Notifications
Clear all
Topic starter
27/06/2026 1:10 pm
TL;DR: In an Innovate 2025 on-demand session, Lamont Orange and Dan Shiebler discuss how security leaders can distinguish genuine AI capability from marketing claims, and why measurable operational impact matters more than labels in modern threat defence, according to Abnormal AI. The governance test is whether AI changes security decisions, response quality, and resilience rather than simply adding automation.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams evaluate whether an AI security tool is real or just marketing?
A: Security teams should ask whether the tool changes measurable outcomes such as detection quality, triage speed, or decision accuracy.
Q: What is the difference between true AI and security automation?
A: Security automation follows predefined rules and workflows, while true AI adapts to changing input and can improve judgement under uncertainty.
Practitioner guidance
- Define the outcome you expect from AI Write the security outcome in operational terms, such as faster triage, better detection precision, or improved analyst prioritisation.
- Separate automation from AI Review whether the capability is rule-based workflow automation or a system that adapts to changing input patterns.
- Demand evidence tied to control decisions Ask for examples that show how model output changes a control decision, not just a dashboard view.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The discussion between Lamont Orange and Dan Shiebler on how security leaders separate genuine AI capability from marketing language.
- The webinar framing on how AI can make a measurable impact on threat defence and security operations.
- The source details on what practitioners should look for in AI-driven solutions before trusting them in production.
- The on-demand viewing and ISC2 CPE eligibility information for teams that want to consume the session directly.
👉 Watch Abnormal AI's on-demand webinar on true AI versus marketing hype →
True AI in cybersecurity: what actually matters for security teams?
Explore further
27/06/2026 2:23 pm
True AI is a governance question before it is a technical one. Security leaders are not just buying a model, they are deciding whether a system can be trusted to influence security decisions under changing conditions. If the answer is no, then the AI label is operationally irrelevant. Practitioners should evaluate AI as part of control design, not as a branding exercise.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- DeepSeek accidentally embedded over 11,000 secrets in its training data and left a database exposed online, revealing more than one million sensitive records including chat histories, backend credentials, and API keys.
A question worth separating out:
Q: Why do AI claims create risk in identity and security governance?
A: AI claims can create a false sense of readiness if teams assume advanced capability without verifying outcomes. That can lead to weak oversight, poor procurement decisions, and misplaced confidence in tools that do not materially improve access control or threat defence. Governance should require evidence, not branding.
👉 Read our full editorial: True AI in cybersecurity: separating impact from marketing hype
