Group Purchasing
Group Purchasing

Own AI Securely: The SANS Secure AI Blueprint

Own AI Securely: The SANS Secure AI Blueprint (PDF, 1.74MB)Published: 09 Sep, 2025
Created by:
Rob T. Lee
Rob T. Lee

Own AI Securely: The SANS Secure AI Blueprint, published by SANS Institute in September 2025, introduces a three-track framework (Protect AI, Utilize AI, Govern AI) for moving enterprise AI adoption from experimentation to secure, governed deployment at scale. The paper combines SANS's own SOC research with data from Gartner, AWS, Verizon, Deloitte, and other industry sources to show where AI security commitments are lagging behind adoption.

Key Findings:

  • Only 27% of CISOs have mapped their organization's AI controls to established security frameworks (Gartner, March 2025)
  • 45% of IT leaders now prioritize generative AI over cybersecurity in their budgets, while security tools receive only 30% of the focus (AWS survey)
  • 66% of boards report limited to no knowledge or experience with AI, and fewer than 1 in 3 organizations have a comprehensive AI governance framework in place (Deloitte)
  • AI-driven attack workflows now execute privilege escalation and lateral movement roughly 47 times faster than human-speed benchmarks, based on SANS's analysis of MIT, Horizon3, and CrowdStrike research
  • Over 75% of 2025 social engineering breaches involved pretexting or phishing content that showed signs of AI-assisted generation (Verizon Data Breach Investigations Report)
  • AI-driven reconnaissance cut the time from initial compromise to privilege abuse from weeks to under 48 hours in observed cases (Verizon DBIR)
  • GenAI tools scored just 2 out of 4 in analyst satisfaction, ranking among the lowest-performing technologies in the SOC (SANS 2025 SOC Survey)
  • 42% of SOCs use machine learning tools out of the box with no customization or workflow integration (SANS 2025 SOC Survey)
  • A majority of SOCs still run with just 2 to 10 full-time analysts, a staffing level unchanged since SANS began tracking in 2017 (SANS SOC Survey)
  • LLM-enabled applications on corporate networks grew 4x year-over-year in 2025 (Cisco Talos threat intelligence team)
  • 74% of CEOs globally say they could lose their job within two years if they do not deliver measurable AI-driven business gains (Dataiku and Harris Poll survey)
  • 68% of Fortune 2000 organizations already have AI in production, with many deployments mandated from above and little governance behind them (Mayfield survey)

Across these findings, the pattern holds steady: enterprise AI adoption is outpacing the ability to secure, monitor, and govern it. Budgets, board fluency, and SOC tooling all lag behind deployment speed, while attackers face none of the same constraints. The paper's position is that protecting, utilizing, and governing AI need to function as one connected discipline, with the SANS Critical AI Security Guidelines' six control categories (Access, Data, Deployment, Inference, Monitoring, and Model Security) providing the common backbone across all three tracks.

The paper draws on SANS's own 2025 SOC Survey alongside third-party research from Gartner, AWS, Cisco Talos, Verizon's Data Breach Investigations Report, Deloitte, Dataiku and Harris Poll, and Mayfield.

More SANS AI research, webcasts, and practitioner tools at sans.org/ai.

Meet Your Author

Rob Lee
Rob Lee

Rob T. Lee

Fellow

Rob T. Lee is Chief AI Officer and Chief of Research at SANS Institute, where he leads research, mentors faculty, and helps cybersecurity teams and executive leaders prepare for AI and emerging threats.

Read more about Rob T. Lee