Security leaders bet on AI governance while teams push threat detection and SOC automation
A new AWS report shows a clear split: executives prioritize AI-based security frameworks and governance, while technical teams focus on detection and automation. The survey of 2,800 technology and security decision-makers lays out where AI is already delivering value-and where adoption still hesitates.
Top priorities for reducing cyber risk
Leaders see frameworks as the fastest path to impact. Threat detection and DevSecOps follow, but governance leads the conversation.
- AI-based security frameworks: 40%
- AI-powered threat analysis: 23%
- DevSecOps: 17%
The emphasis on frameworks over detection signals a push to set clear guardrails and accountability. Meanwhile, technical teams are focused on integrating tools and workflows that put protection into daily operations.
Where AI is already in play
About a third of organizations are using AI agents today for identity management, threat monitoring, and automated incident response. These are practical use cases with measurable outcomes: fewer false positives, faster triage, and better coverage across cloud estates.
SOC automation: steady, not explosive
Adoption is inching forward. Thirty-five percent of organizations automate parts of SOC workflows today; 38% expect to do so within a year. Benefits are clear-earlier anomaly detection, faster containment, and less analyst fatigue as environments scale-but many teams are taking a cautious, staged approach.
The big blocker: AI risk in the cloud
Nearly 90% of respondents say security risks are a meaningful barrier to moving data to AI-enabled cloud platforms. The minority who aren't concerned tend to be early adopters with guardrails already in place.
Cloud migration: why some organizations stay on-prem
- Cybersecurity and privacy risks: 40%
- Integrating cloud with legacy infrastructure: 38%
- Cost concerns: 33%
Education and manufacturing are most likely to cite cyber and privacy concerns, followed by retail and energy utilities. The pattern is consistent: industries with complex data obligations and older systems move slower without strong governance and integration plans.
Action plan for CISOs, IT leaders, and developers
- Codify your AI security framework: Align policies and control objectives to recognized guidance such as the NIST AI Risk Management Framework and the NIST Cybersecurity Framework. Map them to your cloud services and data flows.
- Set guardrails early: Define model access, data classification, retention, and red-team requirements for AI features and agents. Make approvals, logging, and rollback part of the default pipeline.
- Prioritize two high-yield use cases: AI-assisted threat triage and identity anomaly detection. Start with contained pilots, measure mean time to detect/contain, then expand.
- Streamline SOC automation: Build playbooks for the top 5 incidents (phishing, credential abuse, public S3 exposure, suspicious IAM changes, malware alerts). Wrap automation with human-in-the-loop checkpoints.
- Integrate with DevSecOps: Add AI-driven code scanning and IaC policy checks to CI/CD. Gate promotions on risk scores rather than opinions.
- Measure what matters: Track coverage (controls enforced), precision/recall of detections, false positive rate, MTTR/MTTC, and analyst ticket load. Review weekly; prune low-value alerts.
- Upskill your team: Train analysts and engineers on AI agents, prompt hygiene, and incident playbook design. A focused path like an AI automation certification can accelerate adoption.
- Be vendor-pragmatic: Select tools that integrate with your identity stack, telemetry, and case management. Favor APIs, clear audit trails, and exportable data over black boxes.
Bottom line
Leaders want governance; practitioners need automation that actually reduces workload. Treat AI security like any other program: start with policy and data control, then deliver quick wins in detection and SOC workflows. Keep metrics honest, iterate, and expand only when value is proven.
Your membership also unlocks:
