{"id":4863,"date":"2025-09-16T07:00:00","date_gmt":"2025-09-16T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4863"},"modified":"2025-09-16T07:00:00","modified_gmt":"2025-09-16T07:00:00","slug":"cisos-grapple-with-the-realities-of-applying-ai-to-security-functions","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4863","title":{"rendered":"CISOs grapple with the realities of applying AI to security functions"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Applying artificial intelligence to strengthen cybersecurity defenses \u2014 partially propelled by industry hype \u2014 has quickly risen to the top of the agenda for many enterprise security professionals.<\/p>\n

AI offers speed, scalability, and adaptability that traditional security tools alone cannot match in the security operations center<\/a>, scam email blocking, access management, and many other core security functions. Emerging use cases for AI are beginning to reshape CISOs\u2019 thinking around cybersecurity operations<\/a> as they seek to harness the technology to better defend their organizations against escalating threats.<\/p>\n

CSO took stock of progress on the ground by speaking to several CISOs and security consultants, whose early experience offer lessons for their peers on the practicalities of implementing AI \u2014 and a more unvarnished truth on the results to expect.<\/p>\n

Turbo boost telemetry<\/h2>\n

Security AI and automation are beginning to demonstrate significant value, especially in minimizing dwell time and accelerating triage and containment processes, says Myke Lyons<\/a>, CISO at telemetry and observability pipeline software vendor Cribl.<\/p>\n

Their success, however, depends heavily on the prioritization and accuracy of the underlying telemetry, Lyons cautions.<\/p>\n

\u201cWithin my team, we follow a structured approach to data management: High-priority, time-sensitive telemetry \u2014 such as identity, authentication, and key application logs \u2014 is directed to high-assurance systems for real-time detection,\u201d Lyons explains. \u201cMeanwhile, less critical data is stored in data lakes to optimize costs while retaining forensic value.\u201d<\/p>\n

Lyons continues: \u201cThis strategy not only improves the signal-to-noise ratio for analysts but also shortens response times and mitigates the impact of incidents, ultimately leading to tangible cost savings.\u201d<\/p>\n

The agentic edge<\/h2>\n

The financial services is often an early adopter of cutting-edge security technologies.<\/p>\n

Erin Rogers<\/a>, SVP and director of cybersecurity risk and compliance at BOK Financial, tells CSO that AI-based upgrades are helping threat detection and response systems to autonomously analyze threats, make real-time decisions, and adapt responses, significantly improving early detection and mitigation.<\/p>\n

While automation has helped reduce breach identification and response times through rule-based security orchestration, automation and response (SOAR)<\/a> and endpoint detection and response (EDR)<\/a> tools, agentic AI technologies offer the potential to turbo boost performance and results.<\/p>\n

\u201cFor example, at BOK Financial we\u2019ve deployed solutions that use agentic AI to identify and block business email compromise attempts in real-time, continually improving accuracy with evolving threats,\u201d Rogers says.<\/p>\n

A word of warning<\/h2>\n

Other experts were cautious about whether these early success stories could be replicated across multiple industries.<\/p>\n

\u201cWe\u2019re not seeing AI detection quite there yet, and it\u2019s dangerous because we could be getting lulled into a false sense of security,\u201d says IEEE senior member Shaila Rana<\/a>.<\/p>\n

Recent research, cited by Rana, showed that AI systems can correctly flag 89% of malicious files as malware. However, under the toughest test conditions a prototype autonomous AI-based system caught only 26% of all actual malware.<\/p>\n

These figures come from experiments by Microsoft Research on Project Ire, an AI-based malware classification prototype<\/a>, in a demanding test on 4,000 files not classified by automated systems and slated for manual review.<\/p>\n

\u201cWe have to be aware of this issue, and many organizations are discovering that automation without proper integration just creates faster chaos rather than faster resolution,\u201d Rana says.<\/p>\n

Rana concludes: \u201cThe real \u2018win\u2019 isn\u2019t just speed here; it\u2019s in handling the routine stuff so human experts can focus on the complex and strategic problem solving that machines still can\u2019t match.\u201d<\/p>\n

AI needs to be treated as a security copilot \u2014 and not an auto-pilot<\/h2>\n

Anar Israfilov<\/a>, founder & CTO at AI threat detection specialist Cyberoon Enterprise, says his firm\u2019s work with enterprise clients has illustrated the value of human oversight and the need to \u201creality check\u201d AI outputs.<\/p>\n

\u201cIn one of our projects, anomaly detection started to yield various \u2018ghost alerts\u2019 because data sources were not set appropriately,\u201d Israfilov explains. \u201cAnd all of a sudden, analysts were chasing down noise again.\u201d<\/p>\n

Israfilov adds: \u201cThat was an important learning point: you absolutely need governance, and human oversight, right from the start. We were required to build explainability tools and feedback loops in order for the system to learn and the analyst to trust it.\u201d<\/p>\n

AI is best as a copilot \u2014 and not a replacement \u2014 for security analysts, he concludes.<\/p>\n

\u201cThe companies being proactive about treating AI as an assistant for their analysts \u2014 instead of automating the analyst away \u2014 are seeing much better results,\u201d Israfilov says.<\/p>\n

Context sensitive<\/h2>\n

Denida Grow<\/a>, managing partner at boutique security consultancy LeMareschal, says her experiments suggest AI-based security tooling is still in its early stages of development.<\/p>\n

\u201cAt this point, we cannot base security operations solely on AI-generated reports or recommendations,\u201d Grow says. \u201cThey can help with things like summarizing incident logs, pulling patterns from data, or speeding up report drafting, but when it comes to supporting actual security operations, they\u2019re still too immature to be relied on without a human involved.\u201d<\/p>\n

A frequent lack of context is the most significant shortcoming of nascent AI-based security tools, according to Grow.<\/p>\n

\u201cFor example, in threat intelligence, they\u2019ll surface generic insights but overlook critical regional or industry-specific details,\u201d Grow explains. \u201cIn incident response, they can draft a playbook suggestion, but it may not align with real-world variables like staffing, local laws, or the client\u2019s risk tolerance.\u201d<\/p>\n

AI-based security tools serve as a useful means to get a different perspective on a problem but are no replacement for professional judgment. \u201cEvery output still needs review, correction, and context from an experienced security professional,\u201d Grow advises.<\/p>\n

AI + institutional knowledge = winning<\/h2>\n

Jonathan Garini<\/a>, CEO at enterprise AI platform fifthelement.ai, argues that AI is best used to achieve incremental improvements in enterprise security operations centers.<\/p>\n

\u201cRather than trying to revolutionize the SOC, we see many companies focusing on the volume of repetitive, low-level tasks like log analysis and alert triage,\u201d Garini tells CSO. \u201cThrough AI in this situation, security teams can reduce the time spent on false positives and enable analysts to focus on more valuable investigations.\u201d<\/p>\n

Another key lesson is the need to integrate AI with institutional knowledge.<\/p>\n

\u201cSeveral CISOs I\u2019ve spoken with emphasize that success in this area isn\u2019t a matter of feeding raw data to an AI model, but of layering in context such as threat intelligence feeds and past incident reports, as well as organizational workflows,\u201d Garini concludes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Applying artificial intelligence to strengthen cybersecurity defenses \u2014 partially propelled by industry hype \u2014 has quickly risen to the top of the agenda for many enterprise security professionals. AI offers speed, scalability, and adaptability that traditional security tools alone cannot match in the security operations center, scam email blocking, access management, and many other core […]<\/p>\n","protected":false},"author":0,"featured_media":4864,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4863","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4863"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4863"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4863\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4864"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}