The growing role of AI in cybersecurity
By Gareth Cox, Vice President Sales Asia Pacific and Japan, Exabeam
The rapid evolution of Artificial Intelligence (AI) is reshaping industries worldwide, and AI in cybersecurity is no exception.
With AI’s ability to process vast amounts of data and identify patterns that humans might miss, organisations are keenly deploying AI tools to stay ahead of increasingly sophisticated cyber threats. The promise is clear: faster detection, quicker response and, ultimately, stronger defences.
From large enterprises to nimble start-ups, businesses are investing in AI-driven security platforms to streamline operations, reduce costs, and safeguard digital assets. Meanwhile, cybersecurity vendors are racing to incorporate AI into a growing number of products, betting that these capabilities will differentiate them in an intensely competitive marketplace.
Expectations v Reality
However, as with any emerging technology, there is a risk that expectations may outpace reality. A recent industry report by Exabeam underscores this point. It found that that in Asia Pacific and Japan (APJ), while 71% of executives believe AI has already delivered significant productivity improvements, only 5% of security analysts – those using the tools daily – agree.
At the heart of this disconnect is a familiar challenge in the tech world: the tendency to ‘over-promise and under-deliver’. In the rush to capitalise on AI’s potential, some vendors have positioned their offerings as silver-bullet solutions, capable of transforming cybersecurity overnight.
Such claims often do not align with the complex, evolving nature of cyber threats or the practical realities of deploying new technologies within established security environments.
For CISOs and security leaders, navigating this landscape requires a clear-eyed assessment of vendor promises and a commitment to measurable outcomes. It is crucial to separate marketing hype from genuine innovation, ensuring that investments in AI translate into meaningful gains for security teams.
Delivering value through intelligent automation
Despite these challenges, AI does offer significant opportunities to enhance cybersecurity when applied judiciously.
One of its most valuable capabilities lies in its ability to process enormous volumes of data by sifting through network traffic, logs, and user activity to identify anomalies and potential threats that may elude human analysts.
By automating the initial detection process, AI can dramatically lighten the workload of security teams. Instead of spending hours combing through false positives or routine alerts, analysts can focus on high-priority incidents and strategic threat hunting.
In addition, AI tools can now play a vital role in the investigation phase. Once a threat is detected, AI-driven systems can rapidly compile relevant data, map out attack vectors, and generate comprehensive reports. These insights empower analysts to make faster, more informed decisions about containment and remediation.
Autonomous response capabilities
Looking ahead, one of the most exciting frontiers for AI in cybersecurity is autonomous response. By enabling AI systems to take predefined actions, such as isolating compromised devices, blocking malicious IP addresses, or initiating containment protocols, organisations can significantly shorten the time between threat detection and response.
Such capabilities are particularly valuable in the face of fast-moving attacks, where minutes can mean the difference between a contained incident and a widespread breach. While fully autonomous cybersecurity remains an aspirational goal, ongoing advances in agentic AI are steadily moving the industry closer to this vision.
Managing expectations
However, amid the progress, it is vital for both vendors and enterprise buyers to manage expectations.
AI is not a magic wand and, while it can dramatically enhance certain aspects of cybersecurity, it cannot replace the need for skilled human analysts or eliminate all risks. Overly inflated expectations can lead to disillusionment.
A more balanced approach, grounded in a realistic understanding of AI’s strengths and limitations, will yield better long-term outcomes.
It is also important to recognise that AI introduces new challenges of its own. For example, the widespread adoption of large language models (LLMs) within enterprise environments is creating fresh attack surfaces. Cybercriminals are quick to exploit these opportunities, using AI to manipulate LLM outputs, bypass controls, or craft more convincing social engineering attacks.
At the same time, the offensive use of AI by malicious actors is escalating. Attackers are leveraging AI to automate the delivery of malware, generate highly persuasive phishing emails, and create deepfake audio and video content that is difficult for even trained users to detect. These developments underscore the need for continuous innovation on the defensive side.
Toward a smarter, safer future
For IT security vendors and enterprise leaders alike, the path forward demands both ambition and caution. The potential of AI in cybersecurity is undeniable, but realising that potential will require thoughtful deployment, ongoing learning, and a collaborative approach that bridges the gap between vendors and frontline users.
As the age of agentic AI dawns, its impact on cybersecurity will continue to grow. But success will depend on a shared commitment to clarity, accountability, and delivering real, measurable improvements.
