{"id":236345,"date":"2026-06-24T07:00:00","date_gmt":"2026-06-24T11:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/24\/ai-in-cybersecurity-has-a-value-problem-not-a-technology-problem\/"},"modified":"2026-06-24T07:05:08","modified_gmt":"2026-06-24T11:05:08","slug":"ai-in-cybersecurity-has-a-value-problem-not-a-technology-problem","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/24\/ai-in-cybersecurity-has-a-value-problem-not-a-technology-problem\/","title":{"rendered":"AI in Cybersecurity Has a Value Problem, Not a Technology Problem"},"content":{"rendered":"

AI in Cybersecurity Has a Value Problem, Not a Technology Problem<\/a><\/p>\n

https:\/\/www.infosecurity-magazine.com\/opinions\/ai-in-cybersecurity-value-problem\/<\/a><\/p>\n

Publish Date: 2026-06-24 07:00:00<\/a><\/p>\n

Source Domain: www.infosecurity-magazine.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. Every security leader I speak with is wrestling with the same question: we’ve invested in AI, so where’s the return? If they\u2019re being honest, the answer is that they likely can\u2019t tell.<\/p>\n

Research indicates that an estimated 70 to 80% of AI initiatives either don\u2019t scale out of the pilot stage or fail altogether, but the reason is rarely that the technology doesn’t work. It’s that organizations haven’t defined what “working” means for them.<\/p>\n

In cybersecurity, this problem is even more acute as security success is, by nature, invisible. When AI stops an attack, nothing happens, and this doesn’t make it onto a dashboard or into a board report. Outcomes are probabilistic and value is routinely misunderstood, so without a clear definition of value, scaling AI becomes an exercise in hope.<\/p>\n

The Adoption Curve Nobody Talks About<\/p>\n

There’s a familiar trajectory to AI adoption in cybersecurity, whereby the tools are purchased and deployed, but the expectations aren\u2019t well defined, and nobody has clearly outlined the goals or metrics of success for what the AI is improving. As a result, while they may see an occasional win, for example a false positives reduction, the project is doomed to be seen as a costly experiment.<\/p>\n

The result is AI layered on top of existing workflows, so the analysts are still drowning in alerts and spending time on tactical tasks that don’t make use of their expertise. The AI is running in the background, but the fundamentals of the work hasn’t changed.<\/p>\n

This is where most organizations stop or change course because they don\u2019t see the promised transformation, despite not articulating the desired ROI from the start.<\/p>\n

Defining Value at the Level That Matters<\/p>\n

The issue isn’t that AI can’t deliver meaningful outcomes. At Abnormal AI, we’ve seen it reduce missed detections, automate triage at scale, and give security teams time back they didn’t know they’d lost. The organizations that extract real ROI share a common starting point: they’ve defined what they’re trying to change before deploying anything.<\/p>\n

To achieve this there are three questions every security leader should be able to answer before scaling AI:<\/p>\n

\tWhat outcomes should it improve? Not in vague terms such as \u2018fewer incidents or better posture\u2019. You need to be specific; mean time to detect, false positive rates, analyst hours spent on low-value triage versus active investigation.
\n\tWhere is time being lost? Most organizations, whether big or small, only have a general sense of how its team spends its time. The reality is that analysts are spending most of their day searching for context, carrying out admin or producing reports, instead of the higher-value work they were hired to do.
\n\tWhich decisions should AI own and which should it assist? This distinction matters. Automating the triage of routine, lower-risk alerts is different from automating the decisions that follow from an active incident. Getting this boundary wrong is how organizations create dangerous over-reliance, or waste AI capability on tasks where human judgment is genuinely irreplaceable.<\/p>\n

Until organizations can answer those questions, scaling AI is premature.<\/p>\n

Beyond Accelerating: Eliminating Work<\/p>\n

Personally, I think the goal of AI in security shouldn’t be to make analysts faster. It should be to eliminate the work that analysts shouldn’t be doing to start with.<\/p>\n

Think about what a security analyst brings to an organization; it’s not the ability to review 300 alerts. Their value lies in reasoned and accumulated judgment, which only comes from having lived through incidents, made mistakes, and learnt from them. That authentic experience isn’t replicable by AI.<\/p>\n

AI is already revolutionizing operations by handling the volume work, such as automating the analysis of user-reported phishing emails, reducing false positives, and identifying anomalies. The goal is to get senior analysts spending more of their time on the things they uniquely do well, and not on operational, tactical tasks.<\/p>\n

Organizations with mature cybersecurity operations capabilities see this translates into metrics that directly correlate with reduced breach costs and operational disruption. These are the outcomes that should anchor an organization\u2019s value definition.<\/p>\n

The Threat Landscape Doesn’t Wait<\/p>\n

The urgency of getting this right is compounded by the fact that threat actors aren’t agonizing over value frameworks. They’re deploying AI to accelerate reconnaissance, personalize attacks at scale, and operate at a speed that human defenders struggle to match.<\/p>\n

I\u2019ve seen this firsthand, with the use of deepfake audio and video in social engineering attempts no longer a work of science fiction. Generative AI has lowered the entry barrier for cybercriminals, making it easier to craft convincing phishing emails, live deepfake voice scams, and hyper-personalized social engineering attacks, which will get more convincing, more accessible, and more prevalent.<\/p>\n

The asymmetry means security teams are always a step behind. Defenders must use AI responsibly, operate within ethical and regulatory frameworks, and demonstrate ROI. Attackers, meanwhile, have none of those constraints.<\/p>\n

That gap narrows only if defenders are deliberate about where AI makes the most significant difference.<\/p>\n

From Isolated Wins to System-Wide Impact<\/p>\n

The path from isolated AI wins to measurable, organizational-wide protection isn’t a technology problem to be solved. It’s a strategic discipline to be developed.<\/p>\n

It starts with mapping the nature of work across your security function and where people spend their time, so that you can identify the specific points where AI will remove bottlenecks, without removing human accountability. Only when those early wins are measured rigorously enough that the value is visible to security leadership, to the CFO, and to the board, should the subject of scaling AI be raised.<\/p>\n

CFOs are already asking harder questions about AI spend, and they’re right to do so. If your organization is spending significantly on AI infrastructure without clear outcomes, the scrutiny will only intensify.<\/p>\n

The companies that get ahead won’t be those deploying AI fastest. They’ll be the ones that identify where it delivers demonstrable results and scale from there. In cybersecurity, the margin for error is too small for anything less.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

AI in Cybersecurity Has a Value Problem, Not a Technology Problem https:\/\/www.infosecurity-magazine.com\/opinions\/ai-in-cybersecurity-value-problem\/ Publish Date: 2026-06-24…<\/p>\n","protected":false},"author":1,"featured_media":236346,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/a941880f-c022-4e3d-a001-6f3d1f251c28.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,25],"class_list":["post-236345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236345"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=236345"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236345\/revisions"}],"predecessor-version":[{"id":236347,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236345\/revisions\/236347"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/236346"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=236345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=236345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=236345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}