78% of organizations now actively use AI in their cybersecurity strategy — up from 50% in 2025 — even as 63% say they face “significant shortcomings” in threat detection and response, according to the 2026 SANS AI Survey Insights report.
Rapid adoption outpaces confidence
The SANS Institute surveyed 536 global cybersecurity and IT practitioners and 57 security leaders for its 2026 SANS AI Survey Insights report and found a sharp rise in operational use of AI. Adoption jumped to 78% from 50% a year earlier, yet confidence has not kept pace: 63% of respondents reported “significant shortcomings” in their ability to detect and respond to threats, a notable increase from 45% in 2025. The contrast — more AI in play but growing operational gaps — is the central tension of the study.
Integration barriers have shifted to trust
Where last year “wiring AI into existing systems” topped the list of practical hurdles, the 2026 report shows a change in priorities. Trust in AI decisions (40%) has replaced pure integration work as the top barrier. Matt Bromiley, the report's author and a SANS certified instructor, summarized the posture of security teams: “For two years now, we've asked security teams where they actually stand with AI. Both years, the honest answer has been some version of moving fast and working it out as we go. What's changed in 2026 is how much weight is now sitting behind that answer.”
Where defenders and attackers are using AI
SANS found defenders are applying AI most effectively to behavioral detection (48%) and user awareness training (45%). At the same time, adversaries are increasing their use of AI: 78% of organizations reported confirmed or suspected AI-enabled attacks in the past year. The most common incident types cited were deepfakes, vulnerability exploitation, phishing, and adversarial attacks on AI models. That dual-use dynamic underlies the report’s urgency: tools that help blue teams can also amplify red-team capabilities.
Governance gap: half have formal programs, many still drafting policy
The survey identified a material governance gap. Half (50%) of cybersecurity leaders polled said their organization has a formal AI governance program, while over two-fifths (44%) described their organization as in the early stages of writing AI governance policy — with some respondents claiming both statuses at once. The report frames this misalignment between deployment and formal controls as a constraint on safe, effective AI use.
Three-point plan and the pressure on workforce development
SANS recommends a focused investment strategy to close the readiness gap. The report advised three priorities: build AI validation infrastructure, including “precision, recall, and continuous comparison” rather than simply deploying more tools; operationalize governance so that sensitive-data access and AI data exposure are treated as core controls; and handle workforce development as an immediate operational need rather than a medium-term hiring goal. The survey data underline this final point: three-quarters (73%) of respondents now say AI has changed their training requirements, up from 51% the previous year.
“You can't fix these gaps without people who can catch what the tools miss,” Bromiley said. “The teams that invest in upskilling now are also the ones positioned to get more out of the AI they have already bought, because the people running it know when to trust it and when to step in.”
What this means for security teams, procurement leaders, and threat actors
- Security teams and technologists: They face immediate pressure to upskill; 73% report changed training needs and the report stresses that people must be able to validate AI outputs and intervene when systems err.
- Enterprise and procurement leaders: With half of organizations lacking a formal program and 44% still drafting policy, procurement and governance functions will need to prioritize validation infrastructure and treat sensitive-data exposure as a core control, per the report’s three-point plan.
- Threat actors: The survey documents growing adversary use of AI — 78% of organizations saw confirmed or suspected AI-enabled attacks — meaning defenders must expect deepfakes, AI-assisted exploitation, phishing, and adversarial model attacks to remain front-line risks.
The SANS findings make one clear, concrete timeline: the next 12 months are critical for closing the AI readiness gap. The report pairs rapid adoption with significant operational weaknesses, laying out validation, governance, and workforce steps that organizations can take now — and leaving open whether those steps will be taken in time to blunt the surge in AI-enabled attacks.
https://www.infosecurity-magazine.com/news/sans-warns-of-ai-governance-gap/




