AI Is Transforming Cybersecurity, but the Skills Gap Still Presents Significant Risk

AI Is Transforming Cybersecurity, but the Skills Gap Still Presents Significant Risk | Fortinet Blog

The score shown below reflects our evaluation of each vendor out of 10. For a detailed breakdown of why each vendor received their score, simply click on the vendor’s name in the table.

February 15, 2026

Artificial intelligence (AI) now sits at the center of modern cybersecurity strategy, accelerating threat detection, enabling automation, and helping security teams manage unprecedented volumes of data. However, AI also accelerates cybercrime by lowering the barrier to entry for attackers and amplifying the scale and sophistication of attacks.

The 2025 Global Cybersecurity Skills Gap report clearly captures this dual reality. AI is viewed simultaneously as a powerful opportunity, a growing challenge, and a rising source of risk. The differentiator is not whether organizations deploy AI—that’s a given—but whether they have the skills and policies in place to use it effectively.

AI Adoption Is Nearly Universal, but Expertise Is Not

AI adoption in cybersecurity is no longer aspirational. According to the report, 97% of organizations are using or plan to use AI-powered cybersecurity solutions. That level of adoption reflects both necessity and urgency, as threats have become faster, more automated, and harder to detect with manual methods alone.

Yet this widespread adoption masks a deeper issue: 48% of IT decision-makers say a lack of staff with sufficient AI expertise is the biggest challenge they face when implementing AI in cybersecurity. In other words, organizations are not struggling to buy solutions augmented with AI. They are struggling to use them well.

This gap matters because AI systems do not operate in isolation. They require tuning, validation, oversight, and integration into existing workflows, and critically, collaboration with other AI-enabled solutions. Without skilled professionals who understand both cybersecurity fundamentals and AI-driven systems, organizations risk misconfiguration, overreliance on automation, and false confidence in their defensive capabilities.

AI Accelerates Both Cybercrime and Defense

AI is reshaping both sides of the threat landscape. Security teams are using AI to improve detection, automate response, and enhance threat intelligence. At the same time, attackers are using AI to scale phishing campaigns, generate convincing social engineering content, and probe defenses more efficiently.

The report directly reflects this concern: 49% of respondents worry that AI use by bad actors will increase cybersecurity attacks. That concern is well-founded. AI-powered attacks are harder to detect, faster to execute, and often more personalized, placing greater pressure on already stretched security teams.

This dynamic reinforces a critical point: AI does not reduce the need for skilled professionals. It increases it.

AI Augments People. It Does Not Replace Them.

Despite fears about automation, the report shows strong consensus on AI’s role in the workforce. Eighty-seven percent of respondents believe AI will enhance some or most cybersecurity roles, while only 2% believe AI will replace cybersecurity jobs entirely. This finding is important because it reframes AI not as a workforce threat, but as a workforce amplifier.

AI is changing how security professionals work by shifting focus away from repetitive tasks and toward higher-value activities such as investigation, strategy, and decision-making. But that shift requires continuous upskilling. Professionals must understand how AI-driven tools work, where their limitations lie, and how to interpret outputs in real operational contexts.

AI adoption is not a story of workforce reduction. It’s a story of workforce transformation.

Where Organizations Want to Use AI Most

The report highlights where organizations see the greatest value in AI-enabled security capabilities:

Threat detection and prevention (66%)
Security automation (55%)
Threat intelligence (52%)

These areas are data-intensive and time-sensitive—exactly where AI can provide a meaningful advantage. But they are also areas where poor implementation or misinterpretation can introduce new risks. AI models must be trained, monitored, and aligned to organizational environments. Human judgment remains essential.

Employee Awareness Becomes More Critical in the Age of AI

AI-enhanced threats not only affect security teams. They increase the risk for every employee. That’s why 62% of leaders say they worry employees will fall for more AI-powered attacks, particularly highly convincing phishing and social engineering campaigns.

This elevates the importance of security awareness training. Traditional awareness programs focused on generic phishing examples are no longer sufficient. Training must evolve to include AI-generated threat scenarios, realistic simulations, and continuous reinforcement.

The skills gap report consistently shows that a lack of cybersecurity awareness remains a leading cause of breaches. And as AI-generated attacks become more sophisticated, awareness training will increasingly become a frontline control rather than a supporting measure.

AI-Aware Security Teams Are Now a Requirement

One of the clearest takeaways from the report is that AI-aware security teams are now a risk management requirement, not a nice-to-have. Organizations that deploy AI without corresponding investment in skills increase—not reduce—their exposure.

This is why training must bridge the AI skills gap at multiple levels:

Foundational understanding of AI concepts for security professionals
Role-based training on AI-enabled security tools
Awareness training for employees targeted by AI-driven attacks
Continuous learning as AI capabilities and threats evolve

AI alone will not close the skills gap. People, training, and certifications determine whether AI becomes an advantage or a liability.

Closing the AI Skills Gap with Training and Certification

Certifications remain one of the most trusted ways to validate cybersecurity expertise. The skills gap report shows that 89% of IT decision-makers prefer candidates with professional certifications, and 86% of organizations already employ certified professionals.

In an AI-driven security landscape, certifications serve several critical functions:

They validate a critical understanding of modern, AI-enabled security technologies.
They demonstrate the ability to keep pace with a rapidly changing threat environment.
They support structured progression as roles evolve alongside AI.

Training and certification programs that align with real-world roles help organizations ensure AI is deployed responsibly, effectively, and securely.

AI Security Success Starts with People

The 2025 Global Cybersecurity Skills Gap report reinforces a consistent message: AI is already embedded in cybersecurity. The differentiator from here is human expertise.

Organizations that invest in AI technologies without investing in the people who manage them will struggle to realize value and may actually increase risk. Those that actively pair AI adoption with training, awareness, and certification, on the other hand, are better positioned to improve detection, reduce response times, and strengthen resilience.

As AI reshapes the cybersecurity landscape, closing the skills gap requires a deliberate focus on people, skills, and preparedness, not just technology. And Fortinet is addressing the skills gap head-on. With more than 50 integrated solutions in the Fortinet Security Fabric and one of the industry’s broadest training and certification programs through the Fortinet Training Institute, Fortinet is empowering organizations and individuals alike, expanding access to cybersecurity awareness, advancing professional skills, and strengthening the global cyber workforce.

To explore how AI, skills shortages, and workforce readiness intersect, and what organizations are doing to address them, download the 2025 Global Cybersecurity Skills Gap report.