Leveraging AI To Augment Humans in Cybersecurity
There are benefits to using AI to accelerate security. However, full automation requires human insight. Find the right combination of human creativity and machine speed.
Join the DZone community and get the full member experience.
Join For FreeAs artificial intelligence continues its rapid adoption across industries, the cybersecurity sector is exploring how to leverage AI to enhance defenses against increasingly sophisticated threats.
At the recent Fal.Con23 user conference, a CrowdStrike Executive Panel outlined their vision for integrating AI in a way that augments rather than replaces human expertise.
The Need for Speed in Security
A pervasive theme was using AI to accelerate detection and response. With attacks like ransomware compressing breach timelines to mere minutes, velocity is now the single most important metric. Human analysts alone cannot keep pace with threats operating at machine speed. As VP of Managed Detection and Response Austin Murphy summarized, “We’re seeing attacker breakout time plummeting from 118 minutes in 2018 to just 7 minutes last year.”
CrowdStrike aims to use cloud-native AI to provide the speed required in modern security operations. However, fully automated security was cautioned against, given the complex and constantly evolving nature of attacks. While AI can filter noise and handle repetitive tasks, human insight remains critical for responding to novel threats. As Murphy explained, "AI allows junior analysts to operate at a senior level by handling basic triage — but judgment calls still require human creativity and intuition."
Evolving Adversary Tactics
The panelists gave chilling examples of how generative AI could supercharge social engineering, which remains a top attack vector. Using compellingly authentic synthetic voices and personalities, threat actors could efficiently trick targets at scale. This demonstrates the double-edged nature of AI — its democratization creates new risks.
VP of Professional Services Justin Weissert recounted seeing the evolution of attacker sophistication first-hand: "You could actually see that the C squad was trying to get back in, and then you see a little bit later a new group come in, and you can see your commands that they're typing that, you know, it's like, ‘Hey, you were there to maintain presence in this environment. Now, get out of the way. Let the A SWAT come in.’"
To stay ahead of AI-empowered adversaries, CrowdStrike is enhancing platforms like its assistant Charlotte with conversational interfaces. This enables seamless collaboration between humans and AI, with Charlotte translating natural language queries into machine-executable actions. Such partnerships combine the nuance of human expertise with the speed and scalability of AI.
The Human in the Loop
Transitioning to this future was compared to moving from assembly language to modern compilers and IDEs. It raises the abstraction layer, allowing analysts to focus on high-value strategic tasks instead of routine log analysis. But it was cautioned this is an evolution, not instant transformation - AI maturity takes years of carefully curating models with quality data.
In terms of oversight, the panelists emphasized AI should be treated as a domain requiring specialized skills. Concepts like neural network sanitization and monitoring for misuse are not well understood yet. Dedicated roles like Chief AI Officer were proposed to ensure privacy and ethics. The parallels to safely adopting cloud and shadow IT were drawn.
For developers and architects looking to integrate AI, the advice included starting incrementally with low-risk use cases and restricting access until governance practices mature. Transparency around how models behave and where data flows is critical, as is considering adversarial techniques like poisoned data. AI opens powerful opportunities but must be adopted thoughtfully.
The consensus was AI cannot wholly replace human judgment in cybersecurity. With threats adapting as quickly as defenses, the combination of human creativity and machine speed is required. But thoughtfully implemented AI can reduce the burden on overstretched analysts by automating repetitive tasks - freeing them to focus on high-impact strategic thinking. This partnership is key to defending against increasingly automated attacks.
As VP of OverWatch Threat Hunting Param Singh explained, "We understand this is no longer a malware problem. This is an adversary problem. Adversaries are actually uploading their malware into VirusTotal to see whether they have detection or not. And they will keep modifying the code until there is no detection and then use it."
The Path Forward
The panelists emphasized starting with the security basics like patching and MFA before chasing "shiny new things" like AI. As Weissert cautioned, "You can't control what you don't know." Visibility into assets and data flows is a prerequisite.
Incremental progress was advised - automating repetitive workflows first while monitoring for misuse. This allows focusing specialist resources on higher value unknown threats. As Singh stated, "Replace yourself with AI, so you can focus more on the unknown unknowns."
In the end, CrowdStrike's mission remains to use technology to empower human defenders. With a robust data foundation and focus on user experience, the goal is frictionless AI assistance. This allows security teams to keep pace with increasingly automated attacks.
As Murphy concluded, "It's not that we don't need Tier 1 and 2 analysts. It's just that we can now get them the training on the basics. What we saw is AI allowing analysts to dedicate their scarce time to high-value creative and strategic tasks only humans can perform."
The Evolving Threat Landscape
The panelists painted a concerning picture of the escalating cyber threat landscape. Beyond AI, they noted adversaries are constantly innovating with new exploitation techniques and ransomware tactics. As Singh described: "Every day we see new techniques, new tactics being used, new permutation and combinations exploit chains that we didn't solve before. And that will increase with AI because the threat actor will also be using it."
This underscores the need for continuous human-guided innovation, as AI alone cannot keep pace with attacker creativity. The defense must leverage both human and machine learning capabilities.
Integrating Human Insight With Machine Speed
A core tenet emphasized was tightly integrating human expertise with AI scalability. As threats operate at digital speed, AI is required to rapidly filter noise and respond. However, human judgment is still needed to identify novel threats missed by models.
Weissert explained: "Generally, I am relying on a system that says, 'Hey, we saw this before. We're going to stop it.' Well, if you haven't seen it, you can't stop it. And I think that's a big part of how we're, you know, trying to combat these things."
By combining human creativity with machine consistency, organizations can achieve the best of both worlds — personalized insight and rapid automation.
The Risks of Misuse
While AI enables scalable efficiencies, its risks were also examined. The panel cautioned that generative models can be misused to spread misinformation or biased perspectives if not properly monitored.
Murphy noted: "We heard stories from our C Suite customers about problems arising because users were playing with this great technology but didn't realize they were sending intellectual property to a third party."
This demonstrates the need for thoughtful oversight before deploying AI, considering elements like data privacy, user authentication, transparency, and bias detection. Rushing adoption without these guardrails in place is dangerous.
Training the Next Generation
Advice was given for training the next generation of security professionals to leverage AI safely and effectively. Concepts like model robustness, ethics, and algorithmic bias must become core to cybersecurity education.
Singh suggested: "We can use AI for shortening the onboarding time. Training exercises that we were doing before can now leverage AI to bring onboarding time down significantly."
With specialized AI skills increasingly mandatory, programs tailored to these emerging technologies will be critical for defenders.
The consensus was blending human ingenuity, and machine efficiency is imperative to tackle modern threats. When thoughtfully implemented, AI-assisted security enables analysts to operate with greater context and at digital speed. This fusion promises to propel cybersecurity into a future where technology and human creativity work in harmony to defeat attacks.
Opinions expressed by DZone contributors are their own.
Comments