Hack The Box has released its Cybersecurity Workforce Intelligence Report, highlighting the growing impact of AI on cybersecurity skills, career development, and team structures. The global report shows that AI is reshaping cybersecurity roles, increasing demand for advanced expertise, and pushing CISOs to rethink workforce planning strategies.
Based on anonymized data from more than 702,000 cybersecurity professionals across 251 countries and territories, the report highlights a growing shift in training interest toward advanced, AI-related skills and more integrated team models. As AI transforms both attack and defense, the findings show that technology alone is not enough. The effectiveness of the cybersecurity industry will increasingly depend on the depth, adaptability and readiness of the people behind it.
Organizations are accelerating investment in AI security capabilities, with AI penetration testing emerging as a top global training priority, underscoring how quickly AI security is moving from emerging focus to operational necessity.
“AI is creating a divide between teams that can operationalize it and those that can’t, and that divide directly translates into risk,” said Haris Pylarinos, Founder and CEO of Hack The Box. “For CISOs, the challenge is ensuring their teams can operate effectively with AI, and without it when needed.”
AI is raising the bar for cybersecurity teams
Cybersecurity practitioners are increasingly prioritizing emerging risks such as prompt injection, model exploitation and agentic AI attacks, signaling a shift in how organizations are preparing their teams. Hack The Box’s training data reflects this trend, with Prompt Injection accounting for 29% of challenges solved, Machine Learning Model Exploitation (24%) and Agentic AI Hijacking (12%) representing the top three dominant areas of focus and most solved challenges within the analyzed period.
At the same time, traditional role boundaries are becoming less rigid. Growing overlap between offensive and defensive training points to a more integrated model of cybersecurity capability development, where practitioners build complementary skills across domains rather than operating in silos. This shift supports a more collaborative, purple-team approach that prioritizes adaptability across the full attack-defense lifecycle. The findings suggest that effective teams will increasingly be defined by adaptability, judgment, and cross-functional expertise, challenging CISOs not simply to adopt AI tools, but to ensure their teams have the skills to test, validate, and defend increasingly complex environments.
Structured hands-on training programs are accelerating this transition, with AI-focused training completion rates reaching 64%, reinforcing the role of organization-led learning in building advanced cybersecurity capabilities.
Meanwhile, the cybersecurity workforce is becoming more globally distributed, with India emerging as a key talent hub alongside the United States, the United Kingdom, France and Brazil, which together account for nearly 36% of global cybersecurity upskilling captured in the report.
Implications for CISOs: Rethinking workforce development strategy
To remain effective in an AI-driven landscape, the report suggests security leaders must:
- Prioritize AI security skills to address emerging attack vectors and secure AI-enabled systems
- Invest in integrated training models that combine offensive and defensive capabilities
- Expand global talent pipelines to access emerging skill hubs and address workforce shortages
- Commit to continuous, hands-on upskilling to maintain operational readiness
Structured, hands-on training programs are proving critical to this effort, with enterprise-led initiatives driving higher engagement and faster adoption of emerging skills compared to self-directed learning.
The full report is available here.
Related News:
