The Role of AI in Cybersecurity: Promises, Pitfalls, and Best Practices

Artificial intelligence was once a futuristic concept reserved for sci-fi and speculation. Today, nearly everyone interacts with AI on a regular basis – whether they realize it or not. A whopping 99% of U.S. adults engage with AI-enabled products weekly, yet this technology has become so ubiquitous that 64% of people don’t know they’re using AI features.  

The AI hype has reached cybersecurity, too. As organizations aim to capitalize on the latest tech advancements by building AI into their security strategies, it’s critical that leaders understand where AI delivers real value, where it falls short, and how to apply it responsibly.  

We’ll explore the role of AI in cybersecurity today – its benefits and limitations, how attackers are using it, and the best practices organizations should follow to ensure AI strengthens (rather than undermines) their security posture. 

Benefits of AI in Cybersecurity  

For years, defenders have faced a compounding set of challenges: attackers are getting faster and more sophisticated, sprawling networks create expanding attack surfaces, and overwhelming alert volume leaves security teams stuck in a cycle of reactive defense.  

Amid challenges like these, it’s little surprise that over 70% of security leaders have adopted or are evaluating AI for their security operations. As Chris Boehm, Field CTO at Zero Networks, points out, the greatest benefit of AI in cybersecurity today comes down to its data ingestion and summarization capabilities:  

Artificial intelligence can help security teams respond faster and more accurately to cyber threats, delivering benefits like:  

• Accelerated threat detection and investigation: Tools like EDR/XDR or SIEM may log thousands of potentially risky events; AI can recognize anomalous patterns, correlate events, and deliver faster insights during incident response.  
• Enhanced alert prioritization and context: Security teams are exhausted by chasing down alerts from detection tools – 83% say they're overwhelmed by alert volume, false positives, and a lack of context. AI-enabled solutions can help escalate important alerts, delivering the context security teams need to make informed decisions.  
• More comprehensive threat insights: Defenders have access to a vast amount of vulnerability data – the Common Vulnerability Scoring System (CVSS), CISA’s Known Exploited Vulnerabilities (KEV) catalog, the Exploit Prediction Scoring System (EPSS), and an organization’s internal insights can deliver an unstructured roadmap to threat prioritization. AI can help bundle and turn disparate cyber threat data into an actionable prioritization model.  

Probabilistic vs. Deterministic Security Controls: AI and Automation  

The line between AI and automation in cybersecurity can feel blurry, but the distinction typically comes down to a probabilistic vs. deterministic approach.  

AI-driven security is probabilistic – it may rely on confidence scores or behavioral inference based on recognized patterns. On the other hand, deterministic automation leverages defined rules based on real-world activity to implement controls like least-privilege access or microsegmentation.  

At Zero, our automation engine learns allowed network behaviors in order to create dynamic rules for identities and assets. Using Zero as an example, Chris Boehm breaks down what makes deterministic automation different this way:  

“Zero Networks learns and then provides automation on top of that without guessing … when you deploy [Zero], we will learn based on each asset and we’ll tell you what that asset is doing – like a machine, server, service account – and then we control it, manage it, and automate it. So, that almost feels like artificial intelligence, but we don’t advertise that capability at all; we advertise the capability of learning.” 

In other words, AI makes a highly educated guess while deterministic automation relies on learned realities. 

AI Cybersecurity Risks: Hidden Vulnerabilities and New Threats  

AI has expanded security leaders’ tool kits, but it has introduced a new era of threats, too. Not only does the unchecked use of AI across the business create hidden vulnerabilities, but attackers’ adoption of AI-enabled tactics also translates to faster, more sophisticated threats.  

AI Security Risks and NIST Overlays  

It’s no secret that widespread AI use introduces new security risks to an organization –  just 20% of security leaders are confident in their ability to secure their own AI models against cyber threats. Israel Bryski, CISO at MIO Partners, says it’s up to CISOs to accurately identify and communicate those risks:  

As organizations accelerate AI adoption, many existing security frameworks have struggled to keep pace with the unique risks AI introduces. To address this gap, the National Institute of Standards and Technology (NIST) released new control overlays designed to help organizations apply existing security controls to AI systems more effectively. 

Rather than creating an entirely new framework, NIST’s overlays adapt existing controls to address AI-specific risks such as model integrity, training data protection, explainability, and supply chain exposure. These overlays help organizations contextualize how traditional controls, such as access management and incident response, should be applied when AI systems are involved. 

NIST’s guidelines reinforce the reality that AI risk is not a standalone problem – building more robust protection in an AI-enabled era often comes down to strengthening cybersecurity fundamentals.   

Limitations and Pitfalls of AI in Cybersecurity  

With AI hype at an all-time high, security leaders should understand the realities of AI’s current shortcomings. Today, AI-driven security solutions struggle when it comes to accuracy – whether it’s due to poor training data quality or AI models’ probabilistic nature, hallucination and other errors remain a persistent challenge.  

AI-driven tools infer risk based on patterns and likelihoods, but not certainty or proven behavior. This means that, while AI is valuable for tasks like prioritization or summarization, it’s risky when treated as an authoritative decision-maker. Because of this, false positives remain a key concern, particularly in complex environments.  

Data quality is another AI pitfall. Since AI solutions are only as effective as the data they ingest, gaps in visibility, biased training sets, or rapidly changing environments can quietly degrade accuracy.  

Perhaps most importantly, AI does not enforce security on its own – it can identify suspicious behavior, but it does not inherently stop lateral movement, revoke access, or contain breaches. So, in flat or overly permissive networks, AI can easily become an observer to widespread compromise rather than a barrier against it. 

Ultimately, security teams must remember that AI isn’t a silver bullet; while it can do certain things very well, it cannot – and shouldn’t – do everything.  

How Attackers Weaponize AI 

Attackers are embracing AI as enthusiastically as defenders – and arguably, with greater success. Eighty percent of ransomware attacks reviewed in research from MIT used AI for everything from phishing campaigns and deepfake-driven social engineering to password cracking and more.  

Hackers’ adoption of AI means adversaries can churn out tailored campaigns in a fraction of the time it used to take. For example, it takes scammers about 16 hours to manually craft a convincing phishing email; with the help of AI, attackers can design highly targeted messages in minutes. Beyond phishing, attackers are using AI to:  

• Accelerate lateral movement after gaining initial network access by analyzing network behavior to uncover viable privilege escalation opportunities 
• Quickly identify exposed services, misconfigurations, and high-value targets through AI-enabled reconnaissance  
• Bypass detection tools with malware designed to obfuscate payloads, evade signature detection, and more  

Best Practices to Reduce Cyber Risks with AI  

Security leaders looking to embrace AI without introducing new risk or complexity can ensure the success of their AI initiatives with a few key best practices.  

Prioritize Explainability  

If AI-driven decisions cannot be explained to regulators or executives, they may create more risk than they reduce, so explainability is the most important factor when considering an AI security tool. As Boehm points out:  

“If you’re looking at artificial intelligence-powered anything, if it can’t explain what it’s doing, it’s not worth considering. It has to be able to explain to you how it came up with that decision and walk through the process of the decision making … Can you explain it to your peers? Can you explain it to your board of directors? Can you explain it to a regulator? Make sure to prioritize explainability if you’re looking at artificial intelligence.”  

Pair AI Insights with Enforceable Controls 

AI excels at identifying risks; to prevent widespread breaches and business disruption, security teams should ensure that AI-driven insights are tied to enforceable controls. Detection without containment leaves organizations at a constant disadvantage.  

Deploy AI Strategically  

Not every AI solution is right for every organization. Rather than leaning into the hype, security leaders should first consider where their greatest challenges and gaps lie today, then identify AI solutions that can help – not the other way around.  

Building Business Resilience in the AI Era  

When used to accelerate analysis, provide context, and reduce noise, AI empowers security teams to operate more effectively in the face of growing complexity. But placing too much trust in probabilistic AI tools can leave security leaders to manage a new crop of growing risks.  

As AI tech evolves at warp speed, organizations can unlock the greatest value from a controlled, deliberate strategy that aligns artificial intelligence to its best, safest use without losing sight of long-term objectives.  

To find out how you can build a self-defending network architecture that safeguards business resilience – without adding new risks or operational complexity – through robust, deterministic automation, request a demo.