Defensive AI and alert overload: what security teams need now

TL;DR: Research with 125 security and AI leaders by Osterman Research shows defenders are already using behavioural AI and automation to reduce fatigue, improve accuracy, and respond at scale while attackers use generative AI and GANs to press offensive advantages, according to Abnormal AI. The shift is less about tool adoption and more about whether security programmes can absorb AI without creating new governance blind spots.

NHIMG editorial — here’s why we think this discussion matters

By the numbers:

• Research with 125 security and AI leaders by Osterman Research underpins the practical findings shared in this session.
• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.

Questions worth separating out

Q: How should security teams introduce defensive AI without losing control of security decisions?

A: Start by limiting AI to clearly scoped tasks such as enrichment, clustering, and recommendation, then keep humans responsible for any action that changes access, containment, or investigation outcomes.

Q: When does automation in security operations create more risk than it removes?

A: Automation becomes risky when it hides weak triage logic, bypasses review, or acts on alerts that are not well understood.

Practitioner guidance

• Define human approval points for AI-assisted triage Document which alert classes can be auto-enriched, auto-routed, or auto-closed, and require human review for any event that could affect access, containment, or disciplinary action.
• Map automation to explicit stop conditions For every automated workflow, record the trigger, the allowed action, the rollback path, and the condition that forces escalation to an analyst.
• Require auditability for AI recommendations Store the evidence, model output, and final decision together so security and identity teams can reconstruct why a response happened after the fact.

What to expect at the briefing

Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:

• Research findings from 125 security and AI leaders by Osterman Research, including how practitioners are prioritising defensive AI adoption.
• Practical examples of where behavioural AI is already reducing fatigue and improving response quality in live security operations.
• Discussion of how attackers are using generative AI and GANs to gain an edge, with implications for detection and response planning.
• Guidance on aligning AI investments with a security roadmap rather than treating AI as a standalone tooling decision.

👉 Watch Abnormal AI's on-demand webinar on using AI for defensive cybersecurity →

Defensive AI and alert overload: what security teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →