For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority.AI may finally be changing that equation.The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined with the spread of agentic AI inside enterprises — has created something security leaders rarely enjoy: urgency at the board level.That urgency was unmistakable at the recent SANS AI Cyber Summit in Washington, DC, where former deputy national security adviser Anne Neuberger urged security leaders to capitalize on the moment.“We have a moment in time now where the knowledge of how LLMs are enabling attacks … [means] let’s change the culture, let’s operate with speed,” Neuberger said during a keynote address.Her comments came just days after Bain & Co. warned that many organizations may need to double or even triple cybersecurity investments to prepare for the operational challenges created by advanced AI systems such as Anthropic’s Mythos.“What I’m seeing is very refreshing,” Nate Rollings, CISO at threat exposure management vendor Zafran Security, told attendees at the recent CSO Cybersecurity Awards and Conference in Nashville.“Over the last couple years, we’ve seen these budgets for the business and IT to adopt AI … to drive revenue-generating activity,” he noted. “Because of Mythos and Glasswing, there’s been this realization that we haven’t enabled AI as much as we need to in security.” As a result, “we’re seeing this buy-in from the top down to say, ‘Listen, we need to increase some of the budget so we can use AI within security in response to AI threats.”For many CISOs, the convergence feels less like another hype cycle than a structural shift — especially as organizations rapidly deploy autonomous systems that security teams barely understand how to govern.How AI is expanding enterprise riskWith the rapid adoption of AI agents, organizations are creating a new operational layer across their enterprises. These systems are increasingly capable of making decisions, initiating actions, accessing sensitive systems, and interacting with other software at machine speed with minimal human oversight.“Agentic AI is operating in ways we have not seen before in business,” Diana Kelley, CISO at Noma Security, tells CSO. “We’re now protecting a decision and automation layer with AI because agentic AI is making decisions.”Bernard Brantley, CISO at Corelight, tells CSO that AI is exposing years of accumulated technical debt by collapsing operational boundaries that security teams once relied on to isolate systems, data, and identity domains.“I’ve got a single potential agent that can go interact with all 50 interfaces available in the company in a sub-second,” he says. “Now we have to think about how much and how widely it proliferates.”“If we said every person in the company now has three agents, we’re now three orders of magnitude bigger in the landscape that we need to go secure,” Brantley adds.Existing security architectures were built for human-driven systems, not autonomous agents operating continuously at machine speed, forcing organizations to rethink identity management, monitoring, behavioral controls, and boundaries around AI systems.“You have to monitor it,” Kyle Lai, president and CISO of KLC Consulting, tells CSO. “If it starts misbehaving, capture it just like a human account.”Security leaders say one of the biggest emerging challenges is visibility. Many organizations still lack reliable ways to monitor what AI agents are accessing, what decisions they are making, which systems they are interacting with, and whether those actions remain aligned with corporate policy over time.Unlike traditional software, autonomous agents can dynamically chain together actions across multiple enterprise systems, making it significantly harder for security teams to predict behavior or constrain access using conventional privilege models.Lai says organizations increasingly recognize that AI agents require the same identity, logging, auditing, and behavioral controls historically applied to employees and privileged users.At the same time, AI is accelerating operational risk elsewhere inside enterprises. AI-assisted coding systems, for example, are enabling developers to generate enormous amounts of software quickly — but often without fully understanding the resulting security implications.Risk is accelerating faster than security teams can adaptSecurity leaders say generative coding systems are compressing development cycles faster than many organizations’ existing security review processes can realistically keep pace.Developers are increasingly deploying AI-generated code they may not fully understand, potentially introducing vulnerabilities, insecure dependencies, authentication flaws, and configuration errors into production environments at scale.“AI is generating a lot of code,” Lai says. “If you don’t manage the vulnerabilities generated by the AI, then it’s going to create more issues because now you’re creating all these vulnerabilities.”The operational implications are forcing many organizations to rethink cybersecurity less as a defensive IT function and more as a governance layer for autonomous enterprise systems.That shift is helping elevate cybersecurity discussions into broader conversations surrounding AI adoption, operational resilience, workforce automation, and business risk.Enterprise leaders are listening in ways they rarely have beforeAI is also changing C-suite and boardroom behavior.For years, many security leaders struggled to persuade boards that cyber risk represented a strategic business issue rather than simply an IT expense.“We often talk about culture as a defense mechanism to change,” Neuberger said at the SANS summit. “What we’re also seeing is suddenly CEOs talking about LLMs, talking about projects, and concerned about cybersecurity. That’s a massive change.”That attention matters because security spending has historically surged only when cyber risk becomes tied to broader business transformation.AI now sits at the center of boardroom conversations about competitiveness, automation, workforce productivity, and digital strategy, giving CISOs a rare opportunity to frame cybersecurity as an operational prerequisite for safe AI adoption.However, Brantley believes security leaders should resist fear-based messaging and instead position cybersecurity as a business enabler. “The increase in cyber budget should actually be oriented toward delivering business value with respect to the current or strategic AI goal,” he says. “There’s no way to address things at the speed of AI without using AI.”And what that often means is spending more on AI to tackle AI challenges. “I think [the increased spend] is going to be a blend of, say, 10 new people who are well-versed in this AI problem and potentially a contractor or a vendor who’s got a solution there, and then I will spend the money on the AI tokens to get to that answer.”The most effective leader-level pitch may be that cybersecurity is becoming the operational foundation that allows organizations to scale AI safely without losing visibility, governance, or control.“Data poisoning, indirect prompt injection, agents taking rogue actions — that’s all part of the risk conversation at an organization,” Kelley says. “This is a risk conversation about how the business is making decisions.”Budget requests need a business caseNot everyone believes AI will trigger a cyber spending boom.Ian Thornton-Trump, CISO at Inversion6, warns that some organizations risk treating AI as a catch-all justification for spending without clearly articulating underlying business risks.“I think waving the flag of AI is the wrong answer,” Thornton-Trump says. “I would be laughing as an executive at a company if somebody came to me and said, ‘I want to spend a ton of money on AI for cyber.’”Thornton-Trump argues that boards continue to balance cybersecurity against a long list of competing strategic concerns, including geopolitical instability, climate risk, fraud, supply chain disruption, and rising operational costs.“Ask for more money, but have a plan,” he says. “Especially a plan that incorporates the fact that you’re not going to get everything you ask for.”The debate, in other words, isn’t really about whether to spend — it’s about whether security leaders can articulate why clearly enough to be heard.Whether the advent of AI is enough to boost budgets, it’s clear that frontier AI, autonomous enterprise systems, and executive fear of falling behind competitors have suddenly aligned cybersecurity with core business strategy.The result would be the most significant shift in enterprise security spending since the rise of cloud computing — not because leaders suddenly fear cyberattacks more, but because they increasingly view cybersecurity as the operational foundation that makes large-scale AI adoption possible.