There seems to be a new article every day in techie media indicating renewed interest in the intersection of artificial intelligence (AI), Machine Learning (ML), and the security industry. Vendors are suggesting that AI has the potential to act as a team member, replace missing expertise, and reduce headcount for detecting, investigating, responding to, and predicting new cyber threats. The concept of a fully computerized SOC may be a dream in a world lacking cybersecurity professionals, but is it a reasonable dream that can be realized?

Increasing the autonomy of the SOC is a noble goal, especially for smaller organizations struggling to hire and retain the necessary cybersecurity skills. However, the need for self-learning and self-repairing capabilities in an autonomous SOC raises an important concern: If your IT and security system becomes self-referential and self-healing, how can you investigate to ensure it’s getting it right? Who watches the watchers?

This talk will explore:
The history of ML, AI, and what is already in your security stack
The dangers and challenges of unrestricted GPT and LLMs, and other chat bots as information sources
Proposals for Humans and AI to work together
How Exabeam uses AI now and in the future