Where AI genuinely helps defenders
The wins cluster where security work is high-volume and pattern-shaped. Alert triage: scoring and deduplicating the flood so analysts see the fraction that matters. Detection: anomaly models over logs and behaviour that catch what signatures miss. Investigation: assembling the timeline — accounts, hosts, network paths — that an analyst would spend an hour clicking through. Reporting: turning a resolved incident into the write-up nobody enjoys producing. The newer step is agentic: investigation agents that work a case across tools and present findings, with containment held behind human approval.
The limits that keep humans in the loop
Two limits are structural. Models are confidently wrong at unpredictable moments, and in security the cost of a wrong containment action — isolating the wrong host, disabling the wrong account — is an outage you caused yourself, which is why action authority lags analysis ability deliberately. And attackers adapt: detection models train on yesterday's behaviour, adversaries probe for the gaps, and an AI-shaped defence creates AI-shaped blind spots. Treat vendor claims accordingly — the question is never whether a product uses AI but what it catches, what it misses, and what it is allowed to do about it.
The flip side: your AI is now an asset to defend
Every model and agent the organisation deploys — including the defensive ones — is itself attack surface: steerable through inputs, leaky through traces, dependent on a supply chain. A security AI agent with broad read access across your estate is a high-value target wearing a defender's badge. That work — securing the AI rather than deploying it defensively — has its own page, and the two disciplines meet in practice: the team buying AI-powered defence should be the team asking how that defence itself is governed and contained.