Sign in Subscribe
13 min read AI

AI Cybersecurity Statistics 2026 (Q1+Q2)

Based solely on the fact that we have confidently tagged >50% of the 10,000+ cybersecurity statistics in a database with the term “AI,” artificial intelligence is definitely the biggest meta trend in cybersecurity in the last decade.

This blog post is our attempt to give you a pulse check on AI in cybersecurity in the first two quarters of 2026. To do that, we’ve collated over 200 statistics from 40+ separate sources that were published between Q1 and Q2 2026 that speak to the impact (positive and negative) that AI is having on the cybersecurity industry, people’s jobs, and the threats and defenses. 

AI cybersecurity TL;DR: AI has mostly had a negative impact on cybersecurity so far. Yeah, that's what our data shows. For example, AI fraud surged 1,210% in 2025, yet only 11% of enterprises have security tools specifically designed to protect AI systems. Agentic AI is racing into production (very few organizations are securing it), deepfake attacks are up 880%, and AI code has consistently been shown to introduce vulnerabilities into production. 

Note: For a weekly feed of live cybersecurity statistics, subscribe to our free cybersecurity newsletter

In the table below, we give you 15 AI in cybersecurity statistics at a glance, while the rest of this piece has a further 185 cybersecurity statistics about AI. Note that we curated these from over 2,000 statistics about AI we collected in the same period. You can get the full list when you subscribe to our newsletter.

AI in Cybersecurity Statistics 2026 at a Glance

METRIC

STATISTIC

SOURCE

Enterprises with AI-specific security tools

11%

Pentera

AI fraud surge in 2025

1,210%

Pindrop

Deepfake attack increase in 2024

880%

Pindrop

CISOs with limited AI visibility

67%

Pentera

Enterprises with dedicated AI security budget

1%

Pentera

Security leaders concerned about AI infrastructure risk

85%

Teleport

Organizations using AI in SOCs

99%

Tines

Hackers using AI in workflows

82%

Bugcrowd

Organizations evaluating or deploying agentic AI

79%

Teleport

Enterprises already using AI agents

65%

CrewAI

Sensitive data movements into AI tools

39.7%

Cyberhaven Labs

AI-related vulnerabilities involving APIs

36%

Wallarm

MCP vulnerability growth (Q2 to Q3 2025)

270%

Wallarm

Organizations lacking AI agent governance

68%

Keyfactor

Phishing emails showing AI assistance

45%

StrongestLayer

AI-Powered Fraud and Deepfakes

Probably the first “AI-powered” threat to emerge was fraud, i.e., deepfakes. In 2026, the data we have shows that AI-generated fraud continues to grow to become more of a problem than it was in 2025/2024, with no real signs of slowing down. 

Statistics about the AI fraud surge

  • AI fraud surged 1,210% in 2025 (Pindrop). 
  • Non-AI fraud increased by 195% by the end of 2025 (Pindrop).
  • Deepfake attacks increased by 880% in 2024 (Pindrop).
  • Humans detect AI-generated content only about 50% of the time (Pindrop). 
  • A major U.S. healthcare provider experienced over 15,000 unique bot fraud calls since the summer of 2025 (Pindrop). 
  • A U.S. healthcare provider faced over $40 million in account exposure related to fraudulent AI bot calls in 2025 (Pindrop).

AI-enabled fraud threat statistics

  • 88% of internal audit leaders identify AI-powered phishing attacks as a top risk (Internal Audit Foundation and AuditBoard).
  • 65% of internal audit leaders identify fabricated invoices or financial documents as a leading AI-enabled fraud threat (Internal Audit Foundation and AuditBoard).
  • 58% of internal audit leaders identify automated social engineering as a leading AI-enabled fraud threat (Internal Audit Foundation and AuditBoard).
  • 45% of internal audit leaders identify deepfake audio or video impersonation as a leading AI-enabled fraud threat (Internal Audit Foundation and AuditBoard).
  • 29% of internal audit leaders are concerned about forged contracts or legal documents created using AI (Internal Audit Foundation and AuditBoard).
  • 28% of internal audit leaders are concerned about fabricated job applications or employee profiles created with AI (Internal Audit Foundation and AuditBoard).
  • 27% of internal audit leaders are concerned about synthetic identity fraud enabled by AI (Internal Audit Foundation and AuditBoard).

AI fraud preparedness statistics

  • Fewer than 40% of internal audit leaders believe their internal audit function is adequately prepared to detect AI-enabled fraud (Internal Audit Foundation and AuditBoard).
  • 58% of internal audit leaders view AI-enabled fraud as a moderate risk, while 27% view it as a high risk (Internal Audit Foundation and AuditBoard).
  • 57% of internal audit leaders identify a lack of appropriate technology or tools as a primary barrier to improving AI-enabled fraud preparedness (Internal Audit Foundation and AuditBoard).
  • 55% of internal audit leaders identify insufficient staff with relevant skills or expertise as a primary barrier (Internal Audit Foundation and AuditBoard).
  • 46% of internal audit leaders cite limited financial budgets as a barrier to AI-specific risk management efforts (Internal Audit Foundation and AuditBoard).
  • Only 26% of internal audit functions investigate and document AI's role in fraud incidents (Internal Audit Foundation and AuditBoard).

Statistics Around Cybersecurity Gaps Created By AI

The biggest paradox we see in the data around AI is that threat actors have moved very fast to adapt it, and vendors have moved very fast to integrate it. However, actual useful outcomes for defenders are happening much more slowly. 

AI cybersecurity budget and resource statistics

  • Only 1% of enterprises have a dedicated AI security budget (Pentera).
  • 21% of enterprises plan to introduce a dedicated AI security budget (Pentera).
  • 78% of enterprises fund AI security through existing security budgets (Pentera).
  • 40% of organizations are increasing their overall identity and security budgets to accommodate AI agents (Cloud Security Alliance).

Statistics about AI cybersecurity tools and visibility impacts

  • Only 11% of enterprise CISOs have security tools specifically designed to protect AI systems (Pentera).
  • 75% of CISOs report their enterprises rely on extending controls originally designed for other attack surfaces to cover AI (Pentera).
  • 67% of CISOs report limited visibility into how AI is used across their environment (Pentera).
  • 48% of CISOs list limited visibility into AI usage as a top AI security challenge (Pentera).
  • 44% of CISOs acknowledge their AI security posture lags behind the rest of their security program (Pentera).
  • 36% of CISOs report insufficient AI-specific security tools as a top challenge (Pentera).
  • 50% of CISOs cite lack of internal expertise as a top AI security challenge (Pentera).

AI security incident statistics

  • 59% of security leaders report having experienced or strongly suspect an AI-related security incident (Teleport).
  • Organizations with over-privileged AI systems have a 76% incident rate, compared to 17% for organizations with least privilege controls (Teleport).
  • Enterprises deploying AI systems with excessive permissions experience 4.5x more security incidents (Teleport).
  • Relying on static credentials for AI systems correlates with a 20-percentage-point increase in incident rates (Teleport).
  • Organizations most confident in their AI deployments experience more than twice the incident rate of less confident peers (Teleport).

Statistics About Agentic AI In Cybersecurity

Agentic AI broadly describes AI systems that act autonomously with minimal human oversight. This is the fastest-moving trend in enterprise technology right now (Q2 2026. Blue teams are using agentic solutions at a slower rate than attackers.

Agentic AI in cybersecurity adoption statistics

  • 100% of enterprises plan to expand agentic AI adoption in 2026 (CrewAI).
  • 81% of enterprises have fully adopted or are actively scaling agentic AI across teams (CrewAI).
  • 79% of organizations are evaluating or deploying agentic AI, yet only 13% feel highly prepared for it (Teleport).
  • 74% of enterprises view deploying agentic AI into production as a critical priority or strategic imperative (CrewAI).
  • 65% of enterprises are already using AI agents today (CrewAI).
  • Organizations expect a 33% average expansion in agentic AI adoption in 2026 (CrewAI).
  • 87% of security professionals say integrating agentic AI is a priority for their teams (Ivanti).
  • 85% of organizations are already using or piloting agentic AI (Omada).

Agentic AI cybersecurity risk statistics

  • 85% of security leaders are concerned about AI-related infrastructure risk (Teleport).
  • 70% of security leaders say AI systems have more access than a human in the same role (Teleport).
  • 67% of organizations rely on static credentials for AI systems (Teleport).
  • 43% of organizations say AI makes infrastructure changes without human oversight at least monthly (Teleport).
  • 7% of organizations don't know how often AI is making autonomous infrastructure changes at all (Teleport).
  • Only 3% of organizations have automated, machine-speed controls governing AI behavior (Teleport).

Agentic AI governance and compliance statistics

  • 84% of organizations doubt they can pass a compliance audit focused on agent behavior or access controls (Cloud Security Alliance).
  • 69% of security leaders agree identity management must fundamentally change to support AI safely (Teleport).
  • Only 28% of organizations can reliably trace agent actions to a human or system across all environments (Cloud Security Alliance).
  • Only 21% of organizations maintain a real-time registry or inventory of their agents (Cloud Security Alliance).
  • 18% of IT and security professionals are highly confident their current IAM systems can manage agent identities effectively (Cloud Security Alliance).
  • Over 70% of organizations expect to manage dozens to hundreds of agents within the next 12 months (Cloud Security Alliance).
  • 34% of enterprises cite security and governance as the top evaluation factor for agentic AI platforms (CrewAI).

Statistics About How AI Is Used In Cybersecurity Operations

Almost everyone is “using AI,” but the transition from cybersecurity AI-related experimentation to real operational impact is getting very uneven in 2026.

SOC AI adoption statistics

  • 99% of security operations centers use AI (Tines).
  • 97% of IT, security, risk, and compliance professionals report using AI to streamline their work (Hyperproof).
  • 90% of security leaders say AI/ML is extremely or very valuable in reducing alert fatigue and improving detection accuracy (Sumo Logic).
  • 87% of defenders expect to increase AI use, primarily to replace legacy detection and response tools (Vectra AI).
  • 76% of defenders say AI agents or AI assistants now handle more than 10% of their workload (Vectra AI).
  • 67% of defenders say AI-powered tools have positively impacted threat identification and response (Vectra AI).
  • 63% of defenders want AI agents to handle alert triage and investigations (Vectra AI).

Cybersecurity AI use case statistics

  • 53% of security teams utilize AI for cloud security policy enforcement (Ivanti).
  • 44% of security teams use AI for incident response workflows (Ivanti).
  • 43% of security teams use AI for threat intelligence correlation (Ivanti).
  • 42% of security teams use AI for vulnerability response and remediation (Ivanti).
  • Security teams rate AI as highly effective for threat detection (61%), identity and access monitoring (56%), and compliance (Tines).
  • Security professionals are 5.5 times more likely to believe defenders will use AI as effectively as, or more effectively than, attackers (Ivanti).

Statistics about obstacles to scaling AI in cybersecurity operations

  • 35% of security professionals identify security and compliance concerns as obstacles to scaling AI and automation (Tines).
  • 32% of security professionals identify limited resources as an obstacle (Tines).
  • 31% of security professionals identify integration gaps between tools as an obstacle (Tines).
  • Top AI-related cybersecurity concerns are data leakage through copilots and agents (22%), and third-party and supply chain risk (Tines).

AI-Generated Code and Developer Security Statistics 

AI coding assistants are a security team's best friend (sometimes), but overall, they’re a CISO’s worst nightmare because they introduce whole new avenues of vulnerabilities that security teams are scrambling to address.

Cybersecurity statistics about AI-generated code adoption rates 

  • 96% of developers use AI-assisted tools to build mobile apps and SDKs (Guardsquare).
  • By the end of 2025, AI coding assistants reached a 90% adoption rate across enterprises (Opsera).
  • In companies leading in AI adoption, nearly 90% of developers use AI coding assistants (Cyberhaven Labs).
  • In a typical organization, about 50% of developers use AI coding assistants (Cyberhaven Labs).
  • GitHub Copilot holds a 60-65% market share among AI coding tools (Opsera).
  • Developers at frontier companies are 11.5x more likely to use AI coding assistants than developers in low-adoption environments (Cyberhaven Labs).
  • 30% of developers using AI coding assistants reported using at least two assistants (Cyberhaven Labs).

Statistics about cybersecurity risks and vulnerabilities created by AI-generated code 

  • 81% of developers say AI-generated code has introduced new vulnerabilities (Guardsquare).
  • More than half of developers are uncertain how to properly secure AI-written mobile applications (Guardsquare).
  • Code duplication increases from 10.5% to 13.5% when using AI coding assistants (Opsera).
  • 68% of organizations lack full visibility or governance over AI-generated code (Keyfactor).
  • Almost 20% of developers let AI automatically save changes to the main code repository without human review (UpGuard).
  • One in five developers grants AI agents permission for unrestricted file deletion (UpGuard).
  • One in five developers grants AI code agents unrestricted access to perform high-risk actions without human oversight (UpGuard).
  • 14.5% of AI agent configuration files grant arbitrary code execution permissions for Python (UpGuard).
  • 14.4% of AI agent configuration files grant arbitrary code execution permissions for Node.js (UpGuard).

Statistics about Model Context Protocols (MCPs) and supply chain risks

  • In MCP registries, for every server provided by a verified vendor, there are up to 15 lookalike servers from unverified sources (UpGuard).
  • In 2025, 14% of published AI vulnerabilities were MCP-related, totaling 315 vulnerabilities (Wallarm).
  • MCP vulnerabilities grew 270% from Q2 to Q3 in 2025 (Wallarm).

Shadow AI and data leakage cybersecurity statistics

“Shadow AI” emerged from nowhere to become a term that most security leaders are well aware of in 2026. 

Statistics about unsanctioned AI usage

  • 61% of organizations report the use of unsanctioned AI tools, creating significant visibility and governance gaps (JumpCloud).
  • 70% of operational management professionals reported using ungoverned AI tools (SmartSheet).
  • 32.3% of ChatGPT usage occurs through personal accounts (Cyberhaven Labs).
  • 24.9% of Gemini usage occurs through personal accounts (Cyberhaven Labs).
  • The percentage of AI users utilizing personal AI applications decreased from 78% to 47% from 2024 to 2025 (Netskope).
  • The top 1% of early adopter organizations use more than 300 GenAI tools (Cyberhaven Labs).

Cybersecurity data policy violation statistics 

  • 39.7% of all data movements into AI tools involve sensitive data (Cyberhaven Labs).
  • The average employee enters sensitive data into AI tools once every three days (Cyberhaven Labs).
  • The average organization experienced 223 incidents of data policy violations related to generative AI applications each month (Netskope).
  • The top 25% of organizations experienced an average of 2,100 data policy violation incidents per month (Netskope).
  • The average organization saw a twofold increase in data policy violations related to generative AI applications over the past year (Netskope).
  • 17% of prompts include copy/paste and/or file upload activity (Nudge Security).

Statistics about the governance of AI agents

  • Only 26% of organizations have fully documented and enforced AI governance policies (SmartSheet).
  • 50% of organizations have formal, active AI policies in place, and 42% are actively developing AI governance frameworks (Tines).
  • 50% of cybersecurity professionals have implemented AI-specific governance measures (Keyfactor).

AI-Powered Phishing and Email Threat Statistics

The absolute largest outcome of AI on the threat side has been way worse phishing, which is personalized, frequent, and harder to detect at a level unseen before. 

The Scale of AI-Assisted Phishing

  • In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024's pace of one every 42 seconds (Cofense).
  • Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75-95% within the next 12-18 months (StrongestLayer).
  • In 2025, attacks leveraging generative AI were reported in 10% of phishing attacks (Barracuda).
  • 100% of advanced email threats bypassed incumbent email security, including Microsoft E3/E5 and leading secure email gateways (StrongestLayer).
  • 82% of malicious files have unique hashes that traditional pattern-matching fails to detect (Cofense).
  • 76% of initial infection URLs in analyzed phishing attacks were unique (Cofense)

Business email compromise statistics 

  • In Q4 2025, Business Email Compromise accounted for 51% of all email fraud cases (VIPRE Security Group).
  • Impersonation made up 82% of all BEC incidents in Q4 2025 (VIPRE Security Group).
  • CEOs and senior executives accounted for 50% of impersonation-based BEC emails (VIPRE Security Group).
  • Callback phishing increased from 3% to 18% of all phishing incidents in Q4 2025, a 500% spike (VIPRE Security Group).
  • Conversational attacks comprise 18% of all malicious emails (Cofense).
  • Abuse of legitimate remote access tools increased by 900% by volume (Cofense).

Statistics about AI-specific phishing worries 

  • 48% of security teams report blind spots around prompt injection chains or tool-chaining abuse in AI-native applications (Rein Security).
  • 93% of CISOs and AppSec executives are ready to replace or purchase new AI-native application protection (Rein Security).
  • 77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google (StrongestLayer).
  • DocuSign accounted for more than 20% of all advanced email attacks analyzed (StrongestLayer).

AI Vulnerabilities and API Cybersecurity 2026 Statistics

As AI has built a totally new attack surface - the Model Context Protocol (MCP) ecosystem.

