Fastly AppSec Survey: AI & Security in 2025
Senior Product Marketing Manager, Security
Senior Content Marketing Manager
Survey of application security and AI sentiments in the current climate
In the shadow of the current economic, political, and global climate (well, pretty much all the climates), Fastly set out to investigate how the state of things is (or isn’t) impacting web and application security influencers and decision makers in regards to their AppSec strategies and budgets.
We were also interested to know how respondents are thinking about AI in the AppSec space - are they confident in its role in security, or uncertain? And what are their anticipated plans to use AI in the security space over the coming year?
We asked, and they answered. Keep reading for our findings and analysis in this first edition of our “Fastly AppSec Check” survey series, where we dig into web and application security trends, sentiments, and challenges, through the rest of 2025.
Key Takeaways: Fastly's 2025 AppSec & AI Survey
Economic Impact: 90% of security decision-makers report that the current economic and political climate has impacted their security budget and buying decisions, even if slightly.
Increased Spending Despite Uncertainty: Despite economic concerns, a majority (38%) are more likely to make security buying decisions now, possibly driven by a desire to secure funds.
Budget Stability: 47% of organizations saw their security budgets remain stable over the past six months, while 31% reported an increase.
AI is a Top Investment Priority: 27% of respondents plan to invest in Artificial Intelligence for AppSec within the next 12 months, making it a leading investment area. This jumps to 47% in Asia and 37% for airlines.
High Confidence in AI: A combined 88% of respondents express some level of confidence (from "somewhat" to "very confident") in AI's capabilities for application security use cases.
Anticipated AI Adoption: Confidence in AI is expected to increase over the next year, with 81% anticipating being more or at least moderately more likely to use AI in AppSec within 12 months.
AI Benefits vs. Concerns: Respondents expect AI to improve overall security, automate threat detection, and streamline workflows. However, concerns remain about data privacy and potential job displacement.
Respondent Demographic Overview
Respondents’ Geographic Location (where their organization is headquartered):
Africa: 0.27%
Middle East: 1.01%
South America: 4.48%
Asia: 6.31%
Europe: 23.40%
North America: 64.53%
Respondent Roles and Work Experience
Respondents were further filtered by their roles within their organization, and eliminated from the survey unless they were either 1) a security decision influencer or 2) a security buying decision maker.
When asked to provide their role within the organization, respondents self-identified as follows.
Respondents’ experience in the space ranged from less than 1 year to 10+ years. We asked, “How many years have you worked in the application security space?” Results showed:
Industry Distribution of Participants
Respondents spanned various industries, with High tech (15.36%) and Financial Services (14.26%) representing the largest percentages of respondents - this makes sense given that the majority of respondents were from North America, where FSI + High Tech are both major players.
AppSec Survey Results and Analysis
Now for the results! Remember what we said above - we set out to 1) investigate the impact of the current climate on application security budgets and decisions as a whole, and 2) to explore how those in the application security space are feeling about adopting or increasing adoption of AI in their existing practices.
Economic Impact on AppSec Budgets
Q: We asked respondents, “To what extent has the current economic and political climate impacted your security budget and buying decisions?”. Respondents were given a range of selections between “Not at all” and “A lot”.
Given the amount of buzz and fear-based rhetoric we’ve seen over the past couple of months around the economy, a potential recession, tariffs, and an at-times extremely volatile stock market, plus a questionable job market, we expected to hear that the majority of respondents felt there was at least some impact.
What we found was a whopping 90% of respondents reporting that the economic/political climate has impacted their security budget and buying decisions by at least a little bit.
Regional Insights
North America: 36% of respondents reported a “moderate” impact to their security decisions, while 35% reported “ a little impact” and 18% reported a “lot of impact”.
Asia: Asia reported even more impact, with 36% citing a “moderate impact”, 38% reporting “a little impact”, and 19% reporting “a lot of impact”.
Industry Insights
High Tech: Filtering results by high tech industry respondents, we saw 38% report a “moderate impact”, 29% “a little bit”, and 21% “a lot”, setting them ahead of the average in all categories.
Healthcare: Healthcare respondents showed even greater reported impacts to their security buying and budgeting decisions. 46% reported a “moderate impact”, 32% reported “a little bit”, and 13% “a lot”.
Airlines: Airlines saw the least impact across industries, with 21% of respondents reporting “no impact”, nearly double the survey average for that same response.
Q: Wanting to better understand what this actually meant for security buying and budgeting decisions, we asked respondents: “Has the current economic and political climate made you more or less likely to make security buying decisions?”.
Interestingly, we found that the majority of respondents indicated the climate was prompting them to be MORE likely to make security buying decisions at this time. Perhaps motivated by fear or uncertainty at availability of future funds and budget is pushing application security decision makers and buyers to make purchases and decisions now, while they are certain they can.
