New Vectra AI research finds cyber resilience lagging in the AI era

Vectra AI, the cybersecurity AI leader in protecting modern networks from modern attacks, today released its 2026 State of Threat Detection and Response Report, revealing a persistent gap between security investment and real-world cyber resilience.
 
Based on a global survey of 1,450 security practitioners, SOC leaders, and security decision-makers, the report finds that as AI takes on a larger share of day-to-day SOC work, many teams report feeling better staffed and better tooled — yet that perceived readiness hasn't translated into stronger confidence in detection, investigation, or response. Fragmented visibility, alert overload, and tool sprawl continue to limit teams' ability to clearly see risk and act with certainty when attacks occur.
 
"Organizations have invested heavily in people, tools, and AI, but confidence hasn't kept pace," said Mark Wojtasiak, SVP of Research and Strategy at Vectra AI. "Cyber resilience depends on trusted signals. When defenders can't clearly distinguish real threats from noise, response slows, and resilience becomes difficult to deliver and even harder to prove."
 

Key findings highlight persistent gaps

Despite declining alert volumes, security teams remain overwhelmed and reactive:
 

• Organizations receive an average of 2,992 security alerts per day, down from 3,832 the year prior, yet 63% of alerts still go unaddressed.
• 71% of defenders report setting aside important security tasks at least two days per week.
• Only 58-60% report full or near-full visibility across endpoints, on-premises networks, cloud environments, and identities.
• 69% of organizations use more than 10 detection and response tools, while 39% use more than 20.

 
Together, these conditions undermine trust in detection tools, slow response, and leave organizations uncertain whether they can identify real attacks in time.
 

AI adoption rises, but resilience gains lag

As enterprises adopt AI to accelerate business operations and infrastructure, attackers are doing the same — driving faster, more automated attacks that security teams struggle to keep pace with, even as they adopt AI-powered defenses. According to the report, 44% of defenders say they are losing the battle when it comes to prioritizing real threats. While optimism around AI in the SOC is high, the report shows its impact has not yet translated into measurable improvements in visibility, response speed, or confidence, even with 76% of defenders stating that AI agents and/or AI assistants now handle more than 10% of their workload.
 

• 67% of defenders say AI-powered tools have positively impacted threat identification and response.
• 87% expect to increase AI use, primarily to replace legacy detection and response tools.
• 63% want AI agents to handle alert triage and investigations.

 
The findings suggest that while AI adoption is helping security teams absorb workload and feel better staffed, it has not yet delivered resilience. As attackers use AI to move faster and scale their operations, fragmented visibility and detection latency across siloed tools and manual processes continue to limit the impact of AI-powered defenses.
 
The 2026 State of Threat Detection and Response Report makes one conclusion clear: cyber resilience remains constrained by confidence in the signals driving security decisions. Until organizations can clearly see risk, act decisively, and prove outcomes, resilience will remain stalled — even in the AI era.