AI-related job cuts mostly hit entry-level roles, as AI skills become essential

SAN FRANCISCO — AI is mostly reducing entry-level jobs in cybersecurity but impacting every role as AI-related skills are becoming more essential, SANS Institute CEO James Lyne and Chief AI Officer Rob Lee said during a talk Monday at the RSA Conference 2026.

Lyne and Lee discussed insights from the SANS Institute’s 2026 Cybersecurity Workforce Research Report released Monday, which explores the effects that AI, regulations and skill shortages are having on today’s cybersecurity workforce.

The report, based on responses from more than 900 cybersecurity leaders and human resources (HR) professionals, reveals that only 39% of organizations reported no AI-related role reductions. Most of these reductions hit entry-level security analyst roles (32%), followed by threat intelligence analysts (26%) and incident responders (22%).

The speakers noted that this does not necessarily reflect layoffs, but can also include hiring freezes, or “compression” and “reconstitution” of some roles. However, 39% of survey respondents reported that AI has had a significant or moderate impact on cybersecurity team size, and 31% reported a slight impact.

Related reading

At the same time, new AI-focused jobs are being created, and there’s a growing demand for AI skills.

“Cybersecurity practitioners who use AI are likely to replace those who don’t,” Lyne said.

Most organizations (72%) reported creating or filling new AI-related security roles, including AI/ML security specialist (34%), AI security engineer (32%) and AI governance analyst (30%). Despite this, AI security training adoption lags, with only 20% of organizations training all staff and 18% only training their cybersecurity team.

AI workforce pros and cons

“I see AI as a net positive to be able to increase the capabilities of the workforce. For example, organizations that have a hard time deploying a massive cybersecurity team,” Lee said in response to a question from SC Media about the technology’s advantages and disadvantages.

Lee said critical infrastructure facilities with limited budgets, such as water utility plants, can benefit from the use of AI agents, and that if a staff shortage leads to an outage, people will ask, “Why did they not implement some of the AI capabilities that are out there?”

Still, AI’s impact on entry-level jobs can be worrying, not only for aspiring practitioners, but for organizations who seek to hire experienced talent in the future.

“If we don’t end up with enough practitioners learning those foundational skills, we don’t have seniors and experts later,” Lyne told SC Media.

RSAC 2026:

SANS’ report further revealed how the “senior talent squeeze” is already impacting businesses, with nearly half of respondents saying senior (10-15 years of experience) and expert (15 or more years of experience) level roles are the most difficult to fill. More than half of respondents said these roles take six months or longer to fill on average.

An attendee who spoke with SC Media after the session expressed his concerns about the impact of AI not only on his own role, but on the future generation of workers.

“I’m 56 years old. I’m trying to stay relevant for another 10 years, and that’s not going to be easy to do, necessarily, but it will be possible if I’m focused on my approach,” said Jerald Winters of Marketplace Events. “But I also have younger children. I’ve got a 12-year-old son, for example, and I want him to be relevant, and so while I came to the conference here for myself and for my own career development, I’m always thinking about him as well and what we can do to help him.”

Winters said the speakers recommended helping his son “learn how to be creative with AI” as a starting point for building AI skills in the future.

“By learning those skills on how to use AI to generate and create things, that will help him to apply that to any field he goes into,” Winters said.

Skills gap, not headcount gap, drives talent shortage

Beyond AI, regulatory pressure is also affecting hiring practices and job roles. In fact, the percentage of organizations that reported a regulatory impact on hiring jumped from 40% to 95% between 2025 and 2026.

Regulatory requirements like the European Union’s Network and Information Security Directive 2 (NIS2) and Digital Operational Resilience Act (DORA), the U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program and DoD 8140 framework, and the Securities and Exchange Commission’s cybersecurity rules have driven a 30 percentage-point increase in organizations reporting a need for more job specialists (23% to 53%).

“Compliance is forcing teams to add skills, not necessarily headcount,” noted Lyne, highlighting another key finding from the report: that the skills gap is growing and surpasses the headcount gap for 60% of companies.

This skills shortage leads to detriments such as delayed projects, as reported by 57% of organizations, burnout (47%), slower incident response (47%), reduced monitoring capabilities (42%) and inability to adopt new technologies.

Strengthening the workforce, Lee and Lyne said, involves identifying these skill gaps, establishing a workforce development plan and using frameworks such as the National Institute of Standard and Technology’s NICE Framework for Cybersecurity, the European Cybersecurity Skills Framework (ECSF) or the Saudi Cybersecurity Workforce Framework (SCyWF) to clearly define job qualifications and required skills when hiring.

Organizations should also aim to implement career progression and upskilling programs, establish AI governance and AI training programs for all employees and seek certifications to validate their team’s skills, the speakers concluded.