AI already underpins detection, investigation and response across the security stack, and its role will only expand. The question for CISOs is no longer whether to adopt AI-enabled tools but which ones they can have confidence in. As adoption accelerates, leaders face a flood of claims about what each solution can detect, predict, or prevent.

The challenge now is separating marketing promises from proven resilience.

Validating traditional security tools has always been challenging, but validating AI-powered security tools introduces a completely different set of problems. Unlike deterministic systems, AI models behave probabilistically. Their outputs will vary depending on context, input structure and interaction history.

This creates a big challenge for evaluation. Tools that may seem reliable in testing can quickly become unpredictable when attackers actively try to evade them or when confronted with imperfect real-world data. So, any capabilities that have been demonstrated in isolation can not be assumed to translate to resilience in complex, real-world environments.

For security leaders, this means the usual, familiar testing and validation approaches are not enough. The question is not just whether an AI-powered tool works but how it actually behaves when it is stressed, manipulated, or forced to operate outside already known conditions.

AI is being used on both sides of security operations. Offensive AI security tools support activities such as penetration testing, vulnerability discovery, attack simulation, and red teaming. They are designed to augment, not replace, the work security professionals already do, accelerating reconnaissance, exploring attack paths and identifying weaknesses at scale.

Defensive AI security tools support detection, investigation, prioritisation and response. They help analysts to manage complexity better and make faster, well-informed decisions.

These AI-powered tools may be purpose-built for security use cases, but that in itself does not make them inherently robust. Like any system operating in adversarial environments, they need to be evaluated for resilience, as well as capability.

Why adversarial testing matters Offensive security research tells us that layered defences can work, but only if they are tested properly. In adversarial exercises to test AI security tools, we have observed that basic safeguards are often bypassed quickly. This matters because AI security tool failures are rarely benign. A manipulated model can leak sensitive data, misclassify critical events, or take unintended actions at scale. A minor weakness can escalate into systemic risk once AI is embedded in core security operations. For CISOs, this means AI security tools must be evaluated not only for whether they do what they promise but also how they fail. Many AI security tools rely on guardrails, which are constraints designed to limit model behaviour and keep outputs within acceptable bounds. Guardrails are necessary, but they are not evidence of resilience. A model that stays “on-rails” in a demo may still fail unpredictably when confronted with novel inputs, chained attacks, or operational noise. Resilience can only be demonstrated through testing that reflects real threat conditions. Without that evidence, confidence in an AI security tool will be premature. Read more about AI in security The US has unveiled a six-pillar national cyber security strategy, with developing technological areas such as post-quantum cryptography and artificial intelligence front and centre.

Forrester examines the key factors security leaders and IT decision-makers need to evaluate when considering AI-enabled IT security.

The race by organizations to AI-enable their operations and business workflows is exposing them to new risks that AI firewalls aim to address.