Estimated reading time: 7 minutes
Artificial intelligence has crossed a threshold in cybersecurity. The World Economic Forum’s May 2026 white paper, “Empowering Defenders: AI for Cybersecurity,” produced in collaboration with KPMG, puts a number on that shift. Some 94% of cyber leaders now identify AI as the defining force in their field. Another 77% report that their organizations already use AI in active cyber operations. The debate about whether AI belongs in security is over. The debate now is whether organizations are deploying it fast enough and safely enough to stay ahead of attackers doing the same.
Attackers Got There First
The threat side of the AI equation is already in motion. Adversaries use AI to conduct reconnaissance, generate malware, exploit code at scale, and evade detection. What once required weeks of effort now takes minutes. Technical barriers to sophisticated attacks have collapsed. The volume and impact of attacks have expanded in direct proportion. Netskope’s 2026 cloud threat report documented the same dynamic, finding that enterprise genAI use tripled while policy violations doubled a sign that the attack surface is expanding faster than controls are keeping pace.
Laurent Gobbi, Global Head of Cyber and Tech Risk at KPMG, stated the challenge plainly. “Attackers are moving faster and at greater scale than ever before,” he said. The WEF report frames this as a call to action: organizations must match that pace, using AI as a force multiplier for defense rather than waiting for threats to arrive.
What AI Delivers For Defenders
The financial case for AI in cybersecurity is now measurable. Organizations that use AI extensively in security operations shortened breach timelines by approximately 80 days. They reduced average breach costs by $1.9 million per incident. Those figures come from IBM’s Cost of a Data Breach Report 2025, cited in the WEF paper. The operational gains are equally concrete. Accenture deployed an AI capability called Agent Oliver across more than 100,000 internet-facing sites. Analysis time per site dropped from 15 minutes to under one minute. IBM’s ATOM platform automates more than 850 analyst hours per month and cuts end-to-end investigation time by 37%. KPMG reported a 25% increase in operational efficiency in threat intelligence through AI-driven correlation tools.
Akshay Joshi, Head of the Center for Cybersecurity at the World Economic Forum, identified the strategic implications. “AI has the potential to shift the balance towards defenders,” he said. The report makes clear that the shift only happens for organizations that treat AI as a strategic capability rather than a point solution.
Where AI Is Actually Being Used
The report maps AI deployment across the full security lifecycle using the NIST Cybersecurity Framework. AI currently sees the heaviest use in threat detection and risk identification. Some 52% of organizations use AI for phishing detection. Another 46% apply it to intrusion and anomaly detection. Forty percent use it for user behavior analytics. On the threat intelligence side, multiple case studies show AI compressing investigation timelines from days or weeks to minutes. Check Point’s internal system reduced investigation time from roughly three weeks of manual effort to approximately one hour.
On the defensive side, AI is also moving into governance, vulnerability management, and incident response. The report notes that AI adoption within recovery functions remains limited. Most applications in that space are still conceptual or early-stage. That gap matters for cyber insurers, whose claims exposure is most acute in recovery scenarios.
Agentic AI Is The Next Frontier
The WEF report devotes significant attention to agentic AI, where autonomous systems detect, triage, and respond to threats without waiting for human instruction. Some 88% of enterprises are actively investing in AI agents. Gartner predicts that by 2028, 15% of day-to-day work decisions in cybersecurity will be made autonomously by AI agents. This publication has tracked the governance anxiety that agentic AI is already generating. Security chiefs are slowing rollouts, adding review steps, and raising budgets specifically in response to agentic AI risk concerns.
The WEF report validates those concerns while arguing that the opportunity is too large to ignore. The identity and access control dimension of agentic AI represents a particular pressure point. As AI agents multiply, managing non-human identities and machine access credentials becomes a core security problem, not a secondary one.
