The conversation around artificial intelligence in cybersecurity has been loud, optimistic, and, in many boardrooms, disconnected from operational reality. While vendors promise transformative outcomes and leadership teams celebrate AI adoption metrics, the professionals responsible for actual defense are navigating a far more complicated picture.
A recent closed-door roundtable brought together senior security leaders from financial services, healthcare, professional sports, SaaS, and the public sector. Their candid assessments reveal a fundamental tension: AI is simultaneously strengthening and straining the organizations that deploy it.
A Double-Edged Deployment
AI has undeniably added value in specific, measurable areas. Detection workflows are faster. Log analytics surface correlations that human analysts would take hours to identify. Incident response playbooks move quicker when AI assists with triage and initial investigation. These are real gains, and security teams are right to pursue them.
The problem is that adversaries are moving with the same tools and the same urgency. Phishing emails have grown sharper, more linguistically precise, and increasingly difficult to distinguish from legitimate communication. The old heuristics that trained employees to spot malicious content, awkward phrasing, grammatical errors, and suspicious formatting, no longer apply reliably. Attackers are using AI to eliminate those tells.
The downstream effect is counterintuitive. Organizations are reporting higher volumes of suspicious email flags from employees, which suggests growing awareness. But the ratio of genuine threats to false positives has not improved proportionally. Security teams are processing more reports while confirming fewer real incidents. AI is generating signal inflation as much as it is generating insight.
This forces a difficult conclusion. Deploying AI defensively is no longer a competitive advantage. It is the baseline. Organizations that do not integrate AI into their detection and response stack will fall behind, not because they lack ambition, but because their adversaries have already moved on.
The Gaps That Remain
Enthusiasm for AI should not obscure the areas where it consistently underperforms. Firewall rule management is one stubborn example. Over years of incremental policy changes, rule sets become layered and contradictory. Security leaders want AI systems that can autonomously rationalize these architectures at scale. That capability remains largely aspirational.
Third-party and supply chain risk is perhaps the more consequential gap. Over 70% of companies depend on vendors, cloud platforms, third-party and homegrown APIs, and open-source libraries, making risk visibility across this ecosystem genuinely difficult to manage. Despite this exposure, most third-party risk platforms still operate through questionnaires, document reviews, and manual scoring.
AI occasionally helps summarize vendor responses, but it has not solved the harder problem of mapping external dependencies against live internal architecture. Teams are still manually stitching together incomplete data to understand where they are truly exposed.
Recruiting and hiring has also emerged as an unexpected frontier. Deepfake videos and AI voice manipulation are being used to impersonate candidates during interviews. Organizations are now training HR teams to recognize these attempts, a responsibility that barely existed two years ago. Adversarial creativity is scaling faster than defensive adaptation in this space.
What Competent Leaders are Actually Doing
The roundtable participants shared a notably pragmatic tone. None of them described AI as a transformation strategy on its own. They described it as a capability embedded within a broader, disciplined security architecture. AI accelerates detection and response. It improves pattern recognition. It reduces time-to-triage. But it does not replace governance, structural controls, or well-tested incident response processes.
The organizations gaining the most from AI are those treating it as an integrated layer within existing platforms like SIEM and XDR, not as a standalone solution purchased to satisfy a board requirement.
The practical message for security leaders is straightforward. Invest where AI demonstrably strengthens core operations. Stay honest about where it does not. And never mistake faster response for a fundamentally safer organization.
