The IT Nerd

Vanta today released its third annual State of Trust Report, an in-depth analysis uncovering global trends in AI, security, compliance, and trust from a survey of 3,500 IT and business leaders across the U.S., U.K., France, Germany and Australia.

Today, 72% of organizations say the security risks for their company have never been higher—a 17 point increase from 2024 when 55% said the same. As AI-driven cyber threats proliferate, organizations admit they can’t keep up, with a majority (59%) of business and IT leaders warning that AI cyber threats are advancing faster than their security team’s expertise to deal with them. In the past year, half of all organizations reported an increase in AI-generated phishing (49%), AI-powered malware (48%), and AI-driven identity theft or fraud (47%). 

On the other hand, companies leveraging AI agents to protect against AI-cyber attacks is increasing sharply, with 8 in 10 leaders currently using AI agents or planning to this year. However, AI usage doesn’t match the understanding of the technology—particularly when it comes to agents with nearly two-thirds (65%) saying their use of agentic AI outpaces their understanding of it. 

Agentic AI adoption is high, but control is low

To combat the surge of new attack vectors, security teams are trusting agentic AI with everything from decision-making to security strategy. But a lack of governance threatens to do more harm than good:

• 79% of leaders are currently or planning to use AI agents to protect against AI-cyber attacks
• 61% say they trust agentic AI to override human decision-making in certain scenarios like suspending a risky browser extension or session when a policy violation is detected 
• 71% of teams feel comfortable with agentic AI giving input on security strategy
• But AI usage doesn’t match understanding—nearly two-thirds (65%) say their use of agentic AI outpaces their grasp of it 
• A mere 48% have developed a framework for granting or limiting autonomy in AI systems

Security theater is getting in the way of real protection 
The security paradox of AI means that as customers demand more proof of security, many teams are spending more time proving security, rather than improving it.

While 8 in 10 believe improving security and compliance directly boosts customer trust, leaders say their organizations only spend half of what they should on security—dedicating 10% of IT budgets to security vs a 17% ideal. This amounts to 12 working weeks per year spent on compliance related tasks (vs 11 last year), and 9 working weeks per year on vendor security reviews and risk assessments (vs 7 last year).

As a result, 61% say they spend more time proving security rather than improving it, with 64% saying today’s security frameworks feel like ‘security theater’.

AI banishes cybersecurity team burnout
Amid growing compliance pressure, AI is both a relief valve and a reinvention tool. It’s helping overburdened teams do more with less, automating manual tasks and freeing up time for meaningful security work:

• 76% of security and compliance leaders say AI and automation tools are reducing burnout and improving day-to-day productivity
• 95% believe AI and automation have improved security team effectiveness
• 1 in 2 say that risk assessments and incident response times are faster and more accurate with AI

Vantacon 2025: How AI is rewriting trust 

On November 19, Vanta will host VantaCon 2025: How AI is Rewriting Trust, bringing together security’s brightest minds for a half-day of keynotes and panels exploring how AI is transforming trust, risk and compliance.

Speakers including Alex Stamos, CSO at Corridor & Professor at Stanford, Former Chief of Security at Facebook; Jason Clinton, CISO, Anthropic; Jason Priest, VP, Security / CISO, 1Password; Mandy Matthew Lead Security Risk Program Manager, Duolingo and Andrew Becherer, CISO, Sublime Security. 

To learn more, visit https://www.vanta.com/vantacon

Methodology
In July 2025, quantitative research conducted by Sapio Research was commissioned by Vanta to understand the challenges and opportunities businesses are facing when it comes to security and trust management. Vanta and Sapio Research co-designed the questionnaire and surveyed the behaviors and attitudes of 3,500 business and IT leaders across the U.S., UK, France, Germany and Australia. 

For consistency with prior years’ analyses, the data presented here and in the global report reflects a subset of 2,500 respondents from the U.S., U.K., and Australia. Tracking data from the 2024 State of Trust Report has also been included, sample sizes in 2024 were 1,000 in the UK and U.S. and 500 in Australia.