Generative AI (GenAI) is transforming the cybersecurity landscape, requiring Chief Information Security Officers (CISOs) and their teams to adapt quickly to both opportunities and challenges, according to the Gartner® report 4 Ways Generative AI Will Impact CISOs and Their Teams[1].
As organizations integrate GenAI into business processes, it is critical to secure not only the technology’s development but also its consumption across the enterprise.
According to Gartner, CISOs must address GenAI’s impacts across four key areas:
- “Defend with” generative cybersecurity AI: Receive the mandate to exploit GenAI opportunities to improve security and risk management, optimize resources, defend against emerging attack techniques or even reduce costs.
- “Attacked by” GenAI: Adapt to malicious actors evolving their techniques or even exploiting new attack vectors thanks to the development of GenAI tools and techniques.
- Secure enterprise initiatives to “build” GenAI applications: AI applications have an expanded attack surface and pose new potential risks that require adjustments to existing application security practices.
- Manage and monitor how the organization “consumes” GenAI: ChatGPT was the first example; embedded GenAI assistants in existing applications will be the next. These applications all have unique security requirements that are not fulfilled by legacy security controls.
Gartner projects: By 2027, GenAI will contribute to a 30% reduction in false positive rates for application security testing and threat detection by refining results from other techniques to categorize benign from malicious events. However, organizations should be prepared for an initial surge in false alerts as detection thresholds are adjusted to address GenAI-enabled threats.
Key Gartner Recommendations
- Initiate experiments of “generative cybersecurity AI,” starting with chat assistants for security operations center (SOCs) and application security.
- Work with organizational counterparts who have active interests in GenAI, such as those in legal and compliance, and lines of business to formulate user policies, training and guidance. This will help minimize unsanctioned uses of GenAI and reduce privacy and copyright infringement risks.
- Apply the AI trust, risk and security management (AI TRiSM) framework when developing new first party, or consuming new third-party, applications leveraging LLMs and GenAI.
- Reinforce methods for how they assess exposure to unpredictable threats, and measure changes in the efficacy of their controls, as they cannot guess if and how malicious actors might use GenAI.
While GenAI offers transformative potential, Gartner cautions against overoptimism. Inundation of GenAI product announcements can lead to wasted investments if organizations fail to align adoption with clear business and security objectives.
By proactively addressing the security implications of GenAI, CISOs can balance innovation with resilience, ensuring their organizations reap the benefits of this powerful technology without compromising security.
Challenges and Best Practices Gartner Sees for Embracing Generative Cybersecurity AI
CISOs face several challenges when integrating GenAI into cybersecurity strategies. In the short term, productivity may fluctuate as GenAI-driven alert enrichment can either ease or exacerbate diagnosis fatigue. Privacy concerns arise from third-party dependencies, as many GenAI features rely on external LLM providers, complicating risk management. Gartner also highlights cost implications, noting that GenAI implementations can exceed traditional solutions while early outputs may be inconsistent or biased.
Gartner’s Actionable Recommendations:
- Initiate controlled GenAI experiments: Focus on SOC chat assistants and secure code tools to measure tangible productivity gains.
- Strengthen organizational collaboration: Engage legal, compliance, and business leaders to develop training and user policies that prevent unsanctioned GenAI usage and mitigate privacy and copyright risks.
- Apply AI TRiSM for governance: When developing or consuming GenAI solutions, use this framework to ensure transparency, traceability, and security.
- Enhance exposure assessments: Regularly evaluate vulnerabilities, monitor detection drift, and update controls to counter evolving GenAI-enabled threats.
- Improve data transparency and vendor management: Demand clarity from providers about data usage and prioritize secure third-party integrations.
- Educate employees: Incorporate GenAI awareness into phishing simulations and security training to combat advanced impersonation tactics.
Gartner’s Strategic Planning Assumptions
- By 2027, GenAI will reduce false positives in application security and threat detection by 30%.
- Through 2025, GenAI-driven attacks will force organizations to lower detection thresholds, increasing false alerts and human intervention needs.
- 89% of business technologists bypass cybersecurity protocols to meet business goals, underscoring the need for stronger governance.
Implementing these strategies allows CISOs to embrace GenAI’s potential while minimizing risk. Gartner stresses that investment in people and processes should precede technology purchases to maximize ROI and organizational resilience.
[1] Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
