AI-powered attacks are the biggest cybersecurity concern among security professionals. Forty-one percent identified AI-powered attacks at scale as their biggest security concern, nearly double the number citing supply chain risk (21%) or unknown threats (21%).
AI-driven threats and what security professionals are doing about them is also the top concern for nearly one in three boards (32%).
These were some of the findings of new research conducted by Filigran during Infosecurity Europe 2026.
A new phase of threat-informed defence
The survey of 168 cybersecurity professionals across various industry sectors, suggest that organisations are entering a new phase of threat-informed defence, where security teams are focused on being armed with the intelligence and context to figure out which threats pose genuine business risk in order to make informed and accurate decisions quickly.
Julien Richard, CTO at Filigran, said: “Organisations have access to more security data than ever before, but turning that information into action remains difficult. The challenge is determining which exposures actually matter, which can be exploited in their environment, and whether their existing controls will stop them. That’s where many organisations are still struggling.”
Security teams continue to lose time to operational inefficiencies
When asked what wastes the most time in their security team, the most common response was chasing false positives and low-priority alerts (26%). A further 25% cited validating whether risks are real, while 17% said manually stitching together data from multiple security tools and 13% pointed to delays waiting for other teams to act on findings.
This suggests that security teams are spending a significant proportion of their time validating findings, correlating information and coordinating remediation efforts. As businesses face growing volumes of threat intelligence, vulnerabilities and security alerts, the challenge lies not in collecting more data, but in reducing complexity and accelerating decision-making across the security workflow.
Boardrooms increasingly focused on AI-driven risk
When questioned on what boards ask about most, 32% of security practitioners cited AI-driven threats and organisational preparedness as the top issue. This placed AI ahead of more established boardroom cyber priorities, including regulatory compliance such as NIS2 and DORA (19%), supply chain and third-party risk (16%), and cloud and infrastructure exposure (15%).
The findings indicate that boards are increasingly looking for reassurance that their organisations understand how AI could change the threat landscape, whether existing controls are fit for purpose, and how prepared security teams are to respond.
For security leaders, this creates a growing need to translate AI risk into clear business terms, moving beyond technical discussion to explain exposure, readiness and resilience.
Organisations struggle to turn threat intelligence into action
While threat intelligence plays an increasingly important role in security operations, the survey revealed that many organisations still struggle to translate intelligence into clear actionable priorities.
Only 19% of respondents said they completely trust threat intelligence to tell them what to fix first. More than half (52%) said it helps inform decisions but still requires significant human judgement, while 21% said the volume of information often creates more noise than clarity.
This challenge is reflected in automation priorities. When asked what they would automate tomorrow, the most common response was turning threat intelligence into actionable priorities, selected by 27% of respondents.
Security pros remain cautious about autonomous AI
While AI-powered attacks topped the list of concerns, respondents showed significant caution when it came to using AI for security decision-making. Only 8% said they would trust AI to make security decisions without human approval.
By comparison:
- 44% said a human should always remain in the loop
- 38% would trust AI only for low-risk, routine decisions
- 11% said they are still experimenting with AI-driven decision-making
It would seem that, for now, the most credible role for AI in cybersecurity is as an analyst accelerator rather than an independent decision-maker: helping teams move faster while keeping accountability and final judgement with human experts.
CTEM adoption remains in its early stages
The survey also examined adoption of Continuous Threat Exposure Management (CTEM), a growing framework for prioritising and validating cyber risk. Only 28% of respondents described their organisation as having a continuous, proactive exposure management programme in place.
The remainder reported either operating reactive security programmes, running disconnected initiatives, or being unfamiliar with CTEM altogether.
“The findings from this research tell a consistent story: security professionals know they need to be more proactive, but the tools and processes around them create constraints and siloes,” said Neena Sharma, Head of Customer and Product Marketing at Filigran.
“The volume of findings is high but with no clear way to determine what matters, what’s exploitable, and whether their defenses are working as expected to do so. That’s the promise of Continuous Threat Exposure Management. It’s not a single product; it’s a discipline that allows security teams to unify threat signals, take faster, better-informed remediation decisions and show that the actions they’re taking are actually reducing risk.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.