How AI is Shaping the Future of Security Operations
The emergence of artificial intelligence (AI) is compelling organisations to rethink their security strategies, as 66% of organisations now expect AI to significantly impact cybersecurity. While much of the industry conversation focuses on the risks associated with these technologies, there is a powerful opportunity to use AI for security - leveraging generative AI and machine learning to bolster the efficiency of security operations (SecOps), accelerate threat detection, and automate complex vulnerability management
Transforming Security Operations: From Information to Action
One of the most significant shifts in modern security is the transition from AI that merely provides answers to agentic AI systems that act. Traditional security processes have historically been human-driven, leading to scaling issues and "alert fatigue" as businesses grow
Generative AI-powered agents are now addressing these challenges by:
Automating Alert Triage: AI can handle repetitive tasks within Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems.
Creating Contextual Narratives: Rather than presenting isolated data points, AI can synthesise group summaries and offer context-rich overviews of incidents across multiple sources.
Mapping to Industry Frameworks: By using the Open Cybersecurity Schema Framework (OCSF)-a vendor-agnostic standard for security logs—generative AI can automatically map suspicious activities to MITRE ATT&CK TTPs.
Scaling Application Security and Vulnerability Management
AI is revolutionising the "Shift Left" movement by integrating security directly into the development lifecycle. AI-powered security agents provide developers with real-time security feedback and can generate code for security fixes, significantly reducing development costs. Furthermore, through the Model Context Protocol (MCP), these agents can interact with traditional tools like Static Application Security Testing (SAST) to automate routine reviews.
Vulnerability management is another area seeing dramatic efficiency gains. A trained security engineer typically spends over an hour analysing a single Common Vulnerabilities and Exposures (CVE) entry. By using contextually grounded AI applications, this analysis time can be reduced from hours to seconds while maintaining consistent output
The Power of Automated Reasoning
To ensure that AI-generated security outputs are reliable, organisations are increasingly turning to automated reasoning (or formal verification). Unlike machine learning, which makes probabilistic predictions based on patterns, automated reasoning uses mathematical logic to construct proofs.
This technology serves as a critical guardrail for security use cases, such as:
Verifying Code Generation: Mathematically proving the absence of buffer overflows or ensuring memory safety in AI-generated code.
Infrastructure Configuration: Certifying that AI-generated cloud configurations or network topologies do not inadvertently expose private databases to the public internet.
Policy Validation: Ensuring that AI-generated identity and access management (IAM) policies are consistent and compliant with security principles
The Human-AI Partnership
Despite these advancements, the most effective security posture is built on a dynamic human-AI partnership. While AI excels at pattern recognition and processing vast amounts of data, humans provide essential contextual understanding and creative problem-solving.
A fundamental principle for modern SecOps is that the higher the potential impact of a decision, the more human oversight is required. At the enterprise level, AI should not be permitted to autonomously shut down critical services or make major production configuration changes without human verification. Instead, AI should present evidence and recommendations, leaving the final decision to act with human experts.
Conclusion
Integrating AI into security operations is an iterative process that requires a flexible approach and a focus on defence-in-depth. By combining the speed and scalability of AI with human judgment, organisations can move beyond traditional manual processes to create more robust, adaptable, and proactive security programmes.
--------------------------------------------------------------------------------
Source Citation
Amazon Web Services. (2025). AI for Security and Security for AI: Navigating Opportunities and Challenges