Sharp rise in AI adoption for cyber defense exposes major governance gap

Sharp rise in AI adoption for cyber defense exposes major governance gap

Sharp rise in AI adoption for cyber defense exposes major governance gap

https://www.cybersecuritydive.com/news/ai-adoption-cyber-defense-governance-gap/825179/

Publish Date: 2026-07-14 11:51:00

Source Domain: www.cybersecuritydive.com

Dive Brief:

  • Enterprise security teams are incorporating AI into their programs at a faster rate than ever before, but a significant gap exists in the governance policies that are designed to support that expansion, according to a report released Monday by the SANS Institute.
  • Four out of 10 security practitioners said there is no formal policy in their organization for AI adoption, according to the report. More than six of 10 practitioners said they have no visibility into where AI models are being used or what kind of information is being exposed. 
  • About 75% of security practitioners have a governance role related to enterprise AI, yet more than half of respondents said there are no established frameworks for AI audits, the report showed.

Dive Insight:

The SANS report highlights a widespread concern among security and corporate governance experts that AI is being adopted at a much faster pace than guardrails are being installed to make sure customer data and other sensitive information is protected. 

The significant perception gap appears to exist between security leaders and the frontline practitioners who are being tasked with carrying out the main duties of these security programs, said Matt Bromiley, a certified instructor at the SANS Institute and author of the report. 

While half of security leaders report having a formal AI risk management program, only 36% of practitioners report having that same program. 

“That 14-point gap is a perception problem,” Bromiley told Cybersecurity Dive.

Security leaders within the same program believe there is real governance, however, Bromiley said, “the people running the tools can’t see,” any legitimate guardrails being used on the ground. 

The report is based on a survey of 536 cybersecurity and IT practitioners around the globe. The study includes a dedicated module of 57 senior security leaders, including chief information security officers,…

Source