Security's AI dilemma: Moving faster while risking more

The evolution of artificial intelligence (AI) is revolutionizing the way security operations are conducted, presenting both opportunities and challenges for CISOs and CIOs. Sponsored by Splunk, a Cisco Company, this article delves into the complexities of integrating AI into security practices while maintaining human oversight and strategic thinking.

The Efficiency Paradox: Balancing Automation with Accountability
The pressure to adopt AI in security operations is immense, with the promise of significant productivity improvements. However, the key lies in understanding which tasks can be automated and where human judgment is irreplaceable. While AI excels at accelerating investigative workflows, human validation is crucial for remediation and response actions to prevent unintended consequences.

The Trust Deficit: Transparency in AI-driven Decisions
While AI can enhance efficiency, skepticism about the quality of AI-driven decisions persists. Security teams require transparency into the decision-making process of AI systems to build trust, validate logic, and enable continuous improvement. Maintaining a human-in-the-loop for complex decisions is essential to consider business context and compliance requirements.

The Adversarial Advantage: Using AI Defensively
AI presents a double-edged sword in security, lowering the barrier to entry for attackers. Defenders must employ AI defensively while maintaining caution to prevent AI from becoming a vulnerability. Learning from attackers’ techniques is crucial, as demonstrated by recent malicious MCP supply chain attacks.

The Skills Dilemma: Maintaining Core Competencies
As AI automates routine tasks, there is a concern that security professionals’ skills may atrophy over time. Organizations must implement strategies to balance AI-enabled efficiency with programs that maintain core competencies. Continuous learning and treating AI as a collaborative partner are essential for skill development.

The Identity Crisis: Managing Agentic AI
The proliferation of agentic AI poses challenges in identity and access management, with each agent requiring governance and permissions. Overly permissive agents could pose significant risks, highlighting the importance of governance frameworks and tool-based access control to prevent vulnerabilities.

The Path Forward: Compliance and Reporting
Continuous compliance and risk reporting offer immediate opportunities for AI in security operations, leveraging AI’s ability to interpret complex requirements and generate concise summaries. This represents a low-risk, high-value entry point for AI integration.

The Data Foundation: Enabling AI-powered SOC
Addressing fundamental data challenges is crucial for the success of AI in security operations. A deliberate data strategy prioritizing accessibility, quality, and unified data contexts is necessary for AI agents to operate effectively.

In conclusion, the future of security operations lies in embracing AI’s efficiency gains while maintaining human judgment and oversight. Collaborative multi-agent systems, where human expertise guides AI capabilities, are key to achieving optimal outcomes in the agentic AI era. Cisco Data Fabric, powered by Splunk Platform, provides the necessary data architecture to unlock the full potential of AI in SOC operations.

Tanya Faddoul, VP Product, Customer Strategy, and Chief of Staff for Splunk, a Cisco Company, and Michael Fanning, Chief Information Security Officer for Splunk, a Cisco Company, emphasize the importance of intentional innovation in the evolving landscape of security operations.