AI Security Automation a Priority, But Hurdles Remain: BlinkOps

Eighty one percent of cybersecurity teams view AI-powered security automation as a core strategic priority, despite continued execution hurdles and workforce limitations, reveals BlinkOps State of Security Automation 2025 report.

“The escalating volume and sophistication of cyberthreats, combined with the critical shortage of skilled cybersecurity professionals, are compelling reasons why AI-powered automation is no longer a luxury but a necessity,” says Ashish Kuthiala, Chief Marketing Officer, BlinkOps, to 01Net.

BlinkOps report, based on a survey of over 1,000 security professionals and decision makers across a range of organizations, highlights the growing significance of metrics such as Time to Automation (TTA) and explores the emerging adoption of agentic AI, which has the capacity to autonomously execute complex security tasks in real-time.

While AI-powered automation is increasingly viewed as essential, organizations face persistent operational barriers including staffing shortages, a lack of internal expertise in automation deployment, and complex tooling. These challenges are delaying the time it takes to implement automated security protocols at a time when threat actors are becoming faster and more sophisticated.

According to the report, TTA has emerged as a crucial metric in cybersecurity. Despite its importance, 45% of organizations reported that it took up to three months to implement their most recent automation effort. Only 15% managed to deploy automation within a month, highlighting a growing discrepancy between the pace of cyberattacks and organizational response times. In a security environment where malicious actors can compromise systems in seconds, such delays significantly increase exposure to threats.

The study also found that 53% of organizations plan to adopt agentic AI for real-time threat detection and 46% for policy enforcement. Only 3% have ruled out the use of autonomous agents entirely. These agents — AI systems capable of planning and executing tasks without continuous human input — are increasingly seen as a solution to workforce constraints, enabling faster response times and round-the-clock vigilance, says BlinkOps.

However, the implementation of automation remains hampered by structural issues. About 44% of respondents indicated difficulty in hiring personnel with the requisite skills for automation and AI roles. Furthermore, 35% of organizations report a lack of internal capabilities to build or maintain automated workflows, while 34% noted that current tools were too complex to operate efficiently.

The structure of security operations centers (SOCs) is also undergoing transformation. About 45% of surveyed organizations are establishing centralized teams dedicated to automation, reports BlinkOps. Meanwhile, 46% anticipate a shift in analyst roles — from executing routine tasks to overseeing automated systems and handling exceptions. Despite these changes, 35% of teams still report being overwhelmed by repetitive manual tasks, and 19% rely almost exclusively on manual operations.

While only 6% of organizations report having mature automation programs, 49% have defined long-term roadmaps, and 33% are actively developing strategies. The next five years are expected to be critical for advancing governance frameworks and refining the integration of AI-driven automation in threat detection and response mechanisms, says BlinkOps.

While malicious AI agents are not yet widely deployed by cybercriminals, the MIT Technology Review reports that AI agents can replicate complex cyberattacks. Furthermore, Palisade Research has launched the LLM Agent Honeypot initiative to detect early uses of autonomous AI in real-world hacking attempts. This effort has already identified two AI agents originating from Hong Kong and Singapore that passed performance benchmarks designed to differentiate LLMs from traditional bots.

Mark Stockley, Cybersecurity Evangelist, Malwarebytes, and Vincenzo Ciancaglini, Senior Threat Detecter, Trend Micro, suggest that agent-led cyberattacks could become mainstream within the next year. Unlike conventional bots, AI agents are capable of adaptive decision making and evasive behavior, making them more effective for large-scale, autonomous attacks. This capability raises concerns about scalability in threats such as ransomware, where AI could lower operational costs and accelerate attack velocity.

While AI may accelerate existing threats, the principles of detection and response are unchanged, says Chris Betz, Chief Information Security Officer, Amazon Web Services. AI agents could also play a dual role — both as attackers and as advanced defenders capable of identifying vulnerabilities and reinforcing digital perimeters.