AI in Cybersecurity: How It's Used, Where It Works, and What's Overhyped

Nearly every vendor in your inbox claims AI is transforming security. Your board is asking how you're "using AI" for defense. Meanwhile, your team is still manually triaging the same alert queue they were drowning in before the AI features showed up.

You are not imagining the disconnect. Surveyed SOC teams bear it out: 40% that run AI/ML tools have not made them a defined part of operations, and 42% run them entirely out of the box with zero customization. AI is present in security tooling, but operational use of it remains inconsistent. The gap between vendor claims and practitioner experience is real, measurable, and worth mapping precisely.

Evidence is strongest where AI handles bounded security tasks with measurable outputs. It weakens as vendors move from specific workflow support to autonomous SOC promises. Procurement and architecture decisions need that distinction.

TL;DR:

• AI delivers its most reliable value on bounded tasks with clear training data and measurable outputs, including malware behavioral detection, alert triage, phishing classification, and behavioral analytics.
• The fully autonomous SOC is still more promise than practice; practitioners do not yet trust AI to own mission-critical functions, and most real deployments keep it to lower-stakes work like enrichment and summarization.
• AI in security operations tends to widen alert coverage more than it speeds up any single investigation, which matters most for teams leaving large parts of their queue uninvestigated.
• Two products can run comparable AI and still differ entirely in who owns the outcome when something goes wrong, because accountability is set by the operating model rather than the model architecture.

Where AI Delivers Documented Value

The five areas below share that profile: a narrow task, clean training data, and a measurable baseline. They are where AI's track record in security is best documented.

1. Alert Triage and Coverage Expansion

Alert triage is one of the most common AI use cases in security operations. Among surveyed SOC practitioners, detection and triage of threats is the single most cited AI application, at 82%.

Coverage is where AI triage pays off most: it reduces the number of alerts that go uninvestigated and closes a structural blind spot. Faster review of alerts that a team would already have examined is a secondary benefit.

2. Malware Behavioral Detection

ML-based behavioral analysis in EDR platforms analyzes process behavior, including system calls, file operations, and execution chains. File-signature matching is a separate detection method.

Peer-reviewed malware-detection benchmarks vary across datasets, models, and evaluation conditions, and results achieved in lab settings may be difficult to replicate in production. Model freshness matters, and concept drift makes ongoing retraining a requirement.

3. Phishing Detection and Classification

ML-based phishing detection often outperforms legacy blacklist and rule-based approaches, though the performance gap varies by dataset, features, and deployment context. Blacklist and rule-based methods trail ML on accuracy across benchmark comparisons. Random Forest models have reached 98.16% accuracy in recent testing. Logistic Regression is also commonly considered efficient enough for near real-time prediction in many deployment settings.

NLP-based models can exhibit higher false-negative rates when phishing tactics evolve, such as through reworded or LLM-rephrased messages. AI-generated phishing lacks the grammatical tells that legacy pattern-matching relied on, and novel approaches bypass predefined rules. Detection models are getting better, but attackers have AI too.

4. Behavioral Analytics (UEBA)

ML models that establish statistical baselines of normal user and entity behavior catch what signature matching often misses: compromised credentials and insider threats, where a stolen login produces no malicious file to match against. In the same survey, 64% of practitioners cited behavioral pattern identification as an active AI application, much of it aimed at identity-based attacks.

5. SOC Efficiency and Breach Cost Reduction

IBM's breach-cost research links broader use of AI and automation to faster detection and containment and lower breach costs. Treat the takeaway as directional: organizations that lean on AI and automation tend to handle breaches more efficiently, though the finding reflects a correlation across many organizations rather than a guaranteed result for any single one.

What's Overhyped

Vendor marketing around AI in cybersecurity has become functionally undifferentiated. Most SIEMs claim AI features, and most SOC tools promise to "eliminate alert fatigue." The gap between claims and operational reality is well documented.

1. The SANS Verdict

The SANS survey is the clearest signal. AI/ML and automation are the most commonly planned expansions in SOC tooling, yet they rank among the lowest in value delivered. The survey describes this as a "worrisome juxtaposition." Seth Misner, in the survey's accompanying commentary, draws a deliberate parallel: in 2017, asset discovery held the bottom satisfaction position. AI/ML occupies the same early-disappointment slot today.

2. AI Triage Depends on Pattern Matching

Peer-reviewed research and industry sources have raised broader concerns about the transparency and auditability of LLM reasoning.

During evaluation, separate autonomous triage from pattern matching and enrichment. Teams that don't draw that line tend to be disappointed by what they bought.

3. The Autonomous SOC Is Not Trusted for Mission-Critical Functions

AI SOC agents are still at an early stage of adoption, where vendor claims outpace production deployments.

The autonomous SOC remains a vendor aspiration. Organizations deploying AI in their SOCs keep it to constrained, lower-risk areas like alert enrichment and investigation summarization.

4. GenAI Assistants Carry Structural Risks

LLMs in security workflows introduce hallucination risk and auditability gaps in SOC environments. SOCs handle sensitive data such as logs and incident evidence with data-sharing constraints on third-party LLM APIs. Attackers can also craft prompts to induce misleading outputs. NIST's draft Cyber AI Profile (IR 8596) identifies AI hallucination as a key risk that requires human-in-the-loop oversight.

The Risks Practitioners Must Account For

AI in cybersecurity introduces failure modes that have no equivalent in traditional security tooling. These require specific governance responses that go beyond vendor assurances.

1. Adversarial Attacks on AI Models Themselves

NIST AI 100-2e2025 formally taxonomizes evasion attacks (crafted inputs that cause misclassification) and poisoning attacks (manipulated training data that corrupts model behavior). MITRE ATLAS documents a case where attackers analyzed a malware-detection system and crafted modified samples that successfully evaded it. The NCSC identifies "evade detection" as one of eight technical goals in adversarial attacks against machine learning systems: attackers may alter a model or its inputs so those inputs are not correctly classified by the deployed model.

2. Concept Drift and Data Staleness

Models trained on historical data become less accurate as the threat environment evolves. NIST IR 8596 mentions concept drift as an AI-related issue, but the available text does not explicitly classify it as a routine operational risk. Without real-time model performance monitoring, security teams cannot distinguish between a model degrading from stale data and one compromised through poisoning.

3. Prompt Injection Is a Production Vulnerability

Prompt injection ranks as the top vulnerability in the OWASP Top 10 for large language model applications. A documented production example is CVE-2025-32711, which affected a widely deployed productivity assistant with a CVSS score of 9.3. The vulnerability involved AI command injection that could have allowed data theft. Trend Micro reports that AI-related CVEs rose sharply year over year, and identifies agentic AI as an emerging vulnerability category.

4. Over-Reliance Erodes Human Capability

SANS said all five of its "Top 5 Most Dangerous New Attack Techniques" at RSAC 2026 had an AI dimension. Its AI Summit put the risk bluntly: once AI-generated data crosses "a trust boundary that assumes human input," failure is effectively guaranteed. When teams rely on AI outputs without engaging with underlying alerts, analytical skills atrophy. The organization loses capacity to catch threats that fall outside the model's trained expectations.

Decision Criteria

Choosing between AI security products and service approaches is mostly about operational fit. Match each evaluation question to the constraint in your environment.

1. If a Vendor Cannot Specify What Type of AI Is in Use, Walk Away

Ask the vendor exactly where the AI component ends and rule-based logic begins. A vendor who cannot answer is probably selling AI-washed software, and that one question screens it out before any deeper technical review. SC World frames this within a broader read on a vendor's strategy, policy enforcement, detection and response, and risk management.

2. If Performance Metrics Come Only From Internal Benchmarks, Discount Them Heavily

Accuracy figures from a vendor's own controlled lab conditions tell you little about how a model behaves on your traffic. Before going further, request false positive and false negative rates from production deployments. OWASP's guidance on evaluating AI red-teaming providers sets a comparable bar for production evidence.

3. If You Need Risk Transfer and Contractual Accountability, Choose the Right Operating Model

Accountability separates AI SOC platforms from MDR services more than technical sophistication. AI SOC tools automate triage and investigation while your team operates them, owns the outcomes, and carries the liability. Legacy MDR services own the investigation and response cycle with contractual accountability. A more recent AI-native MDR model may use similar AI capabilities to an AI SOC platform, but the operating model still determines who owns the outcome. If your organization lacks 24/7 staffing or needs risk transfer, evaluate MDR providers first, regardless of how similar the underlying AI capabilities appear.

