What are the most important questions security leaders need to ask vendors of AI-enabled cybersecurity products? What sorts of “tells” indicate that a solution offers more hype than value?
Chief Information Security Officer in Manufacturing2 days ago
I try to determine whether a solution is genuinely AI-enabled or if it’s just AI hype, but it can be difficult to get a clear answer. Every vendor claims to have AI, so I press for specifics on what makes their product AI-enabled or AI-powered. Sometimes, it’s not truly AI; it might just be machine learning or even traditional software with a new label. I want to understand what makes the solution unique, why it’s considered AI, and how it drives value.
If AI is automating something or enabling capabilities that weren’t possible a few years ago, that’s meaningful. However, I often find that the only difference is a generative AI prompt layered on top of an existing product to expedite queries. While that can be helpful, it may not justify purchasing the product solely for that feature. It’s important to separate the noise from real value and determine if the AI genuinely delivers ROI. If I can get past that, I then explore how the AI works within the security context and how both the system and automation are protected. I also ask whether the product leverages generative AI in a substantial way, rather than just offering a surface-level user interface enhancement.
Content you might like
What's your experience with SAP ERP on Prem security testing? What kind of engagement did you choose for your SAP landscape—was it a deep-dive technical System Audit, a full-scope Red Team scenario, or something in between? What was the 'why' behind your decision, and what were your key takeaways?
I try to determine whether a solution is genuinely AI-enabled or if it’s just AI hype, but it can be difficult to get a clear answer. Every vendor claims to have AI, so I press for specifics on what makes their product AI-enabled or AI-powered. Sometimes, it’s not truly AI; it might just be machine learning or even traditional software with a new label. I want to understand what makes the solution unique, why it’s considered AI, and how it drives value.
If AI is automating something or enabling capabilities that weren’t possible a few years ago, that’s meaningful. However, I often find that the only difference is a generative AI prompt layered on top of an existing product to expedite queries. While that can be helpful, it may not justify purchasing the product solely for that feature. It’s important to separate the noise from real value and determine if the AI genuinely delivers ROI. If I can get past that, I then explore how the AI works within the security context and how both the system and automation are protected. I also ask whether the product leverages generative AI in a substantial way, rather than just offering a surface-level user interface enhancement.