Security Automation Isn’t AI Security
The AI revolution is still relatively young in the InfoSec world. Despite endless floors of vendor booths displaying the latest security device or technology, we're still in the v1.0 realm.
In many cases, while the marketing literature references machine learning, must of the coded approach is actually simple automation.
AI v1.0 is guiding some products automation... where that automation is benefiting from prioritization and reduction in alerts to human operators. I think v1.1 AI will focus on replacing that tier-one human InfoSec analyst - the folks tasked with collating multiple product alerts, evidence, triaging, and packing up an actionable work package to helpdesk or the incident response team.
You can learn more about my thoughts on the topic by visiting the ISACA Now site and read the new blog "Security Automation Isn't AI Security".
-- Gunter Ollmann, Founder/Principal @ Ablative Security