{"id":8718,"date":"2026-07-13T07:00:00","date_gmt":"2026-07-13T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8718"},"modified":"2026-07-13T07:00:00","modified_gmt":"2026-07-13T07:00:00","slug":"can-ai-narrow-cybersecuritys-class-divide","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8718","title":{"rendered":"Can AI narrow cybersecurity\u2019s class divide?"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes.<\/p>\n<p>In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, <a href=\"https:\/\/www.linkedin.com\/in\/stephenschmidt1\/\">Steve Schmidt<\/a>, chief security officer at AWS, tells CSO. That process could take \u201ctwo, four, six, eight, 10 months,\u201d Schmidt says.<\/p>\n<p>\u201cNow with proper application of AI, we can have the detections built for the problems the red team finds in 15 minutes-ish,\u201d he says. \u201cI think the outside is about four hours.\u201d<\/p>\n<p>That kind of workflow offers a glimpse of what AI could make possible for the most sophisticated security organizations: AI agents testing systems, other agents generating defenses, and human security engineers validating results and refining the feedback loop.<\/p>\n<p>But it also raises a more uncomfortable question for the rest of the cybersecurity industry: What happens to organizations that cannot build anything close to that?<\/p>\n<p>The concern has become significant enough that the Trump administration <a href=\"https:\/\/www.csoonline.com\/article\/4180205\/trump-revives-parts-of-canceled-ai-order-with-cybersecurity-focused-directive.html\">recently directed<\/a> agencies to expand access to AI-enabled cybersecurity capabilities for resource-constrained organizations, including rural hospitals, community banks, and local utilities.<\/p>\n<p>The order reflects a growing fear that AI could deepen a divide that has existed in cybersecurity for years: the divide between organizations with money, expertise, and engineering depth, and those struggling to keep pace with basic security demands.<\/p>\n<p>Yet security leaders and practitioners suggest the impact of AI will be more complicated than a simple widening gap. Some experts say AI is merely adding a new layer to a long-standing security poverty problem. Others argue AI could democratize capabilities once reserved for elite organizations. Still others see today\u2019s divide as real, but potentially temporary, as models become cheaper, more open, and easier to run.<\/p>\n<h2 class=\"wp-block-heading\">The class divide was already here<\/h2>\n<p>For <a href=\"https:\/\/www.linkedin.com\/in\/matthewowenwarner\/\">Matt Warner<\/a>, co-founder and CTO of Blumira, the premise that AI is creating a cybersecurity class divide misses a key point: The divide already exists.<\/p>\n<p>\u201cI would go even a step further and say that there has been a class divide for the last 10 to 15 years,\u201d Warner tells CSO.<\/p>\n<p>What AI changes, he argues, is not necessarily the existence of the divide but how stark it becomes. Larger organizations have money, people, and time to experiment with AI. Smaller organizations often do not.<\/p>\n<p>\u201cThe big differences that we\u2019re seeing, especially from where we sit in the world, is the difference is getting starker in having the resources to leverage AI and the time to leverage AI more than anything else,\u201d Warner says.<\/p>\n<p>That distinction matters because many smaller organizations are already overwhelmed. Warner pointed to resource-constrained local governments and small or midmarket organizations that are still far behind large enterprises in basic IT and security maturity.<\/p>\n<p>\u201cI can find you a county in Michigan with two IT people for 2,000 employees,\u201d Warner says. \u201cThose people don\u2019t have time to leverage AI and even learn how to use AI because they\u2019re mostly just trying to put out fires.\u201d<\/p>\n<p>That problem is not unique to AI. Smaller organizations have long struggled to patch systems, prioritize vulnerabilities, monitor environments, and respond to incidents with limited staff. AI may help eventually, but only if those organizations have enough capacity to adopt it.<\/p>\n<h2 class=\"wp-block-heading\">Wendy Nather\u2019s framework gets an AI layer<\/h2>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/chuvakin\/\">Anton Chuvakin<\/a>, security advisor in the office of the CISO for Google Cloud, sees the AI divide as part of a much older problem.<\/p>\n<p>\u201cI feel like it sends me back to when <a href=\"https:\/\/www.linkedin.com\/in\/wendynather\/\">Wendy Nather<\/a> invented the security poverty line,\u201d Chuvakin tells CSO, referring to Nather\u2019s <a href=\"https:\/\/www.infosecuritymagazine.nl\/files\/2fb0642808f57f0f9831532ae8f7e8fd.pdf\">2011 concept<\/a> describing organizations that lack the money, expertise, capability, or influence to implement effective security.<\/p>\n<p>Chuvakin is skeptical that AI fundamentally changes that model. \u201cI don\u2019t think AI necessarily breaks that model,\u201d he says. \u201cI think it just adds another dimension.\u201d<\/p>\n<p>Cybersecurity has always been shaped by unequal access to top talent, tools, and services, Chuvakin argues. Large organizations could afford better SIEM deployments, advanced DLP programs, threat hunters, application security experts, and incident response retainers. Smaller organizations often could not.