From reactive to resilient: How companies can use AI in cybersecurity

By Adeel Saeed

The surging use of generative AI has created a spy versus spy scenario for cybersecurity professionals.

Many of the companies I speak with are grappling with two sides of the same coin: How can we harness AI and generative AI tools in our defense? And how can we limit these same tools from exposing us to more risk—and being weaponized against us?

I offer five strategies to capitalize on these technologies for your blue team’s benefit—and to stay ahead of the would-be bad actors.

Shore up your defense

Kyndryl absolutely endorses responsible AI, and the effective management of the data on which these models are trained is inherent to any responsible AI practice.

At their core, generative AI tools function like creative search engines, which synthesize new content, ideas and insights that reference a model trained on a large corpus of existing material. These models make the tools themselves vulnerable to attack.

Therefore, robust data governance should be the first priority when deploying AI and generative AI in cybersecurity. Establishing stringent controls over data access and quality is critical to mitigating the risk of tampering or breach.

Your organization will also need to develop specific AI guidelines tailored to your unique use cases, industry standards and regulatory demands.

Innovation can and will flourish within these guidelines if the tenants of responsible use—such as ethical standards, bias detection methods and privacy protocols—become dogma to your team, providing a lens through which they can evaluate current and future strategies.

Accelerate threat intelligence

Behind every threat intelligence or security operation are security operation center (SOC) analysts, who function like quantitative analysts (quants) in the financial sector. Quants build algorithms to help identify what to buy or sell based on previous market movements.

SOC analysts build algorithms based on logs and incident reports to identify necessary cyber resilience actions.

In both cases, the algorithms created from historical data naturally take time to develop and test.

However, while deployment delays in finance may result in financial losses, in cybersecurity, they can lead to new incidents or breaches.

Integrating AI and generative AI in cybersecurity can markedly enhance the efficiency of SOC analysts by automating the labor-intensive aspects of their work, such as log data analysis and threat assessment. It can also fast-track the development of more advanced predictive models.

Shift from reactive to proactive

Traditionally, cybersecurity teams have been reactive, focusing on detecting threats and responding as swiftly as possible. Generative Al offers the opportunity to shift from this reactive security posture to a cyber resilience posture.

For example, consider a practice such as software patching. Patches are a routine part of software management but can also create compatibility issues—and vulnerabilities.

By analyzing log data, AI might be able to identify specific patterns in patches linked to previous incidents or breaches—such as the time or day of the week they were released—and generative AI could then guide decision-making.

Utilizing these insights to adjust the timing of patches—from very early morning on a Friday, say, to a less risky time like 3 p.m. on a Monday—can significantly improve how your team anticipates and mitigates potential threats. While this approach may not eliminate vulnerabilities, it does enable a more informed, proactive stance.

Manage the cyber skills gap

A recent report revealed a global shortage of nearly 4 million cybersecurity professionals.¹

AI and generative AI tools aren’t magic beans that will miraculously remedy this talent gap.

However, they can enhance the efficiency of cybersecurity professionals working today, streamlining routine tasks and improving daily operations.Let’s say cybersecurity professionals start their day by looking at events and catching up on alerts or threat intel. With advanced, predictive analytics tailored to user behavior, the necessary applications could be ready with summaries of this information at login.

Moreover, routine communications, like update emails to managers, could be pre-drafted by generative AI—automatically handling most of the content.

These enhancements may not be cyber resilience-specific, but they do hold the potential to make the daily responsibilities of cybersecurity professionals more manageable and efficient, allowing them to focus on strategic tasks.

Enhance security trainings

One of the most exciting opportunities for generative AI in cybersecurity is how these tools can help train analysts more effectively.

For example, organizations might challenge their analysts with threat scenarios using AI-driven simulations and tabletop exercises. These simulations—made more realistic through generative AI—could even be deployed without warning, testing and enhancing analysts’ skills in real-time.

Such proactive training can help ensure that your team is prepared and well-versed in dynamically deploying their skills when a real threat emerges.

Make the shift

If we can agree that AI and generative AI are beacons of a new era in enterprise computing, then taking a more proactive approach to cybersecurity—powered by these tools—is essential.

Making this shift can help your organization protect itself against AI-powered attacks and enhance and accelerate your existing security measures.

And that’s the definition of cyber resilience.

Adeel Saeed is VP and CTO of Global Security & Resiliency at Kyndryl.

¹  Tackling cybersecurity's global talent shortage. World Economic Forum. 2024.