A recent Dark Reading piece, Can Cybersecurity Weather the Current Economic Chaos? adds additional color to our findings, stating “for the cybersecurity industry, however, the impact [of an economic downturn] may be less pronounced, according to financial analysts. The cybersecurity industry is a 'defensive' play for investors. This indicates that for those in the cybersecurity space, increasing spend and continuing with bullish decisions, despite the economy, makes sense, as demand for their offerings will persist.
Our results back up this claim. In all, only a total of 27 respondents across the entire survey stated that they are “much less likely to make buying decisions” at this time. 38% of respondents noted that they are more likely to make purchases and budget decisions at this time.
Regional Insights:
North America: North America mirrored cumulative results, but leaned more toward making security decisions. 40% said they were more likely to make buying decisions, 29% reported no impact to buying decisions, and a collective 31% reported being, in some capacity, less likely to make security buying decisions.
Europe: When filtering results for Europe exclusively, we saw slight variation from the overall results. 33% were more likely to make buying decisions, 28% reported no impact on buying decisions, 25% reported being slightly less likely, and 11% and 3% reported being less likely and much less likely to make buying decisions, respectively.
Industry Insights:
The High Tech Industry: Making up a total of 15 % of the respondents in our survey, 44% of high tech respondents reported that they are more likely to make buying decisions. 21% reported no impact to their buying decisions, and a combined 35% reported being less likely in some capacity to make buying decisions.
Financial Services: Our second largest group of respondents, making up 14% of total respondents, showed that 37% were more likely to make security buying decisions. 26% reported no impact to their decisions, and a combined 38% stated they were to some extent less likely to make buying decisions at this time.
Q: Taking our investigation a bit further, we asked respondents whether their security budgets have increased, decreased, or stayed the same over the past 6 months.
47% reported no change, and 31% of respondents stated that their security budgets have increased in the past 6 months, while a combined 21% claimed it has decreased to some extent. This tracks with the sentiments reflected in prior questions and notes toward a trend for organizations to make purchasing and budgeting decisions in the shadow of economic and political uncertainty.
Regional Insights
North America: NA saw 48% of respondents reporting their budgets staying the same over the past 6 months. 31% reported an increase, and 15% reported a slight decrease. Only 6% reported a moderate and large decrease.
Asia: Asia was one of only two regions ( Asia + Middle East) where the percent of orgs who saw an increase in budget (45%) exceeded all other categories - 35% stayed the same, 15% decreased slightly, 5% decreased moderately to a lot.
Industry Insights
High Tech: 47% of High Tech respondents reported their security budgets remaining the same over the past 6 months, 39% report it has increased, and a combined 14% report it has decreased to some extent.
FSI: 44% of Financial Services reported that their budgets stayed the same, 31% said it has increased, and 26% reported that it has decreased over the past 6 months.
SaaS: 42% of respondents noted their budgets stayed the same, 36% reported an increase, 22% reported a slight decrease, and 0% reported either a moderate or large decrease.
Q: Given the indicators of increased spending and budgeting decisions, we asked respondents, “Which security tools do you plan to invest in within the next 12 months?
Interested in seeing how respondents are thinking about investing in security budgets over the next 12 months, we provided them a free-form answer to detail what security tools or solutions they plan to invest in over the next year.
While there was quite a spread of responses, AI emerged as a frontrunner. Findings of note include:
27% plan to invest in artificial intelligence in AppSec
18% have no current plans to invest or have already made recent investments in their AppSec program
15% cited answers indicating a general analysis of their existing programs and tools, and plans to upgrade, across the board, in the coming months
Other notable findings included cloud security (2%), infrastructure upgrades (3%), and Antivirus and firewall upgrades (12% combined).
Honorable mentions (with lower percentages) included endpoint detection, SAST, monitoring solutions, encryption and access management, DDoS, API Security, and DoS security
Industry Insights
High Tech: Filtering by high tech, 32% reported AI as their number one investment in the coming 12 months.
Media and Entertainment: Noted general interest in strengthening their overall AppSec posture (28%) and showed less interest in AI compared to the average respondent (20%)
SaaS: Reported the highest interest in AI adoption in the next 12 months at 36%.
Airlines: Airlines came in at 37% reporting AI as the highest priority, while investing in cloud security came in at 11%.
Regional Insights
North America: 26% plan to invest in AI, 19% have no plans to invest. General AppSec investments (14%), firewalls (7%), and Infrastructure upgrades (3%) were all notable mentions.
Asia: 47% reported AI as a priority investment over the next 12 months. Endpoint detection, firewalls, and cloud security all came in at 3%.
AI Sentiments
Our second line of investigation was to determine current sentiments toward and activities around AI in the application security space. We theorized that security professionals are likely looking to adopt more AI solutions into their existing practices, with adoption increasing over the next 12 months. We found our theory to be resoundingly correct.
Q: We began by asking respondents, “Do you feel confident in trusting the capability of artificial intelligence (AI) in application security use cases?”
A total of 40% of respondents were confident or very confident in AI in application security use cases, while another 48% were between moderately and somewhat confident in AI. Only 14% were either indifferent or reported no confidence in using AI in application security use cases. That means a combined 88% self-reported as having some level of confidence in using AI in their AppSec use cases!
Q: We asked respondents, “Do you think you will be more or less confident in using AI within application security use cases in the next 12 months?”
Given the resounding ‘yes’ we received above, it made sense to dig more into what the next 12 months look like in terms of AI adoption in the AppSec space. Unsurprisingly, we found that the confidence reported in the first question translated to respondents anticipating increased confidence over the next 12 months.
17% reported being very likely to use more AI solutions in their AppSec spaces in the next 12 months. Similarly, 23% reported being ‘likely to’ and a combined 41% reported being somewhat or moderately more likely to use AI in the next 12 months.
Regional Insights
North America: 26% reported confidence in AI, 14% reported they were “very confident,” and a combined 44% are at least moderately to somewhat confident in AI in AppSec use cases.
Asia: Asia reported the highest confidence in AI, with 30% reporting they are ‘very confident’, 22% confident, a combined 38% moderately to somewhat confident, and only 10% either indifferent or not confident in AI. That means 90% of respondents are at least a bit confident in AI!
Industry Insights
SaaS: SaaS reported a high confidence in AI, with 41% reporting they were ‘confident’, 11% ‘very confident’, and a combined 42% between somewhat to moderately confident.
High Tech: Interestingly, high tech didn’t feel as confident as SaaS. 27% were ‘very confident’, 22% were confident, and 43% were between ‘somewhat’ to ‘moderately’ confident.
Qualitative AI Sentiment Analysis
Wanting to better understand AI sentiments, we gave respondents the option to provide written responses to two questions.
Q: We asked, “If you DO feel confident in the use of AI in application security, what do you expect AI to help with or improve in the application security space in the next 12 months?
The most common response was a belief that AI would help to improve the overall level of the business’s security over the next 12 months. 17% of respondents reported increased security as the key AI-based improvement.
Other notable findings that reflect common themes amongst the 1094 responses we received included:
Positive Sentiments
“We believe AI will enhance cybersecurity via automating threat detection, speeding up incident response, and improving vulnerability management.”
“We believe [AI] will help automate processes and detect breaches faster.”
“[AI] will improve workflows and automate recurring tasks.”
“It might help identify foreign instructions more readily.”
“We expect AI to track and act immediately on any hacks or cybersecurity threats”.
Negative Sentiments
“I am still hesitant to use AI because it might interfere with people’s personal data or replace some of our existing employees”.
“AI is great, but it needs more governance and agility.”
“It will help improve our security posture and also make things easier for a lot of people. But I need to stay one step ahead of it, so I have job security.”
Interpreting AppSec & AI Trends
The duality of these responses is very clearly reflected across the market: AI presents productivity, security and scalability benefits, while also threatening to make more manual tasks( and the people doing them) redundant. True too is a lingering lack of trust in AI’s capabilities - sure, it might do things fast and well, but is it perfect, and is it being governed well enough?
A recent Wipro survey found that CISOs are actively leveraging AI to “improve threat detection and response times and to build enhanced incident response capabilities.” This ties into the positive sentiments in our own survey (increased productivity) and the negative (loss of human work). This use of AI, however, translates to AI doing what were traditionally human tasks.
Another survey by Exabeam found that ”71% of executives believe AI has significantly improved productivity across their security teams, yet only 22% of analysts — those closest to the tools — agree”. Our own results land somewhere in the middle.
The contrasting beliefs shown both in our own survey and pretty much anywhere else you look online indicate that the rapidly changing AppSec environment is one to watch - and that’s just what we'll be doing in future surveys in this series.
Key AppSec & AI Survey Takeaways
We hope that these results have been thought-provoking and helpful in thinking about how peers and others in the industry are considering security and AI in uncertain times. In the next edition of this survey series, we are digging more into what, specifically, organizations (and security practitioners) are doing to adopt AI into their security workflows. This will include analysis of tooling, budgeting, and process and efficiency improvements gained by the use of AI.
Survey methodology
This survey was conducted online by Pollfish on behalf of Fastly between May 27, 2025, and June 23, 2025. It gathered responses from 1094 professionals who either influence (28.5%) or make (71.5%) security buying decisions within their organization.
To ensure survey quality, Fastly used open-ended validation to remove low-quality responses and confirmed demographic relevance, with most respondents falling into the expected mid- to senior-level age and experience brackets. While regional nuances existed, overall patterns were consistent across markets.
The insights shared from this survey are intended to provide insights into the security industry and invite discussion, not to serve as definitive industry benchmarks. The regional sample sizes vary significantly. As with any self-reported data, responses may include some degree of bias or overstatement. Readers should consider these findings as directional rather than absolute.
