AI tools are showing up in analyst workflows whether your organization plans for it or not. A Tier 1 analyst dealing with a hundred alerts a day will find ways to work faster — and if the org hasn’t provided sanctioned tools, they’ll use unsanctioned ones. That’s not a criticism, it’s human nature under pressure. ...
Tier 1 analysts using AI for alert triage is one problem. Security engineers integrating AI into automated pipelines is a different one — and in some ways a harder one. When AI is in the pipeline, the decisions it influences happen at scale, without a human in the loop on every call, and the code you write today becomes the attack surface your team defends tomorrow. ...
Every major cloud provider has an AI product now. Most of them are genuinely useful. They’re also asking you to send your data — your queries, your context, your documents — to infrastructure you don’t control, operated by a company whose incentives around data retention may not align with yours. ...