Logo

AI in cybersecurity: A copilot, not a replacement

Survey data reveals AI's role as an assistive tool in cybersecurity, highlighting potential areas for future growth and collaboration.

  • Friday, 25th July 2025 Posted 3 months ago in by Aaron Sandhu

Data from Hack The Box, a pioneering platform in cybersecurity training, highlights a shift in how AI is employed by security teams. No longer just powering security efforts, AI is now viewed as a copilot in addressing cybersecurity challenges.

The Global Cyber Skills Benchmark, a comprehensive Capture the Flag competition, collected performance data from over 4,000 global participants. This data revealed 44% of teams utilising AI, predominantly for syntax assistance and concept clarification during simulations. However, its role largely remains assistive, with fewer than 8% depending on AI to completely solve challenges.

There is still significant room for advancement as 66% of teams did not employ AI in any capacity. Critical areas like Secure Coding (18.7% solve rate), Web (21.1%), and Cloud (21.3%) challenges demonstrate key skills essential to modern infrastructure that warrant further development.

The most effective approach sees AI paired with human expertise. While AI offers speed and efficiency in executing time-consuming tasks, human insight brings context and situational awareness, enhancing the overall security process. Over-dependence on either can expose vulnerabilities and weaken security frameworks.

Haris Pylarinos, CEO and Founder of Hack The Box, highlights this interplay: "AI is undoubtedly helping teams move faster, but should be used to augment security efforts, rather than replace human-led knowledge. Security works best when AI is deployed in partnership with a highly trained security team, who are able to support decision-making with automated data and AI tools."

As teams progressively adopt AI for foundational support, continued monitoring of the symbiotic performance between AI and humans is essential to develop and evolve proactive security practices.