Security threats have always been expanding and evolving, but recent data shows that modern applications are more complex for security and operations than ever before. And AI is only a piece of that puzzle.
To stay on top of the changing market and hear directly from security leaders on what’s really top of mind, Sumo Logic surveyed over 500 security leaders with the help of UserEvidence. We asked about data pipelines, tool sprawl, confidence in SIEM, and, of course, AI. Get your copy of the full report.
The AI confidence gap: enthusiasm meets implementation reality
Artificial intelligence has captured the security operations imagination with unprecedented speed. 90% of security leaders say AI is extremely or very important in their decision to purchase a new security solution. This represents one of the fastest adoptions of transformative technology in enterprise security history.
The enthusiasm has solid foundations. 90% of security leaders say AI/ML is valuable in reducing alert fatigue and improving detection accuracy—targeting the two persistent pain points that plague security operations most acutely. Alert fatigue has become endemic, with teams drowning in notifications and struggling to separate genuine threats from false positives. AI promises to cut through this chaos by intelligently prioritizing alerts and surfacing patterns that human analysts might miss.
Learn more about cybersecurity team burnout in our recent podcast episode.
Yet when we examine where security leaders actually deploy AI in their operations today, a different picture emerges. The most common AI use case is basic threat detection at 49%, followed by automated response at 20% and incident triage at just 9%.
This distribution reveals the gap between AI’s theoretical potential and its practical implementation. Organizations are using AI primarily for foundational capabilities—such as threat detection—rather than advanced workflow automation that could transform the efficiency of security operations. The sophisticated use cases that marketing narratives emphasize remain relatively rare in actual deployments.
What explains this disconnect? The answer lies in data architecture. AI is only as intelligent as the data it can access. When security data remains siloed across disconnected tools, AI capabilities become fragmented as well.
Each tool can only apply AI to its narrow data domain rather than leveraging comprehensive context across the entire environment. Yes, there are security risks when exposing all data to AI, creating some mixed signals for the best path forward for security professionals.
61% of security leaders prioritize AI/ML capabilities when evaluating SIEM platforms. But how AI is integrated into the SIEM and which parts of the workflow can be automated will vary depending on risk appetite and comfort levels with AI.
Organizations pursuing AI capabilities while maintaining fragmented tooling will continue experiencing the gap between AI’s promise and its practical impact.
How many tools do security teams use?
If there’s one challenge security operations teams universally acknowledge, it’s tool proliferation. The data confirms what practitioners experience daily: 55% of respondents say they struggle with too many point solutions in their security stack, with 40% saying they’re juggling too many siloed tools. But how many tools are too many?
45% of respondents use six or more security tools, and 10% use more than ten tools. Add in the fact that 63% of security leaders say operational costs are their biggest pain point, and it becomes clear that too many expensive tools are fragmenting workflows, costing resources, and not even driving better security postures.
This fundamentally undermines security efficacy. When tools don’t share data, it becomes difficult to assess threats across the environment or to see the full attack chain. This creates security gaps that attackers can easily exploit while simultaneously slowing incident response:
Investigation complexity multiplies. When security data resides in multiple disconnected systems, analysts must manually pivot between tools to gather context, correlate events, and understand attack sequences. What should take minutes stretches into hours as analysts copy data between consoles and attempt to reconstruct timelines from fragmented sources.
Alert fatigue intensifies. Each tool generates its own alerts based on its limited view of the environment. Without unified context, organizations receive duplicate alerts for the same underlying issue, false positives from tools lacking broader environmental context, and missed threats that require correlating signals across multiple systems.
AI effectiveness degrades. When AI operates on siloed data, it can only detect patterns within each tool’s narrow domain. The sophisticated threat detection and automated response that AI promises requires comprehensive data, which fragmented tooling inherently prevents.
Team efficiency suffers. Security analysts spend disproportionate time on tool management rather than on security work. Each platform requires its own expertise, maintenance, and integration effort. As stacks grow, the operational overhead grows proportionally.
Unified operations deliver measurable value
We’ve often said over the years that we need to break down siloes. By unifying visibility across tools and teams, organizations can move faster, secure their environments, and deliver reliable experiences. The data backs this up.
Beyond specific capabilities, our research reveals a fundamental insight about operational efficiency. 87% of security leaders agree that unified security and monitoring tooling would improve team efficiency, with 42% strongly agreeing. 80% of respondents say security and DevOps teams use shared tools, but less than half say the teams are aligned on tooling and workflows.
Interestingly, of the teams that say they’re very aligned, we see significant increases in their satisfaction with tools, belief that their SIEM is very effective at reducing MTTR, and confidence that their tools were designed for modern application environments.
As always, it seems to start with alignment between teams and unified visibility. So, is it any surprise that 100% of security leaders say that a unified platform would be valuable for security and DevOps teams?
Final thoughts
At Sumo Logic, we often talk about the value of bringing security and operations teams together, of sharing data built on a single source of truth with shared visibility. We highlight how AI can accelerate this for organizations, particularly with our AI agents in Dojo AI.
Security leaders are grappling with the same challenges around AI, tool sprawl, data pipeline visibility, team alignment, and more. Check out the full report to see all the ways that your team aligns with other security teams. And be sure to read the report for more details about the state of security operations in 2026.
