Seven Numbers That Show How Security Teams Are Actually Running AI, and What They Are Not Measuring

The interesting question about AI in security stopped being whether to use it somewhere around the middle of last year. The 2026 SANS AI Survey Insights report, published by the SANS Institute on 15 July and drawing on 536 cybersecurity and IT practitioners globally, records the moment the argument closed and the more awkward one that opened behind it. Teams are running AI across detection, investigation, red teaming, and application security. What they are not doing, in any numbers worth the name, is checking whether it works.

"For two years now, we've asked security teams where they actually stand with AI," said Matt Bromiley, the report's author and a SANS Certified Instructor. "Both years, the honest answer has been some version of moving fast and working it out as we go. What's changed in 2026 is how much weight is now sitting behind that answer."

1. 78%, up 28 points in a single year

Active AI use in cybersecurity strategy rose from 50% in 2025 to 78% in 2026, the largest year-on-year move the survey has recorded in either of its editions. Underneath it, the holdouts have essentially gone: organisations with no plans to adopt fell from 9% to 4%, and of the 18% not currently using AI, most describe themselves as planning to start rather than declining to.

A 28-point jump is not adoption curving upward. It is a decision being made across an industry inside twelve months, and it means the population running AI in 2026 includes a large cohort who were not running it when the previous survey went out. That matters for everything that follows, because a field where more than a quarter of the users arrived last year is a field whose average operational maturity is being dragged down by its own success at recruiting.

2. 27% call it mature production

Depth is where the number turns. Among the 78% using AI, a third describe their deployment as early production, meaning deployed but not essential, and 21% are still experimenting in limited scopes. Twenty-seven per cent have reached mature production, integrated into daily operations. Eleven per cent call it mission-critical, where failure would have massive impacts on security posture, and 7% run it fully autonomously with very little oversight.

Most practitioners, in other words, sit between testing and light operational use. That produces a partial picture, and the partiality runs in a specific direction: organisations are seeing enough value to keep investing and not enough depth to surface the failure modes that only appear at scale. Confidence built on shallow deployment is confidence sitting on a thin floor, and the floor has not been load-tested. The report's phrasing is blunter than most vendor research would allow, and it is the right read.

3. 45%, 41%, 39% — what gets measured

Ask organisations what metrics they track for their AI, and the answers arrive in a tight cluster at the top. Time and cost savings from reduced manual work lead to 45%. A reduction in false-positive alerts follows at 41%. Quality of AI-generated threat intelligence sits at 39%. Further down, 38% track detection-to-response time and 37% track precision.

Every one of the leaders is an efficiency measure, and that is not an accident of survey design. They reflect what sold most teams on AI in the first place, and organisations tend to measure the thing they bought. The business case was fewer hours and fewer alerts, so the dashboard reports hours and alerts, and the dashboard is doing exactly what it was built to do.

4. 25% track recall. 17% track the false-positive rate as a formal metric.

Here is the number that should stop a CISO mid-sentence. Only a quarter of organisations track recall rate, which is the share of real threats their AI actually caught. Just 17% track the false-positive rate as a formal metric, despite 41% claiming false-positive reduction as a headline benefit.

The distinction is not academic. An AI system can cut analyst workload sharply, produce a beautiful efficiency number, and miss a meaningful fraction of genuine threats, and a team watching only efficiency will not notice until an incident forces the issue. Efficiency is the easiest benefit to see and the easiest to overlook, and the survey shows a field that has done exactly that. The practitioners tracking precision and recall alongside efficiency are the ones building an honest picture of performance. There are not many of them.

That gap also explains something the report finds elsewhere. Sixty-three per cent of practitioners report significant shortcomings when AI detects or responds to threats, up from 45% a year earlier, and roughly two-thirds say AI guidance has pointed them the wrong way at least once in the past twelve months. A field measuring recall would have known that sooner and known it more precisely. Instead, the failures are surfacing anecdotally, one misdirected investigation at a time, which is the slowest and most expensive way to learn.

5. 52% run periodic reviews. 41% run parallel analysis.

Validation follows the same shape. Fifty-two per cent of organisations run periodic reviews, 49% conduct incident post-mortems, 41% run AI analyses in parallel with traditional systems, and 29% compare against industry benchmarks. All four are legitimate. All four are labour-intensive, and none of them is automated.

Periodic reviews carry a structural limit that has nothing to do with how well they are conducted: they check the system at a moment in time, and AI behaviour drifts as the threat landscape shifts underneath it. A point-in-time review can miss that drift entirely, and the drift between checks is where the interesting failures live. The 41% running parallel analysis are doing the most rigorous real-time comparison available to them, which is worth saying plainly. It is also not a majority, and running two systems side by side to check one of them is a peculiar definition of efficiency.

