Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI adoption inside security teams is now near-universal. Tines' Voice of Security 2026 report found that 99% of SOCs use AI in some capacity. What hasn't kept up is the policy that's supposed to govern it. ISACA's 2026 AI Pulse Poll found 56% of digital trust professionals don't know how quickly they could shut AI down after a security incident. The policy was supposed to handle this.

Every conversation I have with CIOs and IT leaders right now starts the same way. They're not short on activity. They've got pilots running, tools deployed, teams experimenting. What they don't have is much to show for it. The data backs it up: 92% of companies are ramping AI investment right now. Only 1% consider themselves mature.

The security industry spent a good chunk of early 2026 debating whether Anthropic’s Mythos and OpenAI’s Daybreak are truly dangerous or just good marketing. It's a reasonable debate. But while we're having it, attackers are asking a different question: how do we use tools like this to move faster than defenders can respond?

Discover what’s new in Tines through this quick run-through of this months’ highlights. As always, check out our What’s New page for real-time updates.

Every team has a workflow that technically works but actually runs through Slack threads, forwarded emails, and "Hey, can you check this?" messages. Security teams see it in alert triage that depends on three analysts knowing which tab to check. IT teams see it in onboarding that breaks every time HR adds a new system. Ops teams see it in access requests that loop through five tools before anyone clicks approve. The work gets done, but it doesn't scale, and it doesn't survive a team change.

Networking teams have invested heavily in automation to help them manage increasing workloads and reduce manual tasks. Yet many still face the same issues, like outages, stalled operations, and managing growing incident volume. This problem isn’t a lack of automation: it’s what happens after automation runs. Automation is useful for individual tasks, but it can’t handle the complexity of real-world networking processes, which demand coordination across teams, environments, and tools.

It's 9:47 AM on a Tuesday. A Slack message from legal lands in the security channel: "Did anyone approve the marketing team's new AI vendor? They're feeding customer data into it." Nobody approved it. The vendor's terms say they can use input data for model training, and the contract was signed three weeks ago. That moment, some version of which plays out at most organizations now, is what makes AI governance an operational priority rather than a compliance exercise.

Runbooks are supposed to be the safety net under operations. Unfortunately, most aren't because they live in wikis that decay as tools change, get linked from alerts but never consulted, and fail the responder the moment pressure arrives. The gap is between what the runbook says and what the responder can actually execute. Teams reach for AI to close the gap.

The Tines Voice of Security 2026 report found that security professionals spend 44% of their time on manual, repetitive work. A workflow engine is the software built to take that operational drag off people, deciding what happens next based on events, rules, and state. The category is shifting. The workflow engine used to live inside one system, running a narrow set of backend steps.