Notifications
Clear all
Topic starter
27/06/2026 1:07 pm
TL;DR: AI is changing how security teams operate, with Abnormal Security positioning its Innovate 2025 keynote around doing more with less and defending against email-based attacks while industry leaders weigh AI strategy for cybersecurity and data analytics. The governance issue is not AI enthusiasm, but whether identity, access, and operational controls can keep pace with machine-accelerated security work.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern AI-assisted security workflows?
A: Treat AI-assisted workflows as governed identity pathways, not just tools.
Q: Why do AI tools create new access governance risks for security teams?
A: AI tools often sit close to mail, data, and response systems, which makes their permissions unusually broad.
Practitioner guidance
- Map every AI-enabled security workflow to an identity owner Document which human, service account, or platform identity can read data, enrich alerts, recommend actions, and execute remediation so each action has clear accountability.
- Review delegated access for email security platforms Audit mailbox, directory, and response permissions used by the defensive stack and remove any standing access that exceeds the minimum necessary scope.
- Separate model output from approved action Require analysts to distinguish AI-generated findings from evidence-backed decisions, especially where automation can trigger remediation or ticket creation.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The keynote discussion between Abnormal Security CEO Evan Reiser and Databricks co-founder Arsalan Tavakoli-Shiraji on AI strategy for security and data analytics.
- The vendor's explanation of how its AI-native approach is positioned against email-based attacks in operational environments.
- The webinar framing around how security leaders are thinking about AI in 2025 and beyond, including executive-level priorities.
- The on-demand format and ISC2 CPE eligibility details for teams that need continuing-education credit.
👉 Watch Abnormal AI's on-demand webinar on AI in cybersecurity and data analytics →
AI in cybersecurity operations: what it means for security teams?
Explore further
27/06/2026 2:19 pm
AI adoption in security operations is becoming an identity governance problem, not just an analytics problem. Once AI is used to prioritise, enrich, or act on security data, the controls that matter are identity scope, delegation boundaries, and auditability. That applies across human analysts, service identities, and emerging agentic workflows. Practitioners should treat AI-enabled security operations as an identity programme extension, not a separate technology silo.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months., according to The State of Non-Human Identity Security.
- A separate finding from the same research shows that only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: What do IAM and NHI teams need to monitor in AI-enabled security platforms?
A: Monitor which identities power the platform, what data they can access, and whether those permissions are still justified. AI-enabled security platforms should be recertified like any other privileged integration, with special attention to delegated access, service accounts, and emergency response rights.
👉 Read our full editorial: AI is reshaping cybersecurity operations beyond legacy email defense
