Cyber Pros Can't Decide If AI Is a Good or a Bad Thing

CYBERSECURITY ANALYTICS CYBER RISK CYBERSECURITY OPERATIONS CYBERSECURITY CAREERS NEWS Cyber Pros Can't Decide If AI Is a Good or a Bad Thing There is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI. Nate Nelson,Contributing Writer May 20, 2026 4 Min Read SOURCE: JOHN BINGHAM VIA ALAMY STOCK PHOTO It was the best of technologies, it was the worst of technologies. In a global survey conducted by ISC2, 16,029 cybersecurity professionals indicated that, among all emerging technologies, advancements in artificial intelligence (AI) will have the greatest positive impact on their ability to secure their organizations in the near future. In the same survey, they also suggested that AI is the emerging technology with by far the greatest negative impact on their organization's security outlook. It's an irony without contradiction. On one hand, industry pros are ravenous for anything with those two letters attached, falling over one another to integrate, appear to integrate, or even totally rebrand entire businesses around it. On the other hand, AI has already had a major impact on phishing, and experiments have demonstrated its utility in more sophisticated cyber operations, too. In some ways, the optimism around AI has even contributed to the pessimism, as organizations over-excitedly adopt risky AI products, or loosely tack agentic AI onto existing products, creating new issues for themselves. Related:What Will Make AI BOMs Real? AI Powers New Generation of Threats Some 52% of respondents rated AI among the most negative developments in cybersecurity. Behind it, if one can even call it a separate category, was agentic AI (34%). The only other entry that came close was another long-heralded but even more unproven threat: quantum computing (32%). More specifically, cyber pros appear to be most worried about AI's impact on social engineering. More than anything else in 2025, they reported having trouble dealing with AI-powered social engineering and the high fidelity of its deepfakes. Naturally, those same survey respondents expect it to continue being their biggest challenge in the coming couple of years. Respondents did leave themselves some wiggle room, reporting that their second biggest fear for the next couple of years was "risks of emerging technologies." Claude Mythos, which takes the threat of AI beyond social engineering, postdated the ISC2 study. Betraying the subjectivity of survey data, respondents tended to rate AI's impact on cybersecurity more positively or negatively, depending on AI's broader impact on their industry in general. For example, cybersecurity workers in consulting — an industry ransacked by AI — rated AI's impact on cybersecurity more negatively than any of their peers. Respondents in hands-on industries less directly threatened by AI — construction, agriculture, and automotive — were least likely to view its impact as negative. Related:76% of All Crypto Stolen in 2026 Is Now in North Korea Goodbye to Low-Value, Repetitive Tasks In another part of the survey, 41% of respondents told ISC2 that advancements in AI will be among the greatest boons for cybersecurity in the near future. Only automation (35%) and zero-trust network access (33%) ranked similarly high, with formerly trendy areas like extended detection and response (XDR) (19%) and blockchain (8%) trailing far behind. It could also be that folks are feeling better about AI now that they're getting more comfortable using it. ISC2 survey data released late last year showed that 41% of cybersecurity professionals were either in some way testing or evaluating AI in their workflows, and 28% of cybersecurity professionals were already AI-integrated. Most of those who've tried it have had positive experiences, with 63% reporting significant boosts to their productivity, and only 21% reporting no meaningful impact. Counterintuitively, survey respondents were most bullish about AI's potential impact on the cybersecurity job market. Two-thirds of respondents believed that AI will generate more technical and communications jobs in the industry. "It's going to get rid of some of those large dataset, highly repetitive, low-value tasks and bring you to decisions quicker," argues ISC2 chief information security officer (CISO) Jon France. "I think that's a net positive. If it frees up some of my time from analysis, into decision-making and into higher functions, then I'm not [losing] a job. I'm just focusing on something that's of higher value to me and my organization." Related:Do Ceasefires Slow Cyberattacks? History Suggests Not For France, AI replacing certain kinds of more menial cybersecurity work will help solve talent shortage problems for companies, without necessarily shrinking the job market. "It's also shown that some of the other skills that cyber pros have — probably less technical and more human-based — are now being valued higher. The ability to work in a team, to communicate complex business concepts, better critical thinking and logical thinking; these are things that are now more differentiating in the job market," he argues. Asked for his personal opinion about whether AI is having a positive or negative impact in cybersecurity, France says: "Yes." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and award-winning scriptwriter. In addition to Dark Reading he writes for Darknet Diaries, the most popular show in cybersecurity across all media. He began his career as a freelancer, ghostwriting Forbes and CNBC op-eds for executives in tech and finance. Then he transitioned to journalism at Threatpost, where he covered cybersecurity news and trends. Throughout those years he co-created a cybersecurity podcast, Malicious Life, which in its day climbed into the Top 20 technology podcasts charts on Apple Podcasts and Spotify. He holds degrees from New York University and Bard College. As a born and bred New Yorker, he enjoys a superiority complex, but is polite enough to keep it to himself. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management Access More Research Webinars AI-Powered Cybersecurity for Resource-Constrained Organizations AI-Powered Credential Security: Intelligence Without Exposure How Security Teams should apply Threat Intelligence into their Defenses Your Guide to Securing AI Adoption in Your Organization What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization? More Webinars You May Also Like CYBERSECURITY ANALYTICS In Cybersecurity, Claude Leaves Other LLMs in the Dust by Nate Nelson, Contributing Writer DEC 17, 2025 CYBERSECURITY ANALYTICS How Agentic AI Can Boost Cyber Defense by Jeffrey Schwartz DEC 04, 2025 CYBERSECURITY ANALYTICS Mideast, African Hackers Target Gov'ts, Banks, Small Retailers by Nate Nelson, Contributing Writer OCT 23, 2025 CYBERSECURITY ANALYTICS Commentary Section Launches New, More Opinionated Era by Becky Bracken OCT 10, 2025 Editor's Choice THREAT INTELLIGENCE From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber byDark Reading Editorial Team MAY 6, 2026 31 MIN READ CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... RSAC 2026: key news & insights At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more Get Your Recap Webinars AI-Powered Cybersecurity for Resource-Constrained Organizations THURS, JUNE 18, 2026, AT 1PM EST AI-Powered Credential Security: Intelligence Without Exposure WED, JUNE 17, 2026, AT 1PM EST How Security Teams should apply Threat Intelligence into their Defenses THURS, JUNE 11, 2026 AT 1PM EST Your Guide to Securing AI Adoption in Your Organization TUES, JUNE 9, 2026 AT 1PM EST What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization? WED, JUNE 3, 2026 AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS