Do you believe it when cyber security solutions claim they’re using AI?

Security & GRC Artificial Intelligence & Machine Learning (AI/ML)Vendor/Product Assessment

1.9k views20 Comments

Member Board of Directors in Finance (non-banking), 201 - 500 employees

There are a number of cyber security vendors that claim they have AI embedded in their tools—CrowdStrike comes to mind, among others. They have some automation but it’s not nearly what we would define as AI.

Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees

I would say it's actually machine learning. Claiming that there’s AI is a marketing thing. Even Microsoft claims that they do AI with their endpoint antivirus and Office 365 in the cloud, but I haven't seen any proof that they're doing true AI.

Sr. Director of Enterprise Security in Software, 5,001 - 10,000 employees

Especially in the EDR anti-malware space, every solution right now says it's signatureless detection and behavioral-based recognition, but I think that's just a different kind of signature. You’re just responding to a different pattern. I haven't seen anything that can actually show that there's a SolarWinds breach which it has already shut down, like, “We found this CVE that just came out today in your environment and we've already shut it down.” Show me that product.

1 1 Reply

CEO in Manufacturing, 11 - 50 employees

That's powerful. Zero day plugs immediately.

Director in Software, 51 - 200 employees

They use process automation, but these machine learning processes often times capture the wrong inputs, leading to corrections and added man hours to certain steps. Can be used for certain processes though.

Founder/CTO in Hardware, 11 - 50 employees

There are cyber security companies that say they have AI. I don't believe that it is what I think is true AI. I suspect it is more advanced rule sets.

CIO in Software, 51 - 200 employees

I believe the roles are getting reversed too early in DevSecOps. Mundane repeating tasks are done by human and human filled department is resorting to AI. If we have lack of intelligent people in department or we do not believe our people to take a decision that makes sense. I believe the DevSec vendors are relying to the fact that we do not inherently believe our security team's intelligence but we do not speak about it.
If you go behind the scenes little, you would realize that these AI operations are just a little more than operations automation
If we as CTO/Leads get carried by buzzwords of marketing, it inherently means we are not updated ourselves. I must admit it is an uphill task though.
So in summary - little bit of automation and machine learning is what most vendors call it AI

CIO in Finance (non-banking), 5,001 - 10,000 employees

Can't say for the moment.

CIO in Services (non-Government), 1,001 - 5,000 employees

In most industries, the Marketing people need something snappy. Look at "Cloud" which was in operation long before the name came into being. AI is similarly one of those. Computers do not have "Intelligence" as yet and all they are doing is learning and not repeating mistakes. Anti-virus updates are a type of machine learning, but we do not call it AI. At the end of day, manual oversight of all systems is necessary - haven't you seen Terminator!!!

CTO, Cybersecurity in Finance (non-banking), 10,001+ employees

No - the most advanced vendors at their very best are using statistical analysis, not artificial intelligence.

VP of Engineering in Education, 10,001+ employees

Nope. Need to see exactly what they are doing. Lot of false claims.