Security leaders are seeing the benefits of AI in security operations, but not at the scale vendors claim, according to a new study by Sumo Logic.
In its 2026 Security Operations Insights report, published on January 28, the cloud SIEM provider found that 96% of surveyed security leaders said they’ve adopted AI and machine learning (ML).
Of these, 90% believe AI is valuable in reducing alert fatigue and improving detection accuracy and almost half (49%) said it is “extremely” valuable.
Nevertheless, the Sumo Logic study showed that the devil is in the details: despite this seemingly widespread adoption of AI for security operations, respondents only mentioned what the cybersecurity firm described as “relatively basic AI use cases.”
These included AI/ML for threat detection, which 49% of security leaders mentioned as their prime use of AI in security operations, automated response (20%), anomaly detection (17%) and incident triage (9%).
“This contradicts the marketing narratives that suggest most security leaders have widely adopted AI throughout their security and cloud operations workflows,” the report said.
Read more: AI Security Threats Loom as Enterprise Usage Jumps 91%
Security Leaders Blame Inflated Security Tech Stacks
The Sumo Logic report also showed that, while most organizations are modernizing their technology ecosystems – an effort largely driven by cloud adoption – security leaders have many contentious points regarding their security tech stack.
For instance, over half of respondents (55%) estimate they have too many point solutions in their security stack, with 93% of organizations using at least three security operations tools and 45% using six or more.
Furthermore, 80% of respondents said their security and DevOps teams use shared observability tools, but only 45% said the two teams are very aligned on tooling and workflows.
Overall, the Sumo Logic study found that most organizations are experiencing rapid change in their application environments, yet only 37% of the security leaders surveyed strongly agree that their security tooling is designed for these environments.
Sumo Logic’s 2026 Security Operations Insights report was built in collaboration with UserEvidence, which conducted a survey of 506 security leaders and practitioners in October 2025, ensuring a vendor-neutral sample. Respondents included 81% security managers or directors (31% managers, 21% directors) and 19% practitioners, all from organizations with over 500 employees – primarily mid-sized (40% with 500-999 employees, 31% with 1000-4999). Most (72%) worked in IT, with smaller shares in manufacturing, financial services, healthcare and other industries.
