A global survey of 3,887 business and technology executives finds that artificial intelligence (AI) technologies (60%) are now the top cybersecurity investments that organizations are planning to make over the next 12 months. The top use cases for AI are threat hunting, AI agents and event detection and behavioral analysis.

Conducted by PwC, the survey also finds that more than half (53%) are prioritising AI and machine learning tools to help close capability gaps that have emerged as a result of ongoing skills shortages. A full 38% are looking to managed service providers (38%) to help provide the AI expertise that will be needed, the survey finds.

Matt Gorham, leader of the Cyber and Risk Innovation Institute at PwC, said that while AI agents hold significant promise, organizations need to understand how workflows are being automated and to make sure the scope of the tasks assigned to them is well understood. Each agent should be given the least amount of privileges possible to automate a task, he added. Otherwise, the AI agent is likely to access sensitive data beyond its purview, said Gorham.

That issue can be especially problematic if the AI agent itself is compromised, he added. Given the scope of their capabilities, it’s only a matter before AI agents themselves become the target of a cyberattack, noted Gorham.

Overall, most companies (67%) are spending roughly equal amounts on both proactive technologies, such as monitoring, assessments, testing and controls, as they are reactive measures, such as incident response and recovery.

The survey also notes that a changing geopolitical landscape is having a significant impact on cybersecurity, with 60% ranking cyber risk investment as one of the top three strategic priorities because of it. A full 41% also said their organizations plan to change where physical infrastructure is located because of these concerns, the survey finds.

However, despite these and other ongoing efforts, only about half of respondents said they feel their organization is ‘somewhat capable’ of withstanding cyber attacks targeting specific vulnerabilities. In fact, only 6% feel confident across all vulnerabilities surveyed.

Finally, the survey finds 29% of respondents are piloting and testing quantum-safe technologies, but only 22% have moved beyond piloting. Nearly half (49%) haven’t considered or started implementing any quantum-resistant security measures.

Determining where to invest in additional cybersecurity is, as always, challenging given limited budgets, but there is little doubt that organizations are now locked in an AI arms race. Adversaries are making similar investments in AI technologies that will enable them to launch more sophisticated cyberattacks at much higher levels of scale. In the absence of an AI capability, it’s only a matter of time before defenders will be overwhelmed at a time when the overall size of the attack surface that needs to be defended only continues to expand.

Hopefully, investments in AI will ultimately benefit defenders more than do attacks, but given the resources that many cybersecurity syndicates have at their disposal, it’s probable there might, unfortunately, be a significant gap between when cyber attackers gain access to these tools and when defenders have been able to deploy their own AI countermeasures.