The Governance Warning
The report is direct about the risks of moving too fast. Heavy AI reliance creates a false sense of security. Excessive automation erodes the human expertise needed to intervene when AI systems fail. Security teams that stop practicing manual processes lose the ability to fall back on them. The report calls for structured pilots before full deployment, clear success criteria, human-in-the-loop controls for high-stakes actions, and governance frameworks that evolve as AI capabilities expand.
The identity security gap documented in earlier reporting, where 90% of firms loosen identity controls in pursuit of AI deployment speed, is precisely the kind of governance failure the WEF report warns against. Speed without structure creates the attack surface that AI was meant to close.
What This Means For Cyber Insurance
The cyber insurance market is watching AI deployment on both sides of the ledger. On the claim side, AI-enabled attacks generate faster, higher-impact breaches. On the underwriting side, organizations with mature AI security operations represent a meaningfully different risk profile. The Lockton Re and Armilla “Ready or Not” report flagged the insurance implications directly, identifying silent coverage exposure, new trigger scenarios, and systemic risk questions that the market has not yet fully priced. The WEF report adds institutional weight to those concerns. When the World Economic Forum and KPMG document a $1.9 million breach cost differential between AI-mature and AI-absent organizations, underwriters have a quantified basis for tiered pricing.
Brokers should be asking clients two questions on renewal. First, does the organization use AI in active security operations or only in pilots? Second, does it have governance frameworks, tested pilots, human control rules, and agent identity controls to match that deployment? The answers will increasingly separate preferred risks from standard ones.
Bottom Line For The Market
The WEF report is one of the most authoritative institutional framing of AI’s role in cybersecurity to reach the market in 2026. It is grounded in 20 real-world case studies from organizations including IBM, Google, Accenture, Allianz, Santander, and Aramco. It does not overstate the case for AI. And it explicitly warns against over-reliance and the erosion of human expertise. That balance makes it credible and actionable for CFOs and General Counsel evaluating AI security investments and their insurance implications. The full report is available at weforum.org.
FAQ – AI cybersecurity 2026
The WEF’s May 2026 report finds that 94% of cyber leaders identify AI as the defining force in cybersecurity. Some 77% of organizations already use AI in active security operations. Adoption is shifting from pilots to actual deployment across threat detection, incident response, and governance functions.
According to IBM data cited in the WEF report, organizations using AI extensively in security operations reduce average breach costs by $1.9 million and shorten breach timelines by approximately 80 days compared to organizations without extensive AI deployment.
Agentic AI refers to autonomous AI systems that can detect, triage, and respond to cyber incidents without waiting for human instruction. The WEF report identifies agentic AI as the next major frontier in cybersecurity, with 88% of enterprises actively investing in AI agents.
The WEF report warns that over-reliance on AI creates false security and erodes human expertise over time. Agentic AI introduces expanded attack surfaces, unintended agent behaviors, and governance gaps where AI acts without proper oversight or accountability.
Organizations with mature AI security operations represent a different risk profile than those without. AI-enabled attacks generate faster, higher-impact breaches. Underwriters are beginning to differentiate between organizations with structured AI governance and those deploying AI without adequate controls or oversight.
The Cyber Frontiers: AI and Cyber initiative, launched in 2024, brings together representatives from 84 organizations across 15 industries. It examines how AI is reshaping cybersecurity and guides organizations on secure and scalable AI adoption, including governance frameworks for agentic AI systems.
Related Cyber Liability Insurance Posts
- Joint Commission And AHA Launch Landmark Hospital Cyber Resilience Program
- Artificial Intelligence Report: Only 44% Ready to Support Secure AI, Delinea Finds(Opens in a new browser tab)
- AI In The SOC: Alert Overload, Human Judgment, And Hidden Risk Shape Security’s Next Chapter(Opens in a new browser tab)
- Ransomware Loses Its Crown as Phishing and Fraud Explode, WEF Warns(Opens in a new browser tab)
- Agents Recognize Cyber Risks—Clients Remain Skeptical About Personal Cyber Insurance(Opens in a new browser tab)
