aisecurity.llc
Survey Findings
What the primary research layer shows across all four survey instruments and the flash baseline.
Per-persona narrative
Recruiters & Hiring Managers
Staffing roles ahead of the programs
With an average maturity of 1.8/5, hiring managers are building requisitions before building programs. The hardest skills to source — prompt injection testing, agent security, secure AI SDLC — are precisely the capabilities that require program infrastructure to apply.
Take this survey →CISOs & Security Leaders
Ownership fragmentation at the leadership layer
32% of security leaders report no clear AI security owner — the highest rate across all personas. Budget fragmentation mirrors this: 23% report no dedicated AI security budget, while 36% rely on informal allocations from the general security envelope.
Take this survey →AI Security Engineers & Practitioners
Observed risk confirms the theoretical hierarchy
Practitioners have operationally encountered what hiring managers are trying to staff against: 49% have observed sensitive data leakage in prompts or outputs, 44% have seen insecure RAG retrieval, and 43% report poor authorization around retrieved data. These are not theoretical risks.
Take this survey →Adjacent Security Engineers
A latent pipeline waiting for pathways
53% report active or near-term transition interest into AI security. But 30% cite no clear ownership structure as the reason they haven't moved yet. The workforce is willing; the organizational scaffolding is missing.
Take this survey →Methodology and interpretation guidance
- ›Minimum defensible sample threshold: 30 responses per persona bucket. Recommended credible baseline: 50.
- ›All findings are aggregate directional signals from self-reported responses — not independent audits of individual organizations.
- ›Psychometric and survey outputs reflect role-language and self-reported indicators, not individual capability diagnoses.
- ›Sponsor support does not influence methodology, scoring, or editorial conclusions.
- ›Cross-persona comparisons use a 12-question shared core present in all four full survey instruments.
- ›Results are intended for triangulation with ATS corpus data, arXiv research signals, and GitHub tooling activity — not as standalone primary evidence.