t just keep pace with adversaries; they’ll set the bar for how AI is responsibly and effectively used in cybersecurity.

Closing the Gap Between AI Risk and AI Defense

The bottom line? Organizations that move beyond experimentation, invest in governance, and pair AI with human expertise will be the ones that stay ahead. The 2025 SANS AI Survey offers a deeper look at where security teams are today, what challenges they’re facing, and how they’re preparing for the AI-driven future.

Download the full report to see how your peers are approaching AI in cybersecurity and how your strategy stacks up.