Seemplicity

Fewer than 1 in 5 organizations use structured prioritization models.

30% cite budget limitations as their biggest barrier to adopting additional solutions.

Nearly 40% of organizations still rely on manual workflows for most of their vulnerability remediation processes.

1 in 5 organizations take four or more days to fix critical vulnerabilities.

85% of organizations believe their cross-team collaboration is strong.

49% measure success of vulnerability remediation by mean time to remediation.

91% of organizations experience delays in vulnerability remediation.

86% of organizations are increasing their security spending in 2025.

61% of organizations still measure success of vulnerability remediation by the number of vulnerabilities resolved.

54% measure success of vulnerability remediation by fewer breaches.

91% of organizations experience delays in vulnerability remediation.

Speed of threat detection was used to evaluate AI efficacy by 57% of respondents

39% of firms are using AI to solve data overload problems that stymie vulnerability and exposure management work

Costs were an obstacle for 46% of respondents in effective use of AI.

Endpoint security was a current application of AI in 52% of security tech stacks

The majority of organizations (55%) say that they’ve enabled AI in under half the tools in their environments that have it available

Endpoint security (34%), antivirus/anti-malware (31%), and malware analysis (31%) were the security tech categories where AI is thought to be the most overhyped

Basic vulnerability scanning was a current application of AI in 47% of security tech stacks

About 16% of security teams say their use of AI has been very beneficial and have made it a core part of their program

Antivirus/anti-malware was a current application of AI in 40% of security tech stacks

Approximately 56% of respondents reported that at least half of their security vendors tout their AI capabilities

The top five vulnerability management problems they’re actively trying to solve with AI today were: false positives (49%), overload of data (39%), reliance on manual processes (33%), disparate results from scanning tools (31%), and false negatives (31%)

46% of security teams primarily depend on AI that is embedded in their security tools and delivered by their vendors versus building their own

Just 6% of respondents say that they fully outsource their AI training

Security and privacy risks were a reason for turning off AI functionality, cited by 55%

Vendor reliability and maturity were a reason for turning off AI functionality, cited by 50%

A lack of transparency and explainability was the top reason for turning off AI functionality, cited by 58%

Around 45% say that AI is moderately beneficial and they’re starting to note the benefits

Incident response was the second security function where AI will provide the most value in the next 3 years, cited by 59% of respondents

77% of respondents reported that one or more of those vendors had overhyped their AI performance or are underdelivering on their promises

The No. 1 security issue respondents are most hopeful that AI will help fix is the prioritization of disparate results from scanning tools, for which 82% are hopeful for gains

21% say they apply AI to security through a mix of vendor-led and internal AI.

Sophisticated threat landscape was the most commonly cited security pain point, named by 60% of respondents

A scant 6% reported that AI is detrimental to their security program

Difficulty in tuning, training, and supervising AI was an obstacle to the effective use of AI for 39% of respondents

The top use case where security leaders say AI will offer most value is vulnerability and risk management, named by 74% of respondents

Third-party and supply chain risk was a big security pain point (42%)

Just 25% of teams use AI to power vulnerability prioritization

Just 18% have utilized GenAI to speed up summarization and reporting work

82% were optimistic about AI applicability to sifting through disparate results from scanning tools

81% were optimistic about AI applicability to dealing with overload of data

Lack of skilled personnel is the biggest obstacle to the effective use of AI in cybersecurity today, cited by 55% of respondents

Lack of transparency in AI decision making was an obstacle for 46% of respondents in the effective use of AI.

Just a fraction of respondents said that their tools come trained and/or tuned — 5%

Just over half of respondents said that they regularly disable AI functionality in some or all security tooling due to a range of considerations

1 in 5 respondents reporting that 75% or more of their tool stack promotes AI capabilities

Approximately 19% say they primarily apply AI to security through their own internal data science work

Approximately 1 in 4 organizations said they’re concerned about how AI use in the enterprise will make them more attackable (AI and generative AI concerns)

Only 18% use AI to bolster vulnerability remediation workflows

46% of firms say that they’re actively trying to use AI to solve false positive issues