The maturation of AI has ensured that the cybersecurity landscape has changed forever. As AI-driven threats gain increasing prominence, enterprises have responded: two-thirds of organizations now deploy AI and automation across their Security Operations Center (SOC) environments to combat these and other threats.
Beyond the SOC, businesses have adopted a ‘do it now’ approach with AI across the business. 89% of enterprises have deployed AI tools in 2025, and budgets are growing by 75% in 2026. Enterprise AI is expanding faster than the security layer around it, especially the layers for agents, data leakage and governance. Ungoverned AI systems are more likely to be breached, and the breaches are more costly when they happen.
This altered landscape necessitates a major shift in the skills that security professionals need to manage such environments and guard against threats. AI-era security talent must have not just cybersecurity expertise, but a solid foundation in data science and AI governance – skills that can help enterprise security teams anticipate and combat the next AI-driven threat.
A paucity of the right talent
There are 4.8 million unfilled cybersecurity jobs globally, with a severe shortage of experts who can defend against AI/ML attacks and secure AI systems. The question is not just about how many people the security organization has, it’s about what they know.
Security professionals traditionally build expertise in areas such as security risk management, network security, identity and access management and endpoint security – hard skills gained over years, sometimes decades, in building infrastructure, protocols and teams that safeguard the enterprise.
Such roles are now struggling to keep pace with the speed and complexity of AI-driven environments, and to scale autonomous, AI-powered defenses. AI systems are non-deterministic and adaptive, with behaviors and attack surfaces evolving over time. The tools and defense mechanisms to tackle them are significantly different from those of a typical SOC.
For example, many SOCs have invested in AI-powered Security Information and Threat Management (SIEM) and Extended Detection and Response (XDR) tools to combat sophisticated phishing campaigns and automated attack sequences, which are becoming harder to distinguish from legitimate activity. However, SOC analysts don’t always fully understand how these tools work under the hood, leading to a costly ‘power up’ that does not provide a value-add.
On the other hand, AI-trained data scientists and governance specialists bring vital skills in how AI works (including in the latest technologies), in structuring oversight, and aligning it with risk and regulation. But they may have very little exposure to managing complex security risks and lack the necessary adversarial and operational thinking.
This paucity leaves organizations grappling with talent shortages.
Redefine talent strategies to bridge the gap
Organizations need to redefine talent strategies and accelerate cross-disciplinary upskilling, or risk deploying advanced security systems they do not fully understand or trust. In an AI-first world, the biggest vulnerability may be the lack of talent required to operate and secure these systems.
Analysts recommend building T-shaped ‘cyber-AI’ talent: professionals with deep security expertise plus working AI fluency, that will help them understand both the attack surface and the models behind the tools. One of the key ways to do this is to upskill current security talent first, using role-specific learning paths instead of generic AI training, as AI security gaps vary across SOC, application security, cloud, governance, risk and compliance and engineering teams.
Enterprises must also deploy continuous learning programs for employees, because AI threats, controls and tool chains change quickly, and one-time training goes stale fast. The programs must emphasize hands-on training over theory, and include learning methodologies such as red teaming, threat modeling, secure agent testing and incident simulations tied to real enterprise workflows.
Design new talent pipelines
Beyond retooling, human resources leaders can redesign the entire pipeline of talent feeding the security apparatus. Start with redefining entry-level work, ensuring the newest team members get real investigative and operational experience, even as automation absorbs routine tasks. Tie training to actual controls and environments, such as the enterprise’s AI gateway, SOC tooling, cloud stack and identity systems. Design apprenticeship training programs for new employees.
Larger enterprises can plan internal academies that provide training in AI security, especially for critical areas such as prompt-injection defense, agent governance and AI observability.
The role of building a security culture within the enterprise cannot be understated. Rotation programs that bring high-potential staff into the SOC – as well as in cloud security, data governance and AI-risk roles – can help foster organizational security judgment and build the much-needed AI context.
As security professionals upskill into AI-related domains, it is essential that they see a career path within the organization rather than outside. Management must undertake programs that reward internal mobility, whether via certifications or special assignments. Take care to retain talent, with meaningful work. Progressions and career paths must be visible to all personnel. AI-security professionals are in high demand and could leave if the role feels stagnant.
Another key stratagem: leverage the power of AI itself. Pair human defenders with AI copilots, using automation to increase throughput while preserving human judgment for escalation, policy and adversarial thinking.
Change the operating model
When building a workforce for a new paradigm, leaders must assess skills by task, not title. This can help them identify who can do AI threat modeling, model validation, secure prompt engineering or AI incident response.
It helps to take an enterprise-wide view of security. Make security, data, engineering and HR share ownership of the pipeline, because analysts emphasize that the challenge is organizational as much as technical.
Get started
Enterprises need a strategic refresh in hiring for their security teams with a view towards building the much-needed security-AI talent pipeline.
A 90-day plan can be a practical starting point. SOC leaders can start by assessing the current skills of their teams vis-à-vis the requirements of the organization. Next, they must work with recruitment specialists to define the essential five to seven security-AI role profiles for the organization. All pipeline building activities can center around how to staff up for these roles and nurture the talent. Organizations can look to set up a hands-on academy and partner with a university or skilling vendor as pertinent, for continuous training programs run with the larger vision in mind.
Executing such a plan does more than fix the hiring pipeline – it ensures that human expertise keeps pace with the technology it’s meant to govern.
