Virtually every established security vendor and scores of startups are touting AI-powered security solutions. Incumbents are embedding AI into their existing toolsets. And startups are offering autonomous agents that address specific areas such as vulnerability assessments, email security, endpoint security, or cloud data security.
IDC analyst Craig Robinson says, “Vendors are rapidly embedding AI and generative AI into their incident response workflows to enhance speed, accuracy, and scalability.” Key applications include threat detection, triage, and anomaly detection; generative AI for automated report generation, timeline reconstruction, and executive summaries; natural language queries for log analysis and threat hunting; and AI agents for malware analysis, code interpretation, and adversary behavior prediction.
A survey of CISOs conducted by Splunk reveals that the top use cases for AI and gen AI security are threat detection, triaging alerts, querying security data, automating alert management and response, threat hunting, suggesting investigation steps, threat analysis, and processing phishing emails. Novel uses of AI for defense are rapidly evolving, including machine-learning generative adversarial networks. And agentic AI use cases for cybersecurity are already on the horizon.
