Whether in novels or films, artificial intelligence has been a fascinating topic for decades. The synthetic humans imagined by Philip K. Dick still exist only in science fiction, but artificial intelligence is real and is playing an increasingly important role in many areas of our lives.
While people continue to debate robots with AI-powered brains, a more common and equally powerful form of AI is already starting to make an impact in cybersecurity. Its purpose is to act as a force multiplier for hard-working security professionals.
As noted in the Devo SOC Performance Report, Security Operations Center (SOC) analysts are often overwhelmed by the huge number of alerts appearing on their screens every day. “Alert fatigue” has become one of the major reasons for analyst burnout across the industry.
In an ideal situation, AI could help SOC analysts keep up with—and stay ahead of—smart and relentless threat actors who may eventually use AI effectively for cybercrime or espionage. Fortunately, this has not fully happened yet.
AI Is Seen as a Force Multiplier, But Reality Is More Complex
Devo commissioned Wakefield Research to survey 200 IT security professionals in order to better understand their views on AI. The survey covered AI adoption in several defensive areas, including threat detection, breach risk prediction, and incident response and management.
AI is often seen as a force multiplier for cybersecurity teams facing sophisticated attacks, staff shortages, and growing security demands. However, not all AI is as “intelligent” as people assume, even before considering the mismatch between organizational needs and actual capabilities.
Misconception 1: AI-Driven Cybersecurity Has Fully Arrived
All respondents said their organizations were already using AI in one or more areas. The most common use case was IT asset inventory management, followed by threat detection and breach risk prediction.
However, when it comes to using AI to directly fight threat actors, the results are still limited. About 67% of respondents said their organization’s use of AI had “only scratched the surface of the problem.”
More than half of the respondents believed their organizations currently rely too heavily on AI. Fewer than one-third felt their organization’s level of reliance was appropriate, while only a small number believed their organization was not doing enough with AI.
Misconception 2: AI Will Solve Security Problems
When asked about the challenges of using AI in cybersecurity, respondents were very honest. Only 11% said they had experienced no issues at all. The vast majority reported that AI use still comes with clear problems.
When asked where AI-related challenges appeared in their organization’s security stack, core cybersecurity functions did not perform especially well. A total of 53% of respondents said IT asset inventory management was the biggest problem area. Other cybersecurity-related functions also received weak feedback:
- Threat detection (33%)
- Understanding cybersecurity strengths and gaps (24%)
- Breach risk prediction (23%)
Interestingly, only 13% of respondents identified incident response as a major area of AI-related challenges.
Misconception 3: If AI Is Intelligent, It Must Be Effective
It is clear that although AI is already being used in cybersecurity, the results remain mixed. One of the biggest misunderstandings is that not all AI is truly “intelligent” in the way the name suggests. This becomes even more obvious when organizational needs and actual AI capabilities do not match.
The cybersecurity industry has long searched for a “silver bullet” solution, and AI is simply the latest example. Organizations need to stay thoughtful and results-focused when evaluating and deploying AI solutions. They also need to work with experts who have real experience in AI technologies. Otherwise, they risk failure in an area where there is very little room for error.