Splunk report finds agentic AI reshaping the CISO role in the AI era

Artificial intelligence is emerging as a core pillar of modern security operations, according to Splunk’s latest global survey of Chief Information Security Officers. The report, titled The CISO Report: From Risk to Resilience in the AI Era, is based on responses from 650 CISOs worldwide and points to a security environment defined by increasingly capable adversaries and accelerating technological change.

The survey indicates that 95% of CISOs now view the growing sophistication of threat actor capabilities as their greatest risk. As a result, improving threat detection and response has become the top operational priority for 92% of respondents. This is followed by strengthening identity and access management at 78%, and investing in AI-driven cybersecurity capabilities at 68%. These priorities reflect a broad consensus that traditional security approaches are no longer sufficient to cope with the scale and speed of modern attacks.

AI is already delivering measurable benefits within security teams. According to the findings, 92% of CISOs say AI enables their teams to review more security events, while 89% report improved data correlation as a direct result of AI adoption. Among organisations that have partially or fully adopted agentic AI, 39% strongly agree that it has increased reporting speed by more than double. This compares with just 18% among those still exploring the technology, highlighting a widening operational gap between early adopters and laggards.

Looking ahead, expectations for agentic AI remain high. Some 82% of CISOs believe it will increase the volume of data reviewed, and an equal proportion expect improvements in correlation and response speeds. At the same time, enthusiasm is tempered by concern. A majority of respondents fear that agentic AI will also be leveraged by attackers, with 86% worried about more sophisticated social engineering attacks and 82% concerned about faster deployment and greater complexity of persistence mechanisms. Despite these risks, AI is widely viewed as essential for maintaining security effectiveness and supporting broader business objectives.

Michael Fanning, Chief Information Security Officer at Splunk, described the mounting pressure facing security leaders as AI accelerates both opportunity and risk. “CISOs operate in the eye of the storm, at the centre of constant transformation. Role responsibilities expand, threats evolve, and AI accelerates everything,” he said. “This expanded mandate brings an exceptional level of pressure and personal accountability. We are not just managing technology. We are managing risk, talent, and the digital resilience that drives critical business outcomes.”

Expanding responsibilities and rising personal accountability

The report underscores how the scope of the CISO role has expanded well beyond traditional security oversight. Nearly four out of five respondents say their responsibilities have become significantly more complex, reflecting the convergence of cybersecurity, data governance, and enterprise risk management. Almost all CISOs surveyed now report responsibility for AI governance and risk management, signalling a shift towards direct ownership of how AI systems are deployed and controlled within organisations.

This expansion of authority is accompanied by rising personal stakes. More than three quarters of CISOs say they are worried about personal liability in the event of a security incident, a sharp increase from the previous year when just over half expressed similar concerns. The data suggests that regulatory scrutiny, board-level expectations, and public accountability are converging to place individual security leaders under unprecedented pressure.

Beyond AI governance, more than four out of five CISOs also oversee secure software development practices, including DevSecOps. This reflects the growing recognition that security must be embedded throughout the development lifecycle rather than bolted on after deployment. As digital transformation initiatives continue across industries, CISOs are increasingly expected to act as strategic leaders who can balance innovation with risk mitigation.

The report also highlights the importance of shared accountability at the executive level. Joint ownership is seen as delivering the most value in key areas such as security initiatives, cited by 62% of respondents, as well as security budgets at 55% and access to security-relevant data at 49%. These findings suggest that resilience is strongest when cybersecurity is treated as an organisational responsibility rather than a siloed technical function.

To communicate value to non-technical stakeholders, CISOs are focusing on business-oriented metrics. Incident reduction, improved Mean Time to Detect, and Mean Time to Respond are the primary measures used to demonstrate return on investment and align security outcomes with business performance. This emphasis reflects an ongoing effort to position cybersecurity as a business enabler rather than a cost centre.

Talent, burnout, and the human side of resilience

Despite rapid advances in automation and AI, the report makes clear that human talent remains central to effective security operations. CISOs continue to prioritise people over technology when addressing skills gaps, with leading strategies including upskilling existing staff, hiring new full-time employees, and engaging contractors. This approach reflects a belief that human judgement and creativity are critical for complex tasks such as threat hunting and incident response.

At the same time, the survey reveals persistent challenges around workforce wellbeing. Nearly two-thirds of security teams are experiencing moderate to significant burnout. High alert volumes are cited as a stressor by 98% of respondents, while 94% point to false alerts and 79% highlight tool fatigue. These pressures contribute to retention challenges and risk undermining long-term resilience if left unaddressed.

In response, CISOs are seeking to simplify and rationalise security operations. Many are consolidating security data into a single, unified view to reduce noise and improve clarity. Data-driven narratives are also being used to translate technical complexity into clear business priorities for senior leadership, supporting more informed decision-making.

However, obstacles to greater data sharing remain significant. Data privacy concerns are cited by 91% of respondents as a barrier, followed by high storage costs at 76% and the absence of shared data views at 70%. These constraints highlight the tension between the need for comprehensive visibility and the practical limits imposed by cost, compliance, and organisational structure.

Overall, the report paints a picture of a profession in transition. CISOs are evolving into strategic leaders tasked with navigating technological complexity, organisational change, and personal accountability. By combining data-driven approaches, human-centric leadership, and thoughtful integration of AI, security leaders are working to strengthen digital resilience and support sustainable business growth in an increasingly volatile threat landscape.