Enterprise AI Security Training Surges as Threat Profile Shifts
Organizations are accelerating AI security training and workforce development as new attack vectors emerge, according to separate research from Hack The Box and ISC2. The studies reveal a workforce split between teams equipped to operate with AI and those falling behind-a gap that directly translates to organizational risk.
Hack The Box analyzed anonymized data from more than 702,000 cybersecurity professionals across 251 countries. The findings show AI penetration testing now ranks fourth globally among cybersecurity training priorities, with enterprise-led AI security training completion rates reaching 64% in late 2025.
Prompt Injection and Agentic AI Top Threat Concerns
Prompt injection attacks accounted for 29% of solved AI-related security challenges on Hack The Box's platform, followed by machine learning model exploitation at 24% and agentic AI hijacking at 12%. These categories reflect direct threats to AI models and autonomous systems rather than traditional infrastructure attacks.
ISC2's separate study of 16,029 cybersecurity professionals found that AI-powered social engineering ranks as the top immediate challenge, cited by 51% of respondents. That concern rises to 57% when professionals look ahead two years.
AI as Both Asset and Liability
The research reveals conflicting views on AI's security impact. Among ISC2 respondents:
- 52% said AI will have the greatest negative impact on security
- 41% said AI will have the greatest positive impact
- Agentic AI ranked as both a top-five positive and negative influence for the first time
When asked which technologies will most improve security, respondents ranked AI first at 41%, followed by automation at 35% and zero trust at 33%. Yet AI also topped the list of technologies with the most negative potential impact.
Workforce Structure Shifting
Both studies found that offensive and defensive security skill development are increasingly overlapping. Defensive practitioners now participate in offensive training exercises, while offensive security professionals build defensive expertise. This blended approach reflects how teams must now operate across both attack and defense domains.
The research points toward clear priorities for security leaders: invest in AI security skills, establish continuous hands-on training programs, and expand global talent pipelines. For teams without these capabilities, the gap will widen as AI-enabled attacks become more sophisticated.
Organizations seeking to close this gap should consider structured learning paths. The AI Learning Path for Cybersecurity Analysts covers threat detection and AI-powered attack vectors directly relevant to these emerging risks. Additionally, understanding Prompt Engineering is essential, given that prompt injection attacks now represent nearly a third of AI security challenges.
Your membership also unlocks:
