5 Questions to Cut Through the AI Security Hype

By asking the right questions, CISOs can decide whether adding artificial intelligence (AI) to improve security makes sense.

The hype around artificial intelligence (AI) has led to exaggerated expectations. For security leaders, the reality is that current AI technology, including machine learning (ML) techniques, can augment security capabilities. In the area of anomaly detection and security analytics, humans working with AI accomplish much more than without it. And while not risk-free, AI within security is more likely to create jobs rather than eliminate them.

However, simpler solutions can be as effective and cost less. And AI solutions for security can still be immature technologies. Given current technology restraints, AI should be an addition to existing security practices rather than a complete solution.

The IT Roadmap for Cybersecurity

Best practices to create a resilient, scalable and agile cybersecurity strategy.

Download Roadmap

CISOs should ask these five questions before investing in the technology for their security programs:

1. What should CISOs and their teams know about AI?

One major challenge surrounding AI is the hype. Buzzwords like “next-generation” and “holistic approach” make big promises but most likely just mean “our latest release” and “multifunction.” Security and risk (SRM) leaders and teams must be savvy about marketing and the myths that exist in the AI world.

Focus on the actual benefits of the technology rather than rely on vendor claims or assumptions. It is key that security teams understand the basics about AI to assess how the technology might reasonably help security strategy.

Read more: Gartner Top 9 Security and Risk Trends for 2020

2. What is AI’s impact on SRM?

The promise of AI technology is that it will process data and apply analytics much better than human teams. Improved automation and data analytics applied to security analytics and infrastructure protection offer to:

  • Find more attacks

  • Reduce false alerts

  • Perform faster detect-and-respond functions

The CISO should take the lead in establishing what the organization requires and how AI can assist in that. CISOs should also set reasonable expectations for what AI can realistically provide and select projects based on areas where AI can have the greatest impact.

Read more: Security Experts Must Connect Cybersecurity to Business Outcomes

3. What is the state of AI in security?

Recognize that the technology is not mature and continue to treat AI offerings as experimental, complementary controls. “AI as a feature” is applied on existing platforms across a variety of key initiatives, including:

  • Threat and anomaly detection
  • Identity analytics and fraud detection
  • Compliance and privacy risk management
  • Bot mitigation
  • Data discovery and categorization
  • Asset discovery
  • Policy automation
  • Security orchestration

4. What should CISOs ask vendors about AI security?

Although AI has a coolness factor, other existing solutions can achieve similar results. Understand the risks of a new solution and how the AI offering will outperform what the team is already using. Some questions for vendors include:

  • How can we view/control data used by the solution?
  • Does the solution send data outside of our organization (call home)?
  • What are the relevant security and performance metrics to measure the results from AI?
  • Are there peer reviews of the solution?
  • How much staff and time are required to maintain the solution?
  • How does your solution integrate into our enterprise workflow?
  • Does your solution integrate with third-party security solutions?

Depending on the answers, leaders may decide the costs and risks outweigh the benefits and decide to skip the extra expense.

Read more: How Security and Risk Leaders Can Prepare for Reduced Budgets

5. How does AI impact your workforce strategy?

AI might require additional roles or skill sets. Competition for these new skills is fierce, and finding “data security scientists” or “threat hunters” can be challenging. Because skills are constantly evolving, it can be more productive to focus on hiring people with trainable traits like digital dexterity, innovation and business acumen. Consider how to approach talent and skills gaps before purchase.

CISOs armed with the answers to these questions will be better prepared to decide whether and how to invest in AI.

Gartner clients can read more in the full research, 5 Questions That CISOs Must Answer Before Adopting Artificial Intelligence, by Jeremy D'Hoinne, et al.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Gartner IT Roadmap for Cybersecurity: A Resilient Strategy

Gartner IT roadmap for cybersecurity based on unbiased research and...

Learn More


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching