As AI becomes more deeply embedded in security workflows, organizations face a new challenge: determining whether their teams are prepared to use it effectively. Most discussions about AI readiness focus on technology adoption, but a more important question remains unanswered. Can security professionals effectively work alongside AI under pressure?

For most organizations, AI readiness is no longer optional. AI is already embedded across security tools, workflows, and adversary operations. The question is no longer whether teams will use AI, but whether they know how to use it effectively.

AI is changing how cybersecurity work gets done, but it isn’t diminishing the value of Capture The Flags (CTFs). If anything, it is expanding their role by creating new opportunities to evaluate human-AI collaboration when solving complex security challenges.

That evolution is adding a new dimension to CTFs and cyber exercises. In addition to developing and measuring technical skills, they are becoming practical environments for assessing AI readiness before those capabilities are tested in the real world.

Why CTFs Matter More in the AI Era

For years, CTFs have served as valuable tools for developing and measuring cybersecurity skills. They continue to play that role today. Despite claims that AI will make these exercises obsolete, the opposite is happening. As AI becomes more capable, CTFs are becoming more relevant because they provide a controlled environment to evaluate how humans and AI perform together when solving complex security challenges.

Organizations are discovering that cyber exercises reveal much more than technical proficiency. They can expose how teams use AI, when they trust it, when they challenge it, and how they respond when AI provides incomplete or inaccurate guidance.

Historically, success was measured by a straightforward question: Can you solve the challenge? Today, security leaders should be asking something different: Can your team effectively manage AI-assisted decision-making when the path forward is unclear? The distinction is important because AI can accelerate portions of cybersecurity work, but it cannot replace human judgment.

AI can summarize information, identify patterns, automate research, and perform many forms of analysis faster than humans. It can also hallucinate, misinterpret context, and confidently produce incorrect recommendations. The organizations that gain the greatest advantage from AI will not be those that blindly trust it. They will be those that understand where AI adds value, where it falls short, and when human expertise needs to take over.

Measuring More Than the Outcome

Traditionally, cyber exercises focused on outcomes. Did participants solve the challenge? How quickly did they complete it? What techniques did they use?

In the AI era, the outcome matters, but the process matters just as much. Security leaders increasingly need visibility into how teams reached a solution, where AI contributed, where it failed, and when human intervention changed the outcome.

Organizations should evaluate how teams interact with AI throughout an exercise. Did AI accelerate progress or create confusion? Did participants recognize when AI-generated information was inaccurate? Were they able to validate AI-generated recommendations before acting? Did human intervention alter the outcome?

The answers provide valuable insight into operational readiness because they reveal whether teams can effectively supervise, redirect, and validate AI under pressure.

A useful comparison is Formula 1 racing. Formula 1 is not simply a competition. It is a proving ground where new technologies are tested under demanding conditions before making their way into production vehicles.

Cyber exercises are increasingly serving a similar purpose for cybersecurity teams. They provide organizations with a controlled environment to evaluate human-AI collaboration before those capabilities are needed during a real-world incident. Leaders can observe how teams make decisions, where AI helps, where it creates friction, and where additional training may be required.

Organizations do not want the first test of human-AI collaboration to occur during a ransomware attack, data breach, or major incident response effort. Cyber exercises provide a safe environment to understand how AI behaves, where it accelerates outcomes, where it struggles, and how humans should intervene.

The Rise of the Human-Led, AI-Augmented Team

Security incidents require context, judgment, creativity and the ability to adapt when the first solution fails. AI can support many of these activities, but it still struggles with ambiguity and complex problem-solving. The strongest teams of the future will not be AI-led. They will be human-led and AI-augmented.

As AI becomes more embedded in security operations, workforce expectations will change. Organizations will place greater value on professionals with broad cybersecurity knowledge who can effectively direct, validate and challenge AI outputs. The ability to supervise AI may become just as important as the ability to execute individual technical tasks.

Training programs must evolve accordingly. Teams need opportunities to develop not only technical expertise, but also the judgment required to determine when AI is helping and when it is misguiding them.

The Real AI Readiness Question

AI should be treated like any powerful tool. It is valuable when used correctly and potentially risky when used without oversight. Security leaders must ensure that teams maintain accountability for decisions, even when AI is involved in the process.

One of the biggest mistakes organizations make today is assuming AI outputs are inherently trustworthy. Teams need the expertise to determine whether AI is producing reliable results and when those outputs should be challenged.

The reality is that organizations cannot afford to ignore AI. Adversaries are already using it to augment their capabilities. Security teams must do the same. As AI accelerates both cyber-attacks and cyber defense, organizations need reliable ways to evaluate whether their people, processes, and technologies are prepared to operate effectively in that environment. The real question is whether organizations know how to measure, train, and improve the human-AI collaboration that will increasingly define cybersecurity success.

That is why CTFs and cyber exercises matter more than ever. They remain effective ways to build technical skills, but they are also becoming some of the most practical benchmarks for evaluating AI readiness, strengthening decision-making, and preparing teams for the challenges ahead.