<\/p>\n<p>AI may become another scarce resource, but Chuvakin cautions against overstating the role of model cost alone. In his view, the <a href=\"https:\/\/www.cio.com\/article\/4165232\/whats-holding-back-enterprise-ai-shortage-of-talent-cios-say.html\">bigger structural issue may be talent<\/a> rather than tokens.<\/p>\n<p>\u201cPrices for people won\u2019t drop, but prices for LLMs may drop,\u201d he believes.<\/p>\n<p>That means the organizations with the greatest advantage may not simply be those that can afford the most expensive models. They may be the ones that can afford the people who know how to use them \u2014 and, as the frontier-access debate below suggests, that talent gap may prove more durable than any gap in model access itself.<\/p>\n<h2 class=\"wp-block-heading\">AI creates new costs \u2014 and new uncertainties<\/h2>\n<p>Nather herself, now senior research initiatives director at 1Password, sees AI affecting every dimension of the security poverty line: money, expertise, capability, and influence.<\/p>\n<p>The financial challenges are not limited to whether an organization can pay for an AI tool. In some cases, organizations that cannot afford enterprise licensing may end up making tradeoffs around privacy.<\/p>\n<p>\u201cIf an organization can\u2019t afford an enterprise license for the models they\u2019re using, then they can\u2019t keep their data private,\u201d Nather tells CSO. \u201cSo, they have to give up privacy because they can\u2019t afford privacy.\u201d<\/p>\n<p>That\u2019s a new twist on an old dimension of the poverty line: It\u2019s not just that under-resourced organizations lack a capability, but that the capability they can afford comes bundled with a risk wealthier organizations don\u2019t have to accept.<\/p>\n<p>Token-based pricing adds another problem: <a href=\"https:\/\/www.cio.com\/article\/4152601\/without-controls-an-ai-agent-can-cost-more-than-an-employee.html\">unpredictability<\/a>. \u201cAt this point, nobody knows how much they\u2019re going to burn in tokens at any given time,\u201d she says.<\/p>\n<p>That makes budgeting difficult for organizations that cannot absorb surprise costs. Nather also warns that usage-based pricing is controlled by providers and can change over time, <a href=\"https:\/\/www.cio.com\/article\/4184688\/it-hurtles-toward-the-great-enterprise-pricing-reset.html\">leaving customers with limited leverage<\/a>.<\/p>\n<p>\u201cThe charging practice is in the hands of the providers, and they can change it at any time,\u201d she says.<\/p>\n<p>For organizations already operating below the security poverty line, that uncertainty could make AI adoption harder, even if the technology itself becomes more capable.<\/p>\n<h2 class=\"wp-block-heading\">Access to frontier models may be a temporary divide<\/h2>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/davidbaggett\/\">Dave Baggett<\/a>, SVP\/GM of the security suite at Kaseya, agrees there is security class divide dynamic playing out today, particularly around access to frontier models.<\/p>\n<p>\u201cThere\u2019s definitely a haves and have-nots issue around Mythos specifically because most people don\u2019t have it,\u201d Baggett tells CSO. But he doesn\u2019t think the divide will have a long-term impact. Open-weight models, quantization, mixture-of-experts architectures, and increasingly powerful commodity hardware, he argues, are closing the gap faster than most people expect.<\/p>\n<p>While not every organization will build a frontier model, he says, more organizations may be able to run capable models locally or use cheaper systems that <a href=\"https:\/\/www.csoonline.com\/article\/4170818\/what-happens-when-chinas-ai-catches-up-to-mythos.html\">approximate what today\u2019s elite models can do<\/a>.<\/p>\n<p>\u201cWhat it says for finding vulnerabilities is at that point, open-source people can run this stuff,\u201d Baggett says. \u201cThen you\u2019re back to having a symmetrical opportunity where the defenders who are writing the open source can run the same tools the attackers would and have them fix the issues.\u201d<\/p>\n<p>His bottom line is that the divide may be real but short-lived. \u201cRight now, there certainly is a have, have-not schism, but it may not be there for long,\u201d Baggett says \u2014 a view Chuvakin shares, though he frames it in terms of the model market rather than open source specifically.<\/p>\n<p>\u201cI don\u2019t think it\u2019s the lowering prices example, but it\u2019s more like you\u2019re a top-tier model maker, I\u2019m a second-tier model maker. My model in a year would do what your model did a year ago,\u201d Chuvakin says.<\/p>\n<h2 class=\"wp-block-heading\">The real advantage is operational depth<\/h2>\n<p>Schmidt\u2019s description of AI use at AWS points to another kind of divide: not access to AI, but the ability to operationalize it.<\/p>\n<p>AWS uses multiple models for different tasks, Schmidt says. One model may discover vulnerabilities, while other models validate results or help build defenses. Humans remain accountable for evaluating what the systems produce.<\/p>\n<p>\u201cBecause we believe really strongly in human accountability for the use of AI from end to end, we still have humans take a look at what the systems come up with to determine whether they are reasonable and appropriate,\u201d he says.