The role of AI in cybersecurity

Managing Editor

For years, anti-virus tools have used behavioural analysis and machine learning to identify rogue programs and unusual user activity.

And as the tools evolved from simple pattern matching machines to identify rogue code, they have made use of advances in artificial intelligence (AI) to deliver increasingly more sophisticated threat detection mechanisms.

So it is fair to say that with each advance in AI development, the IT security industry is going to figure out how it can be best used to improve cybersecurity. Now we’ve all heard stories of how hackers are using these advances in AI to deliver highly targeted cyber attacks, which probably means IT security teams should also be using AI to spot attacks before they cause damage.

There’s a reasonable case to be made arguing that such AI uses are a good thing for improving cybersecurity.

But just because AI can handle certain tasks, it should not necessarily be seen as a way to shortcut best practices. IT security chiefs often try to achieve defence in depth, where there are layers of security measures that build on top of each other to deliver a sound enterprise cybersecurity strategy. Some may go as far as taking a zero trust approach.

As some experts who have spoken to Computer Weekly note, IT security chiefs are now being presented with the latest and greatest AI enhancements to security tools and they really need to assess whether a specific product’s AI features are mature enough to help their organisation, without introducing new risk. “Some AI features genuinely save analyst time or improve detection. Others are little more than chatbots bolted onto dashboards,” Ellie Hurst, commercial director at Advent IM, wrote in a recent Computer Weekly article.

Among the questions IT security chiefs need to ponder is how useful will Generative AI (GenAI) be as an IT security enhancement. Analyst Forrester believes it can do certain tasks really well, like summarising security alerts and writing threat intelligence reports. GenAI can be used to identify rogue code. It may also have a role to play in writing code to patch vulnerabilities.

And as IT security tools providers follow the direction of travel of the rest of the IT sector, there is undoubtedly going to be a huge amount of hype, promising more and more improvements thanks to the use of agentic AI in IT security. No one knows for sure the role such AI agents will play and how they fit alongside the gamut of tools that IT security leaders have already deployed in fleshing out a watertight enterprise IT security strategy. What is clear, is that they need to have a plan of AI’s role working alongside human IT security analysts.