The integration of AI into cybersecurity isn’t new, prescriptive AI and machine learning have long been used to identify suspicious activity and raise alerts
A staggering 95 per cent of cybersecurity breaches can be traced back to human error – a stark reminder that despite the growing sophistication of digital defences, it remains people, not machines, who represent the weakest link. From accidental missteps to insider threats and credential misuse, organisations are still grappling with the complex realities of keeping systems secure.
“IT professionals are doing far too much firefighting and not enough prevention,” says Mike Nichols, VP of product for security at Elastic. “They’re pulled in every direction – juggling tasks, switching tools, triaging floods of alerts. Even the most experienced practitioners can miss something critical.”
That high-stakes pressure is pushing many to breaking point. But it’s also making a compelling case for change. According to Nichols, the way forward lies in automation and artificial intelligence – not as a replacement for skilled analysts, but as a force multiplier to amplify their expertise and streamline decision-making.
An expert on your shoulder
The integration of AI into cybersecurity isn’t new. Prescriptive AI and machine learning have long been used to identify suspicious activity and raise alerts. But such systems often suffer from a flood of false positives and brittle rule-based frameworks that adversaries can easily sidestep.
The next generation – powered by generative AI – is more agile and embedded directly into workflows. These systems offer contextual support, allowing analysts to interrogate data in natural language, sort and prioritise alerts, and discover threats faster. Nichols likens it to having “an expert on your shoulder” – a virtual assistant that accelerates the OODA loop: Observe, Orient, Decide, Act.
Once a breach is addressed, AI can ensure lessons learned aren’t lost. Using retrieval-augmented generation (RAG), it can ground future responses in prior incidents, internal ticketing data, and system logs – creating a shared institutional memory that builds resilience over time.
It also helps train junior analysts on the job. Rather than poring over outdated manuals, they can learn in real time through conversational prompts and intelligent suggestions. This makes onboarding smoother and enhances engagement, particularly in remote or hybrid teams.
Cybersecurity is everyone’s business
Nichols argues that one of the greatest missed opportunities in cybersecurity is its siloing within IT departments. “There are brilliant analytical minds scattered throughout organisations – in operations, logistics, finance – who could all help solve security challenges if given the tools,” he says.
AI lowers the barriers to participation, allowing people without traditional security backgrounds to contribute meaningfully. It reframes cybersecurity not just as a technical problem, but as a business-critical challenge with wide-ranging implications for operations, customer trust and strategy.
“When you break out of the security bubble and bring in those fresh perspectives, you often find smarter, more efficient ways to protect the organisation,” Nichols notes.
Barriers to adoption persist
Despite the promise, many organisations remain hesitant. Legacy security information and event management (SIEM) systems can be difficult to part with, and the perceived cost and complexity of migration often stalls progress.
“The issue isn’t the price tag of the new system,” Nichols says. “It’s the hidden cost of switching – rewriting every query, every rule, every process. We don’t have a universal language for cybersecurity. So every migration becomes a reinvention.”
To address that, Elastic has developed “Automatic Import” – a tool that uses generative AI to rapidly onboard data from legacy systems. What once took days can now be done in minutes, with full transparency and visual audit trails to verify success and flag any gaps.
“It’s about building trust in real time,” Nichols explains. “You can see exactly where your security coverage stands before you flip the switch – no guesswork, no black box.”
As the cyberthreat landscape grows more complex, the case for AI-driven defences is only getting stronger. But as Nichols is quick to point out, success hinges on more than algorithms. It’s about people – giving them the right tools, the right support, and the confidence to act before the breach comes.