4. If Explainability Is Absent, Your Compliance and Audit Position Is Exposed

Without an explanation for each AI-generated finding, you cannot defend a decision to an auditor or a regulator. Require that capability before deployment, or choose a provider that can produce it. NIST AI RMF 1.0 treats explainability as a core characteristic of trustworthy AI, and the EU AI Act places operational obligations on deployers of high-risk systems, including monitoring their operation and reporting serious incidents.

5. If the Vendor Has Not Addressed Adversarial Resilience, the AI System Is an Unmanaged Attack Surface

Vendor red-teaming often stops at jailbreak-style testing instead of system-level evaluation. OWASP's vendor-evaluation guidance sets a higher bar: strong providers design novel attacks rather than reusing public jailbreak libraries, and they test tool calls, permission boundaries, and workflow actions. If the vendor cannot articulate a threat model for the AI component itself, treat that system as an unmanaged attack surface in your risk register.

6. If a POC Runs in the Vendor's Environment Instead of Yours, the Results Are Not Transferable

A POC that runs against a vendor's demo data only proves the demo works. To learn whether the system performs on your traffic, require a time-limited POC against your own data and your own success criteria before any procurement decision. Most teams roll AI out the same way, starting in lower-risk areas before expanding.

That discipline is what separates an AI feature review from an actual buying decision. The market has plenty of demos. Judge the system by its behavior against your data and workflows under your accountability model.

What Decides Who Owns the Outcome

The evidence for AI in cybersecurity is strongest where the task is bounded and the output is measurable, as it is for malware detection, triage, and phishing classification. It thins as vendors move from specific workflow support toward autonomous SOC promises that practitioners do not yet trust for mission-critical work. AI also brings failure modes with no equivalent in traditional tooling, from adversarial manipulation and concept drift to prompt injection and the slow erosion of analyst skill. None of this argues for avoiding AI, only for evaluating it precisely.

The decision that matters is rarely about model sophistication. Two products can run comparable AI and still differ entirely in who owns the outcome when an investigation goes wrong. That difference is the operating model: whether your team operates the tooling and keeps the accountability, or a provider owns investigation and response under contract. That distinction outlasts any single model's accuracy figures, and it is the one worth anchoring a procurement decision to.

This managed-service model is what defines AI-native MDR as a category, distinct from AI SOC tooling a team runs in-house. Daylight is a managed agentic security services (MASS) company for security operations, which combines an agentic platform that runs the full cycle from detection to response with security experts from IR and threat hunting backgrounds.

Frequently Asked Questions About AI in Cybersecurity

How Do I Know If an AI Security Tool Is Actually Using ML Versus Relabeled Rule-Based Logic?

Ask the vendor which model architecture and training data are in use, and where the AI component ends and deterministic logic begins. SC World frames questions like these as a practical filter to apply before any formal technical validation.

What Is the Most Credible Evidence That AI Reduces Security Costs?

The most commonly cited evidence is breach-cost research, which links more extensive use of AI and automation to faster containment and lower average breach costs. Treat it as directional rather than precise: it reflects a correlation across many organizations, not a guaranteed result for any single deployment.

Should I Choose an AI SOC Platform or an MDR Service?

The decision depends on whether you want to own or outsource investigation and response. AI SOC platforms automate triage and investigation for teams with skilled operators; the organization retains full accountability. Legacy MDR services transfer accountability to the provider. AI-native MDR follows the same accountability model while using a different operating approach. If your team can operate and tune an AI platform, the tools path may cost less. If you need 24/7 coverage with risk transfer, the service path fits.

How Often Do AI Security Models Need Retraining?

The evidence used here does not establish a universal cadence. Models degrade as threats and environments change. NIST's draft Cyber AI Profile (IR 8596) notes concept drift as an AI-related risk that can affect model accuracy, which is why retraining cadence is worth monitoring. Any evaluation should include the vendor's retraining cadence and how they measure performance degradation. If the vendor cannot answer this, published accuracy figures are not stable operational guarantees.

Are Attackers Actually Using AI in Production, or Is This Still Theoretical?

Production use is documented. Dark Reading reports a 29-minute average breakout time and adversaries injecting malicious prompts into GenAI tools at over 90 organizations. Another documented example is SesameOp, a backdoor using the OpenAI Assistants API as a C2 channel.