ISC2 Report: AI Is ‘Double-Edged’ Sword of Cybersecurity

A new study from ISC2 has found that cybersecurity professionals now see AI as both their biggest opportunity and biggest threat. 

The findings point to a field at an inflection point, with teams moving to adopt AI for defense while preparing for more scalable, convincing AI-enabled attacks.

AI ranks as top security opportunity and threat

The research presented respondents with a list of emerging technologies and asked them to rank which would have the greatest positive impact on organizational security and which could pose the greatest negative impact.

According to the report, 41% of respondents said advancements in AI will have the greatest positive impact on security. Interestingly, 52% also said AI would have the greatest negative impact. 

This paradox shows AI might be cybersecurity’s clearest double-edged sword: a great opportunity, and an equally great threat.

Cybersecurity teams weigh AI benefits against risks

Respondents identified the following technologies as having the greatest positive impact on security:

• Advancements in AI (41%)
• Automation in cybersecurity (35%)
• Zero trust network access (33%) 
• Passwordless authentication (22%),
• Agentic AI (21%) 
• Risk‑based vulnerability management (21%)

However, when asked which technologies could have the most significant negative impact on security, the rankings shifted:

• Advancements in AI (52%)
• Agentic AI (34%)
• Quantum computing (32%)
• Increase in processing power and speed (19%)
• Mobile computing advances (17%)

ISC2 said the contrasting rankings highlight the complex challenge cybersecurity professionals face with AI.

“AI is not a single-dimensional tool. It is simultaneously an accelerator for defenders and a force

multiplier for adversaries,” ISC2 said.

“While automation and intelligence-driven insights promise to ease operational burdens, the rapid pace of AI innovation is also introducing uncertainty.”

AI-powered social engineering leads future concerns

When asked about the biggest challenges faced over the past 12 months, AI-powered social engineering ranked as the top concern at 51%. 

That figure rose to 57% among those who expect it to become a major challenge over the next two years.

Once again, the study emphasized that while AI has strengthened cyber defenses, it has also been leveraged “to scale and refine attacks,” prompting security professionals to adapt traditional security approaches and strengthen protections.

Challenges respondents said they faced over the past 12 months included:

• AI-powered social engineering (51%)
• Worker/skill shortages in the workforce (39%)
• Risks of emerging technologies like blockchain, AI, VR, quantum computing, etc. (38%)
• Economic uncertainty is impacting cybersecurity staffing and hiring (36%)
• Insider threats (34%)
• Keeping up with changing regulator requirements (32%)

Looking ahead to the next two years, cybersecurity professionals ranked the top challenges differently:

• AI-powered social engineering (57%)
• Risks of emerging technologies like blockchain, AI, VR, quantum computing, etc. (46%)
• Adapting to risks from advances in employee computing technologies (34%)
• Cyber attacks stemming from cyber operators as a precursor to military conflict, a tactic of military operations, or a tool of retaliation (34%)
• Keeping up with environmental regulatory requirements (32%)
• Keeping up with changing regulator requirements (32%)

What MSPs should know

For MSPs and channel partners, the findings reinforce the need to treat AI as both a security enablement tool and a growing customer risk area. 

Providers that are already using automation and AI-driven insights to improve threat detection, response, and vulnerability management will also need to help clients address AI-enabled social engineering, emerging technology risks, and governance gaps. 

That creates a near-term opportunity for partners to position AI oversight, workforce training, and security policy development as part of broader cybersecurity advisory and managed services.

ISC2 calls for governance and workforce training

With these findings, the ISC2 report underscored the pivotal crossroads the cybersecurity industry currently faces with AI. 

Given both its benefits and potential security risks, the company called on cybersecurity professionals to prioritize governance frameworks and workforce training for effective AI oversight.

“Taken together, these findings paint a picture of a profession at a critical crossroads. AI is redefining what is possible in cybersecurity, but it is also redefining what is required and who will deliver it, from skills development and ethical considerations to governance and collaboration,” the research said.

“For cybersecurity professionals, success will depend not only on adopting new technologies, but on building the judgment frameworks and the workforce needed to use them responsibly,” it added.

Last year, ISC2 published research highlighting mounting burnout, widening skills gaps, and shifting cybersecurity priorities as organizations prepared for broader AI adoption heading into 2026. Read more about those findings and how they compare with the latest report above.