At RSA, we believe in the power of AI because the scale, speed, and sophistication of today’s threats demand it. Human-only security models cannot keep up with these new threats. The real risk isn’t in adopting AI; it’s in adopting AI without intent, discipline, and security outcomes to anchor it, operate it effectively, and measure its results.
In too many instances, CISOs face significant pressure to automate functions or integrate AI quickly instead of thoughtfully. That can lead to shortcuts that waste resources at best and weaken security at worst. At the same time, security leaders can’t hesitate to implement some form of automation, because AI-driven attacks aren’t coming—they’re already here.
The Gartner® Report, Predicts 2026: CISOs Must Embrace Relief of Missing Out on AI, helps security leaders balance these competing forces. The report provides CISOs with market research and recommendations on integrating AI into their cybersecurity stacks effectively.
Deployed correctly, AI can provide significant benefits to security teams, including:
- Accelerating detection and response
- Surfacing risk hidden by volume and complexity
- Augmenting human decision-making at machine speed
- Enabling security teams to scale without burning out scarce talent.
It’s because of that potential that so many organizations are planning to implement some form of AI in the near term. The 2026 RSA ID IQ Report, a global survey of more than 2,100 security, IT, and compliance leaders, found that 91% of organizations plan to implement AI in their tech stack this year, likely in part because of the gains that AI can deliver.
Organizations looking now to deploy AI in their tech stack must proceed strategically to achieve positive outcomes. The Gartner report includes this recommendation for implementing AI successfully: “Select and prioritize AI initiatives based on direct cybersecurity improvement objectives or maturity gaps, as assessed by an independent third-party benchmark or a structured internal assessment if a benchmark is not available.”
At RSA, after decades of using AI ourselves and helping organizations deploy our solutions, we’ve seen how the technology can meaningfully improve organizations’ overall security posture. One of the best practices we recommend to our clients is to build on the core understanding that AI will deliver on its full potential and pose minimal risk only when it is applied with discipline and aligned to security priorities.
While the Gartner report provides insights into the value of AI, it also makes clear that longstanding identity security essentials remain vital. For example,
the report advises: “Accelerate your move toward passwordless authentication for all employees, mitigating the risk of credential compromise by removing passwords wherever possible, replacing them with phishing-resistant MFA.”
RSA believes that these points about MFA and passwordless will remain critical for CISOs, especially in the era of autonomous threats. Credential phishing today is increasingly likely to be AI-driven, enabling attackers to generate phishing emails that are grammatically flawless, perfectly contextual, and more authentic-seeming than ever.
Passwordless authentication can remove the credentials that both human- and AI-led phishing campaigns attempt to steal. Organizations should prioritize complete, enterprise-grade solutions that can support passwordless for all users, in all environments.
If you’re committed to AI as a core pillar of your security strategy and want to maximize its impact, download the Gartner Report, “‘Predicts 2026: CISOs Must Embrace Relief of Missing Out on AI.”’
Gartner Disclaimers
Gartner, “Predicts 2026: CISOs Must Embrace Relief of Missing Out on AI,” Jeremy D’Hoinne, Deepti Gopal, Pete Shoard, Akif Khan, Arthur Sivanathan, Christopher Mixter 22 December 2025
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.
