73% of Security Teams Say AI Threats Are Real. Half Feel Unprepared. Now What?
I've written about the AI agent identity crisis and the Moltbook breach over the past few days. Both posts focused on the attack side: what can go wrong when AI agents run wild.
But there's another side to this story. The defender side.
And according to fresh data from Darktrace, it's not looking good.
What do the readiness numbers actually say?
Darktrace's State of AI Cybersecurity 2026 reports two numbers that together explain the present state of the industry. 73% of security professionals say AI-powered threats are already having significant impact on their organisation — not future risk, present reality. Nearly half of those same professionals say they feel unprepared to defend against AI-driven attacks. The gap between perceived threat and perceived capability is the operational definition of the AI security readiness gap.
73% of security professionals say AI-powered threats are already having a significant impact on their organization.
Not "might have impact someday." Not "we're concerned about future risks." Already. Right now. Today.
But here's the kicker: nearly half of those same professionals feel unprepared to defend against AI-driven attacks.
Three quarters of security teams know the threat is real. Only half think they can handle it. That gap is where breaches happen.
The readiness gap
I call it the readiness gap. The distance between knowing something is a problem and being able to do anything about it.
In traditional security, this gap exists but it's usually manageable. You know ransomware is a threat, so you segment networks and backup data. You know phishing is a problem, so you train users and deploy email security.
But AI threats are different. They move faster. They adapt. They scale in ways that human attackers can't.
And the tools to defend against them? Still catching up.
What is actually changing about the threat landscape?
The new properties of AI-augmented threats split into four categories: faster evolution (variants in hours, not weeks), per-target personalisation (custom social engineering at no marginal cost), AI-system attack surface (prompt injection, data poisoning), and synthetic media (voice and video deepfakes that already produce real fraud losses). Each shifts the cost equation in the attacker's favour, and each requires a different control to address.
Speed of evolution. A traditional threat actor might take weeks to develop a new phishing campaign. An AI-assisted attacker can generate thousands of variations in hours. Test them. Learn what works. Iterate.
Personalization at scale. Spear-phishing used to be expensive. You needed someone to research the target, craft a believable message, make it feel personal. AI does this automatically. Every target gets a custom-tailored attack. No extra effort required.
Exploitation of AI systems themselves. We're not just talking about attackers using AI. We're talking about attackers targeting the AI systems you've already deployed. Prompt injection, data poisoning, model manipulation. Attack surfaces that didn't exist two years ago.
Deepfakes and synthetic media. Voice cloning is getting scary good. We've already seen cases of CFO deepfakes authorizing wire transfers. It's only going to get worse.
Threat shift summary
| Threat property | Traditional baseline | AI-augmented 2026 reality |
|---|---|---|
| Phishing variant production | Days to weeks per campaign | Thousands of variants per hour |
| Personalisation cost | Manual research per target | Automated per-target generation |
| Attack surface | Networks, endpoints, identities | + Models, prompts, training data |
| Synthetic media | Marginal, costly | Voice/video deepfakes at zero marginal cost |
| Defence playbook maturity | Years of IR experience | Mostly improvised |
Why teams feel unprepared
The Darktrace survey didn't just measure fear. It measured capability gaps. And the patterns are revealing.
Tool fatigue. Security teams are drowning in alerts. Adding AI-focused tools often means adding more noise. More dashboards. More things to monitor. More skills to develop. The promise of AI-powered defense is offset by the reality of yet another system to manage.
Skill gaps. Understanding traditional threats is hard enough. Understanding AI threats requires a different knowledge base. Prompt engineering. Model behavior. Training data vulnerabilities. Most security teams don't have these skills. And hiring them is expensive.
Organizational inertia. Leadership gets the headlines about AI threats but doesn't always translate that into budget and headcount. "We already have a security team" is a common response. Never mind that the threat landscape just fundamentally changed.
No playbook. When ransomware hit, we had years of incident response procedures to draw from. AI threats are newer. The playbooks don't exist yet. Teams are improvising. That's stressful.
The CISO burden
Here's something that doesn't get discussed enough: this is exhausting for security leaders.
CISOs in 2026 are expected to understand traditional security, cloud security, application security, OT security, and now AI security. They're supposed to articulate risks to the board in business terms while also evaluating technical controls in engineering terms.
The scope keeps expanding. The budget rarely keeps pace. And the consequences of failure are personal. CISOs are the ones who get blamed when breaches happen. Even when they warned leadership. Even when they asked for resources.
Burnout in security leadership is real. The readiness gap isn't just a technical problem. It's a human one.
What should you actually do?
Six practical moves that compound: accept that perfect coverage is impossible (prioritise), shift detection from signatures to behaviour (scales with attacker variation), inventory your AI exposure (you cannot defend what you cannot see), modernise awareness training beyond phishing (deepfake voice and video matter now), join the AI security community (the playbook is being written in public), and use the data to push for resources (the readiness gap closes faster with funded headcount than with hope).
Accept that you can't solve everything. Seriously. The attackers have infinite time and creativity. You have limited resources and a day job. Prioritization isn't just helpful, it's mandatory. Focus on the AI threats most relevant to your organization, not every theoretical risk.
Build detection around behavior, not signatures. AI-generated attacks change constantly. Signature-based detection will miss most of them. Focus on anomaly detection. What does normal look like? What deviates from that? This approach works whether the threat is human or AI.
Inventory your AI exposure. Do you know all the AI systems in your environment? Shadow AI is real. Employees are signing up for ChatGPT, Claude, and a dozen other services. They're connecting these services to corporate data. You need visibility into this before you can defend it. The secure AI adoption walkthrough covers the Microsoft Purview + Defender for Cloud Apps stack for exactly this discovery.
Educate beyond phishing. Traditional security awareness training focuses on email links and attachments. That's table stakes now. Your users need to understand deepfakes, voice cloning, and AI-generated impersonation. Update your training.
Join the conversation. The AI security community is still forming. ISACs are starting to share intelligence. Vendors are building new detection capabilities. Researchers are publishing techniques. Stay connected. You can't defend against threats you don't know about.
Push for resources. That readiness gap is partly a budget gap. If your leadership understands AI is a real threat but hasn't funded your response, that's a conversation you need to have. Bring data, risk scenarios, and competitor incidents.
The bigger picture
I've been in this industry long enough to see cycles. New threat emerges. Panic. Tools proliferate. Market consolidates. Defenders catch up. New threat emerges.
AI security feels different because the threat and the defense are evolving simultaneously. We're building AI detection while attackers are building AI attacks. It's an arms race, and nobody knows who's winning.
But I do know this: the organizations that take it seriously now will be better positioned than those who wait. The readiness gap closes with action, not hope. The platform consolidation moves on the identity side (see the Palo Alto / CyberArk deal) and the early productionised SOC tooling (see AI agents in the SOC) are the two flanks worth tracking in 2026.
73% of security teams know AI threats are real. The question is whether yours is in the half that can actually respond.
A starting point: inventory the AI systems in your environment. Most teams I talk to are genuinely surprised by what they find.
Key takeaways
- 73% of teams say AI threats already impact them — yet roughly half feel unprepared to respond.
- Behaviour-based detection scales with AI-generated attack variation in a way signature-based detection cannot.
- Shadow AI is the prerequisite inventory problem — you cannot defend AI exposure you cannot see.
- Awareness training that stops at 'don't click links' fails against deepfake voice, video, and AI-generated impersonation.
- The CISO burden is real — closing the readiness gap is partly a budget and headcount conversation, not just a technology one.
FAQ
What is the AI security readiness gap?
The readiness gap is the difference between knowing AI-powered threats are real and being operationally able to defend against them. Darktrace's State of AI Cybersecurity 2026 quantifies it: 73% of security professionals say AI-driven attacks are already affecting their organisation, but roughly half of those same respondents report feeling unprepared to handle them. The gap is where successful AI-enabled breaches happen.
Why do AI threats feel different from traditional threats?
Four structural differences. Speed of evolution — AI lets an attacker generate and test thousands of phishing variants in hours. Personalisation at scale — every target can receive a custom-tailored message at no extra effort. Attack surface expansion — AI systems themselves (prompt injection, data poisoning, model manipulation) are now attackable. Synthetic media — voice and video deepfakes that have already produced fraudulent CFO-impersonation wire transfers. Each shifts the cost curve in the attacker's favour.
Why are most security teams unprepared?
Tool fatigue (security teams are already drowning in alerts, and AI-focused tools add more), skill gaps (understanding AI threats requires prompt engineering, model behaviour, and training-data knowledge that traditional security teams typically don't have), organisational inertia (leadership reads the headlines but rarely funds the response), and the simple absence of playbooks (AI threats are new enough that the documented IR procedures most teams rely on don't exist yet).
What's the single most effective control to close the gap?
Inventory and visibility. You cannot defend against AI exposure you cannot see. Most organisations have shadow AI usage they have never measured — employees with personal ChatGPT or Claude accounts connected to corporate data sources via OAuth or browser extensions. Defender for Cloud Apps or an equivalent CASB gives you the AI-app catalogue and usage telemetry, and that telemetry is the foundation for every other control (DLP, conditional access, awareness training).
Should detection still be signature-based?
Not as the primary line. Signature-based detection works against finite IOC sets; AI-generated attacks produce effectively unlimited variation in surface form. Behavioural detection — what does normal look like, what deviates — scales because the underlying behaviour (data exfiltration, lateral movement, credential abuse) is constrained by physics and intent even when the surface payload changes. Signatures still matter for the long tail of known-bad indicators, but they are not the whole strategy.
How does the CISO burden factor in?
Heavily. CISOs in 2026 are expected to cover traditional security, cloud, applications, OT, and now AI — while translating risk to the board in business terms and evaluating technical controls in engineering terms. Scope keeps expanding; budget rarely keeps pace; the consequences of failure are personal. Burnout in security leadership is a real component of the readiness gap. The technical and the human conversations are inseparable here.