  • In 2025, 36% of AI-related vulnerabilities involved APIs, totaling 786 of 2,185 AI-related vulnerabilities (Wallarm).
  • 36% of AI-related Known Exploited Vulnerabilities (KEVs) involved an API attack surface (Wallarm).
  • In 2025 breach data, AI platforms and tooling accounted for 15% of API-related breaches (Wallarm).
  • 315 MCP-related vulnerabilities were published in 2025, representing 14% of all AI vulnerabilities (Wallarm).
  • MCP vulnerabilities grew 270% from Q2 to Q3 in 2025 (Wallarm).
  • 82% of hackers now use AI in their workflows, up from 64% in 2023 (Bugcrowd).
  • In 2025, an AI agent placed in the top 5% of teams in a major cybersecurity competition (International AI Safety Report).

Enterprise AI Adoption and Maturity In 2026

AI adoption is near-universal, but these 2026 statistics show that true maturity remains rare. 

Statistics about the true scale of AI adoption in cybersecurity

  • 99.6% of organizations are moving toward AI (JumpCloud).
  • 99% of organizations report using AI in business (Vention).
  • 97% of organizations say AI brings real value (Vention).
  • 92% of organizations have near-term AI initiatives in production infrastructure (Teleport).
  • 90% of leaders see productivity gains from AI (JumpCloud).
  • Global AI spending is projected to reach $1.5 trillion, with hardware and infrastructure accounting for 59% of total investment (Vention).
  • At least 700 million people use leading AI systems weekly (International AI Safety Report).

Cybersecurity AI maturity gap statistics

  • 40% of organizations believe they are AI mature, but only 22% possess the objective IT foundation required to scale AI securely (JumpCloud).
  • 74% of leaders remain concerned about security risks from AI (JumpCloud).
  • 85% of IT leaders agree that secure identity and access management is critical for scaling AI safely (JumpCloud).
  • Approximately 21% of AI tool licenses are underutilized (Opsera).
  • 56% of enterprise leaders classify AI-related risks to their critical data as moderate to extreme (Arelion).

Cybersecurity AI tool landscape statistics

  • OpenAI is present in 96% of organizations, with Anthropic present in 77.8% (Nudge Security).
  • Among the most active chat tools, OpenAI accounts for 67% of prompt volume (Nudge Security).
  • Meeting intelligence tools Otter.ai and Read.ai are present in 74.2% and 62.5% of organizations, respectively (Nudge Security).
  • Agent tools Manus, Lindy, and Agent.ai are present in 22%, 11%, and 8% of organizations,  respectively (Nudge Security).

Statistics about sector-specific adoption of AI in cybersecurity 

  • 82% of credit unions are implementing AI (Wipfli).
  • 67% of banks are implementing AI, while only 16% have an enterprise-wide AI roadmap (Wipfli).
  • 52% of enterprises report meaningful impact from agentic AI in IT (CrewAI).
  • 57% of public sector agencies are actively exploring and learning about AI, while only 1.6% report broad deployment (Euna Solutions).
  • Healthcare and insurance enterprises lag technology and startup sectors in AI coding assistant adoption (Opsera).

AI Identity and Access Management

Our data shows that as AI agents multiply, identity and access management must become one of the fast-moving spaces in cybersecurity.

  • 86% of cybersecurity professionals agree that AI agents will require entirely new approaches to digital identity management (Keyfactor).
  • 85% of cybersecurity professionals expect digital identity volume to increase dramatically due to AI agents (Keyfactor).
  • 69% of cybersecurity professionals believe that verifying the authenticity of AI-generated code will be a major security challenge (Keyfactor).
  • 55% of security leaders say their C-suite is not adequately prepared for the identity challenges AI agents will bring (Keyfactor).
  • 9 in 10 organizations are piloting or using AI in IAM, yet only 7% have organization-wide AI governance strategies for identity (ManageEngine).
  • Over 60% of organizations cite automating identity lifecycle processes and scaling identity operations as their primary motivation for adopting GenAI (Omada).

Sources: This article compiles statistics from 40+ industry reports including Pentera AI Security & Exposure Benchmark 2026, Teleport 2026 Infrastructure Identity Survey, CrewAI State of Agentic AI 2026, Cyberhaven Labs 2026 AI Adoption & Risk Report, Cloud Security Alliance Securing Autonomous AI Agents, Pindrop The Year Trust Broke, Wallarm API ThreatStats Report 2026, Cofense The New Era of Phishing, Internal Audit Foundation and AuditBoard, Ivanti 2026 State of Cybersecurity Report, Tines AI in Security Operations, UpGuard YOLO Mode Report, Bugcrowd Inside the Mind of a Hacker, Keyfactor AI Agent Security Research, JumpCloud AI Maturity Report, Vectra AI State of Threat Detection 2026, and various other industry publications.