What the survey describes is a field spending human effort to cover AI's reliability gaps. That holds in the short term. It does not scale, and it is precisely the cost that the efficiency metrics were never designed to capture.

6. 47%, and the migration behind it

The most common AI use case in 2026 is incident investigation, at 47%, followed by anomaly detection and automated incident response at 39% each, then forensic investigation and summarisation of security issues at 35%. A year earlier, anomaly detection led at 53% with incident investigation third.

That reordering is the quietest important finding in the report. Practitioners have moved AI further along the decision chain, out of pattern-spotting and into analysis and investigation, which is the part of the job where being confidently wrong costs the most. They did it in a year, on the strength of a technology that two-thirds of them say has misled them at least once, and they did it because it works often enough to justify the move.

One respondent described their team's approach in terms worth quoting in full: "We tend to treat our AI as a digital intern and check its work. If we don't exercise the capabilities ourselves, when the AI fails, we'll lack the skills to address the security issues." It is a single anonymous line from an open response field, and it is also the most economical statement of the problem anyone in the report manages. The intern does useful work. The intern is also how you lose the ability to do the work yourself.

What practitioners want next confirms it. The top requests are AI agents that adapt to threats in real time at 51%, better integration of AI into security platforms at 43%, and AI algorithms that reduce false positives at 43%. The leading ask is for the capabilities already deployed to work more reliably. Practitioners are not asking for more AI. They are asking for the AI they have to do its current job better.

7. 61% in red teaming, 67% in AppSec, and one containment problem

Offensive use accelerated faster than anything else in the survey. Sixty-one per cent of practitioners now use AI in red team work, nearly double the 33% of 2025 and the steepest single-year jump in the survey's records. Application security tracks the same curve, from 37% to 67%, with DAST at 51%, SCA at 50%, SAST at 43%, and infrastructure-as-code scanning at 39% as the most commonly augmented tools. The benefits practitioners cite most from red team AI are generating remediation steps and action items from findings at 61% and more realistic threat simulations at 52%.

The top red team challenge is not budget or tooling. It is keeping automated attacks from causing real damage in production, cited by 52%. A human tester hesitates before a destructive action because hesitation is what experience produces. An automated process has to be told to hesitate, in advance, and told precisely. More than half the field naming this as their leading problem means it is a live operational matter rather than a thought experiment.

The AppSec challenges echo it almost exactly: complexity and resource demands at 44%, ethical and legal concerns at 42%, model reliability at 42%, in-house expertise close behind at 41%. The same constraints surfacing in two independent domains is the point. The skills gap and the reliability problem are not local difficulties with local fixes. They are structural, and they will cap what AI delivers everywhere until they are addressed at the programme level.

The number underneath the other seven

None of the above improves without people who can tell when the tool is wrong, and the survey shows a workforce absorbing that expectation faster than it is being supported. Seventy-three per cent of practitioners say AI changed their team's training requirements in 2026, up from 51% the year before, a 22-point jump. Sixty-eight per cent report AI-driven changes to their jobs, up from 54%, with half describing traditional roles that now carry AI oversight and integration duties on top of what they already did.

Sixty-four per cent of organisations have an active initiative to prepare their workforce for AI-driven security, up modestly from 58%, which leaves 36% with nothing at all, a figure that has barely moved while AI has become embedded in daily work. Among those with programmes, the common approaches are partnering with universities and online platforms at 56%, mentorship at 47%, and building organisational adaptability at 45%. The emphasis falls on access to learning rather than curriculum tied to operational need, and access and effectiveness are not the same investment.

Job satisfaction carries ambivalence. Sixty-six per cent say AI has affected it, up from 52%, mostly for the better, with the top response being a greater sense of accomplishment from making AI integration work, cited by 70% of those affected and up sharply from 51%. At the same time, 48% report mixed feelings about depending on automated systems, and open responses carry real anxiety about roles disappearing and about being asked to prove AI competence with no clear path to build it. The workforce is not resisting AI. It is navigating a transition without enough underneath it.

"You can't fix these gaps without people who can catch what the tools miss," Bromiley said. "The teams that invest in upskilling now are also the ones positioned to get more out of the AI they have already bought, because the people running it know when to trust it and when to step in."

Which returns to the 17%. A field that measured whether its AI caught real threats would know which teams those were. As things stand, most organisations are running a technology they cannot fully see, validating it by hand, and reporting its success in units of time saved.

Sindhu V Kashyap

Global Technology Journalist & Multimedia Storyteller | Covering Founders, Investors & Leaders Reshaping Tech | Writer · Interviewer · Moderator · Editor

Next
Next

Half of Security Leaders Report an AI Risk Programme. Their Practitioners Cannot Find It