AI is no longer a future concern; it’s the central challenge and opportunity shaping decision-making for top security leaders.
As per annual tradition, Team8’s 2025 CISO Village Survey captures the mindset of over 110 security leaders from some of the world’s most influential enterprises. As budgets evolve and new threats emerge, CISOs are rethinking priorities, redefining risk, and retooling the enterprise for an AI-native future.
The full report dives deep into the data, but here are some of the highlights:
The AI Security Arms Race is No Longer A Future Threat – It's Here
- One in four CISOs report experiencing an AI-generated attack in the past year. The real number may be even higher, as most AI-driven threats mimic human activity and are difficult to detect without advanced metrics like time to exploitation and velocity indicators.
- AI risk is the top security priority for 2025, outpacing vulnerability management, DLP, and third-party risk. Securing AI agents (37%) and employees’ use of AI tools (36%) ranked as the most urgent concerns.
- Nearly 70% of enterprises already have AI agents in production, with another 23% planning deployments in 2026. And despite a growing vendor landscape, 67% of these enterprises are building their own agents in-house.
With AI, CISOs Want Control Before They Enable
- Despite the strong pressure from the business to adopt AI, nearly 50% of organizations are still restricting or allow-listing AI tools for employees. The demand for effective “allow-by-default” controls is acute, as security teams grapple with shadow AI usage and the absence of enterprise-grade governance frameworks.
SOC Analysts Will Be AI’s First Disruption Target
- 77% of CISOs believe Security Operations Center (SOC) analysts will be the first roles replaced by AI. Nearly half said reducing headcount was a core driver for adopting AI-powered SOCs.
- Beyond the SOC, CISOs anticipate AI will replace manual labor in:
- Penetration testing (27%)
- Third-party risk assessments (27%)
- Identity provisioning and access reviews (24%)
- Threat modeling and design reviews (22%)
Best-of-Breed Makes A Comeback
- 60% of CISOs now prefer best-of-breed solutions over platform consolidation. This may signal a turning point in the “platformization” wave that has dominated the cybersecurity market in recent years.
- The takeaway? CISOs aren’t necessarily spending less, they’re demanding smarter ROI and won’t compromise tool quality for marginal cost savings.
Budgets are Still Growing, But Vendors Have to Work Harder for $$
- 52% of CISOs report a budget increase in 2025, down from 70% in 2024. While growth continues, macroeconomic pressures—rising tariffs, fiscal tightening, and a competitive talent market—are forcing security leaders to do more with less. We believe that the 2024 spike was a post-COVID correction, not a new baseline.
This slower growth trajectory, though still positive, strengthens the urgent need for vendors to demonstrate ROI, and fast.
Vulnerability Management Is Still A Significant Struggle
- Roughly 40% of CISOs say more than 40% of critical vulnerabilities remain unpatched within SLA.
- The key blockers? Headcount shortages (62%) and legacy systems or unavailable patches (32%).
Product Security Goes Mainstream: 50% of CISOs Are Adopting Product Security as a New Paradigm
- CISOs are expanding from traditional AppSec, focused on scanning code for bugs, to a broader Product Security model that embeds security across the full software lifecycle, from design to deployment. 36% have already built a dedicated product security program, and 23% plan to do so by 2026.
- Why? Because the hardest issues to detect today aren’t vulnerabilities – they’re business logic issues (37%), privacy and data leakage (20%) and design flaws (20%).
Click here to read the full report and explore how CISOs are building security into the future of enterprise AI.
Join the CISO Village
Team8’s CISO Village is a private community for cybersecurity executives. Learn more about joining here.
