Yeah Mythosfrom Anthropic, and GPT-5.4-Cyber, from OpenAI, have been presented as models capable of detecting and exploiting vulnerabilities, the quick conclusion seems quite evident: cybersecurity profiles could begin to become redundant. After all, we are talking about models aimed at moving in one of the most delicate areas of technology: finding flaws before others take advantage of them. The answer, at least for now, goes in the opposite direction to that first intuition. AI is not making the expert irrelevant. On the contrary: today it is more necessary than ever.
That signal is already beginning to be noticed clearly in the United States, where the NYT has put figures and testimonies to a trend that was gaining strength: the hiring of cybersecurity profiles. The American newspaper points out that offers in the sector grew by 11% year-on-year in the first quarter, according to Glassdoorand shows how some executive search firms are receiving more assignments to find managers with experience in security breaches, data protection and code review. The reason is not just to protect data. There is also a need to respond to incidents and understand how AI changes the risk surface of companies.
The key is that this new layer of AI not only changes the tools of those who protect the systems. It also modifies the possibilities of those who try to compromise them. Reuters pointed out a few days ago that Attackers are increasingly using AI to detect vulnerabilities, and Check Point has warned in its 2026 Cybersecurity Report that AI attacks have moved from the experimental phase to a routine criminal deployment.
More tools do not mean fewer cybersecurity experts
The market, furthermore, is not asking for exactly the same thing as it did a few years ago. Cybersecurity continues to be the umbrella, but more specific capabilities are beginning to weigh heavily within it: AI, cloud security, engineering, analysis and risk assessment. The 2025 ISC2 Cybersecurity Workforce Study points out that hiring managers place AI among the most in-demand skills, with 27%, and professionals raised that perception to 44%. The conclusion is important: knowing about security is not enough. It is becoming increasingly important to understand how this security is integrated into complex systems obviously crossed by AI.
Fortinet did a survey and found that 49% of respondents fear that AI will increase cyberattackswhile 97% of organizations already use or plan to use a cybersecurity solution that takes advantage of this technology. So it seems that companies are not only concerned about the offensive use of AI, they are also trying to incorporate it into their own defenses. And that opens up another less visible, but equally important, need: having teams capable of evaluating these tools and integrating them judiciously.
In Spain, photography also points to a sector in full expansion. INCIBE summarizes it with a very useful phrase to ground the phenomenon: “Cybersecurity is already one of the most dynamic sectors of the Spanish digital economy.” According to the study on the cybersecurity industry in Spain 2025the organization places employment at 164,761 people and points out that cybersecurity already represents 25.55% of employment in the ICT sector. The forecast, furthermore, does not speak of a specific increase: between 2026 and 2029, the sector will grow at an annual rate of 14.25%, until reaching 282,157 jobs at the end of that period.
“Cybersecurity is already one of the most dynamic sectors of the Spanish digital economy.”
The problem is that this growth comes with an obvious tension: there are not always enough profiles prepared to cover what companies need. Deloitte formulates it from the side of those responsible for security: “Nearly 38% of CISOs identify reliance on scarce profiles as a significant challenge, reflecting a persistent gap between growing demand for capabilities and limited market supply.” The consequence is that many organizations end up relying on external talent to support your defenses. In fact, Deloitte points out that in 2026, 60% of cybersecurity personnel will be external.
Seen from Spain, the phenomenon shares the same background, although with its own nuances. The United States remains one of the epicenters of the AI industry and we cannot understand this trend without looking at what is happening there, but it is also not advisable to extrapolate its market dynamics as if they were identical to those of Europe. Other indicators come into play here: employment growth, relevant weight within the ICT sector and dependence on external profiles in many organizations. The conclusion, however, points in the same direction on both sides of the Atlantic: AI is forcing cybersecurity capabilities to be strengthened, not reduced.
Images | Xataka with Nano Banana
In Xataka | How often should we change ALL our passwords according to three cybersecurity experts
GIPHY App Key not set. Please check settings