Gartner: GenAI Has Broken Traditional Cybersecurity Awareness – What Comes Next?

The rapid diffusion of generative AI across enterprises has expanded the human risk surface far beyond traditional phishing and malware vectors. Gartner’s 2025 survey shows that more than half of workers are already using personal AI tools for business purposes, often feeding sensitive data into public models without oversight. This "shadow AI" phenomenon erodes visibility for security teams and creates new avenues for data exfiltration, while AI‑enhanced deepfakes and automated phishing campaigns increase the likelihood of successful social engineering attacks.

Legacy awareness programs, built on static training modules and periodic reminders, struggle to keep pace with AI‑driven threats. The indistinguishability of AI‑generated content removes familiar cues, and the speed at which malicious actors can personalize attacks overwhelms conventional defenses. Gartner advocates a pivot to Security Behavior and Culture Programs (SBCPs) that focus on real‑world decision making. By integrating AI‑specific simulations, micro‑learning, and continuous feedback into daily workflows, organizations can reinforce secure habits rather than relying on one‑off knowledge checks.

Implementing this behavioral shift requires clear governance, cross‑functional ownership, and heightened AI literacy. Leaders must define approved GenAI tools, enforce data classification rules, and educate staff on prompt injection risks and hallucination verification. Accepting operational friction—such as pausing to validate AI outputs—becomes a resilience metric rather than a productivity penalty. As AI embeds deeper into business processes, cultivating a culture where secure AI interaction is the default will be the decisive factor in mitigating emerging cyber risks.