<\/p>\n<p>That workflow requires more than a model. It requires corporate data, secure infrastructure, feedback loops, security engineers, data scientists, and AI specialists who can work together.<\/p>\n<p>Schmidt also pushes back on the idea that running AI locally on powerful consumer hardware is a substitute for production-grade security infrastructure. \u201cOften the value of the model is also dependent on its proximity to data so that the model can ingest, use, and reason about data,\u201d he says. \u201cAs a security person, I do not want that to be on your laptop.\u201d<\/p>\n<p>Experimentation on a laptop is useful, Schmidt says, but it is not the same as a secure production environment.<\/p>\n<p>\u201cI want the data to be somewhere safe that I can control, that I can see, that I can reason about, not sitting on your laptop,\u201d he says. \u201cExperimentation in there, awesome. That\u2019s great. But it is not a production infrastructure component.\u201d<\/p>\n<p>That distinction may define the emerging AI security gap. Many organizations may be able to access AI tools. Far fewer may be able to safely integrate them into real security workflows.<\/p>\n<h2 class=\"wp-block-heading\">The democratization argument<\/h2>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/philvenables\/\">Phil Venables<\/a>, a partner at Ballistic Ventures and former CISO of Google Cloud, takes the most optimistic view.<\/p>\n<p>Asked whether AI is widening the gap between well-resourced and under-resourced security organizations, Venables tells CSO, \u201cNo, I actually think it\u2019s the exact opposite.\u201d<\/p>\n<p>The reason, he argues, is that AI packages expertise and automation in ways that can be delivered broadly. \u201cOne of the fantastic things about AI, and we\u2019re already starting to see this, is [that it\u2019s] a great democratizer of capabilities,\u201d he says. \u201cAI packages up expertise and automation capabilities at a level beyond what prior waves of technology have done, and it makes it available at scale into organizations that have not previously been able to afford these things.\u201d<\/p>\n<p>He points to <a href=\"https:\/\/www.csoonline.com\/article\/4181930\/ai-red-teaming-comes-of-age.html\">red teaming<\/a> as an example. Nearly every organization would like a world-class red team, but few can afford one.<\/p>\n<p>\u201cPretty much every organization on the planet would love to have a world-class red team to constantly test their security to find and fix things before attackers do,\u201d Venables says. \u201cBut very few organizations have ever been able to afford to build a high-end red team.\u201d<\/p>\n<p>AI agents, he argues, could make that kind of capability available more economically. The same pattern could apply to insider threat; third-party risk; software security; governance, risk and compliance; and security operations.<\/p>\n<p>\u201cSo even the smallest and resource-constrained organizations can now have access to a higher-end capability,\u201d he maintains.<\/p>\n<p>Venables does see a danger zone, however: under-resourced security teams inside organizations with aggressive AI ambitions. Those teams may <a href=\"https:\/\/www.csoonline.com\/article\/3529615\/companies-skip-security-hardening-in-rush-to-adopt-ai.html\">struggle to keep up<\/a> as the rest of the business adopts AI rapidly. But for many small and midsize organizations, he believes AI could improve access to security capabilities they never had before.<\/p>\n<h2 class=\"wp-block-heading\">A divide over AI \u2014 or over readiness?<\/h2>\n<p>For elite organizations, AI is already becoming a force multiplier. Security teams with deep engineering talent, mature data infrastructure, and strong governance can use AI to accelerate testing, detection engineering, vulnerability discovery, and risk management.<\/p>\n<p>For smaller organizations, the picture is less clear. AI may eventually package scarce expertise into affordable services. Open models may reduce dependence on expensive frontier systems. But organizations below the security poverty line still face familiar constraints: too few people, too little time, limited expertise, unpredictable costs, and weak leverage over vendors.<\/p>\n<p>The emerging divide may therefore be less about who has access to AI and more about who can turn AI into durable security outcomes.<\/p>\n<p>That makes the question facing cybersecurity more complicated than whether AI will create haves and have-nots. The industry already had them.<\/p>\n<p>The real question is whether AI becomes another technology that rewards the organizations already best positioned to use it \u2014 or the first major security advance in years that helps those below the poverty line finally catch up.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes. In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8719,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8718","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8718"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8718"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8718\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8719"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}