The rapid advancements in artificial intelligence, particularly through powerful models such as Anthropic’s Claude Mythos, have unveiled significant challenges beyond traditional coding frameworks. The cybersecurity industry faces a tremendous dilemma: a shortage of cybersecurity talent and training opportunities, exacerbated by the automation capabilities of AI. These developments pose a serious threat to the recruitment and training of the next wave of cybersecurity professionals, as they effectively make existing training pathways obsolete.

The 2026 SANS/GIAC Cybersecurity Workforce Research Report highlights a startling statistic: while only 4% of organizations report that entry-level roles are difficult to fill, these roles—such as SOC analysts, threat intelligence analysts, and incident responders—are among the first being automated. In fact, 32% of companies surveyed reported cutting SOC and security analyst roles, with 26% scaling back on threat intelligence analysts and 22% making cuts to incident response personnel. SANS underscores that these positions are foundational for developing the skills necessary for upcoming leaders in cybersecurity. Eliminating these entry-level roles threatens to hinder the growth of expertise within the field.

Jeff Pollard, a vice president and principal analyst at Forrester, remarked, “Every technology organization appears to be moving away from hiring entry-level personnel, the very individuals who could develop into future experts.” According to Pollard, this trend results in an over-reliance on technology, which is inherently flawed, as it often produces erroneous information. The transformation of cybersecurity work is being accelerated by AI technologies, which reduce manual analysis time for 49% of organizations surveyed and automate workflows for another 48%. However, this shift poses a significant risk to the apprenticeship model that has traditionally been the backbone of cybersecurity training.

Rob T. Lee, the chief AI officer at the SANS Institute, argued for the need to shift the industry toward a training model akin to those used in fields like medicine or law, where on-the-job experiences are vital. “We need to focus on developing higher-level skills,” he emphasized. Lee pointed out that the existing methodology, which involves climbing the ranks through roles in security operations centers, may soon require a more specialized approach to career progression.

Jon France, CISO at ISC2, further elaborated on the changing nature of work, describing three models of human-AI collaboration: “human in the loop,” where a person reviews tool outputs; “human on the loop,” which involves oversight after the tool has acted; and “human out of the loop,” wherein automation functions independently. As things stand, France believes that the industry is primarily functioning in the “human on the loop” model, especially in entry-level roles where responsibilities may shift from traditional tasks to leveraging AI to uncover trends.

Despite the challenges, France posited that entry-level roles will not disappear entirely but will undergo significant transformations. ISC2’s 2025 AI Adoption Pulse Survey supports this perspective, revealing that 52% of cybersecurity professionals maintain that AI will lessen the demand for entry-level staff while 31% anticipate the emergence of new junior roles. The pace of these changes is propelling discussions within the industry.

Legacy Issues Resurface

The interplay between AI and workforce dynamics unveils another layer of complexity: a growing workforce gap stemming from an aging software development cohort. Many vulnerabilities currently discovered by advanced AI models such as Claude Mythos predate today’s cybersecurity professionals, necessitating a deep understanding of outdated code languages that many current team members may not grasp. Pollard warns that this situation mirrors the historical “COBOL problem,” wherein the retired developers trained in legacy systems led to a shortage of professionals equipped to handle their intricacies. As is the case, new teams will require substantial training to address these older systems if there is any hope for successful remediation. According to Lee, AI may assist in bridging these gaps, serving as a powerful resource, although human oversight remains crucial.

A New Paradigm for Hiring

Pollard suggests a transformative approach labeled “philanthropic hiring,” which would involve organizations bringing in entry-level employees—even when AI could automate their tasks—while investing in their long-term training and development. The aim is to cultivate a skilled workforce that can contribute significantly to the organization over time, thereby reducing the need to outbid competitors for seasoned professionals in the future.

Lee encourages tech leaders to utilize AI transformation budgets to bolster cybersecurity resources. He contends that the assumption AI will merely eliminate roles is misguided, heralding the advent of new job types—such as those in vulnerability operations—that did not exist prior to the rise of AI-driven discovery tools.

The Challenge of Career Visibility

Even when organizations proactively invest in nurturing junior talent, they risk losing those employees to more enticing opportunities if clear career pathways are not established. The SANS survey indicates a striking increase in companies citing unclear career trajectories as a significant barrier to recruitment—32% of organizations identified this as an issue, up from just 9% the year before. Furthermore, 31% of companies mentioned it as a retention challenge, while only 24% offered clearly defined career paths.

Lee highlights a growing frustration among employees who, after being hired for entry-level wages, find it difficult to advance due to HR-imposed restrictions on raises. This creates a costly cycle of turnover and loss of institutional knowledge. To mitigate such issues, CIOs and CISOs must develop long-term strategies that ensure the preservation of talent within their organizations. The redesign of entry-level roles for an AI-driven landscape is essential, introducing new responsibilities that blend AI efficiencies with practical knowledge.

Ultimately, the evolving cybersecurity landscape demands ongoing commitment to the development of entry-level professionals. France emphasizes that efforts to cultivate new talent must involve continuous training and learning opportunities. “It’s not a one-and-done situation; we must commit to a sustained relationship that fosters skill development and career growth,” he said.