"Organizations have access to more security data than ever before, but turning that information into action remains difficult," said Julien Richard, CTO at Filigran.
AI-powered attacks are the single biggest worry
A survey of 168 cybersecurity leaders conducted by Filigran during Infosecurity Europe 2026 found that AI-powered attacks at scale are the top concern for many teams. Forty-one percent of respondents cited AI-powered attacks as a leading challenge — roughly double the share that singled out supply chain risk (21%) or unknown threats (21%).
That anxiety about AI cuts across operational and boardroom priorities: when asked what board members raise most often, 32% of respondents said AI-driven threats and their organisation's preparedness. AI outranked several established board-level topics in the survey, including regulatory compliance such as NIS2 and DORA (19%), supply chain and third-party risk (16%), and cloud and infrastructure exposure (15%).
Alert fatigue — the everyday grind that wastes time
The Filigran research also documented where security teams spend their hours. Chasing false positives and low-priority alerts was the most common complaint, identified by 26% of respondents as what wastes most time within security teams. Another 25% said their teams spend most time validating whether risks are real.
Other operational frictions include manually stitching together data from multiple security tools (17%) and delays waiting for other teams to act on findings (13%). Those figures underscore a practical bottleneck: even with more data available, converting signals into decisive action remains a core challenge.
Low blind trust in threat intelligence and AI decisioning
Respondents expressed limited confidence in automated guidance. Only 19% stated they completely trust threat intelligence to tell them what to fix first. A majority — 52% — said threat intelligence helps inform decisions but still requires significant human judgement, while 21% said the volume of information often creates more noise than clarity.
The survey also revealed deep caution about giving AI full autonomy: just 8% of cybersecurity professionals said they would trust AI to make security decisions without human approval. The gap between concern about AI-driven attacks and reluctance to let AI act independently highlights a tension at the heart of current security strategy discussions.
Continuous Threat Exposure Management is not yet widespread
Continuous Threat Exposure Management (CTEM), a framework aimed at prioritising and validating cyber risk on an ongoing basis, has limited penetration according to the Filigran sample. Only 28% of respondents described their organisation as having a continuous, proactive exposure management program in place. That leaves a majority of organisations without the continuous posture CTEM advocates, even as boardroom attention to AI and other risks intensifies.
What this means for security teams, board members, and threat intelligence providers
- Technologists and security teams: Expect sustained pressure to reduce false positives and to invest time in validating real risks — the survey shows 26% and 25% of respondents flagging those activities as the biggest time sinks. Teams will also be juggling multiple data feeds, since 17% report manual stitching of tool outputs as a routine burden.
- Board members and executives: With 32% of survey respondents saying boards ask most about AI-driven threats, executives will likely demand clearer evidence of preparedness and actionable risk-reduction plans rather than raw telemetry or volume metrics.
- Threat intelligence providers and program leads: Trust is fragile — only 19% of respondents completely trust threat intelligence to prioritise fixes, and 21% say volume creates noise. Delivering concise, verifiable prioritisation and supporting human judgement will be critical to restoring confidence.
The Filigran survey paints a candid picture: organisations are increasingly alert to AI as a threat vector, and boards are asking about it, yet many security teams remain mired in manual validation, alert triage, and fragmented tooling. The result is a gap between heightened concern and the adoption of continuous, automated exposure management — a gap the industry, boards and practitioners will need to close if they are to translate anxiety about AI into measurable resilience.
