A Sophos report found that while generative artificial intelligence (GenAI) is becoming a standard tool in cybersecurity, many IT leaders worry about its risks. Of the 400 surveyed by the cybersecurity solutions company, 89% said flaws in GenAI security tools could put their organizations in danger.
Despite 65% of companies already using GenAI in their security systems, concerns about over-reliance are growing. Chester Wisniewski, director and global field CTO at Sophos, cautioned that AI is not a replacement for human expertise.
“As with many other things in life, the mantra should be ‘trust but verify’ regarding generative AI tools,” Wisniewski said. “We have not actually taught the machines to think; we have simply provided them the context to speed up the processing of large quantities of data.”
Sophos X-Ops research, outlined in its report “Cybercriminals Still Not Fully on Board the AI Train (Yet),” suggests that while some cybercriminals remain skeptical of AI, others are beginning to use it. Criminals are automating tasks such as generating phishing emails, analyzing stolen data, and enhancing social engineering scams.
The widespread use of AI in cybersecurity — found in 98% of surveyed organizations — has also raised concerns about accountability. About 87% of IT leaders worry that increasing reliance on AI could lead to a decline in human oversight. Also, 84% fear pressure to cut cybersecurity staff due to unrealistic expectations that AI can replace human experts.
Cost remains another challenge. While 80% believe GenAI will raise the price of security tools, 87% think the long-term savings will make up for it. Still, 75% said measuring these costs remains difficult.