AI claims are low-cost: The problem is to work out what’s actual
AI safety tooling is already mainstream, and 2026 will solely amplify the noise. Anticipate extra ‘AI-washed’ claims, greater guarantees, and rising worry, uncertainty and doubt (FUD). The actual talent might be separating real functionality from intelligent packaging.
AI in safety isn’t a futuristic add-on anymore. It’s already embedded throughout instruments many organisations use each day: e mail safety, endpoint detection, SIEM/SOAR, id safety, knowledge loss prevention, vulnerability administration, and managed companies. Distributors have relied on machine studying for years; generative synthetic intelligence (GenAI) is just the most recent label caught on the entrance.
What modifications in 2026 is the story being offered. Boards are asking about AI. Procurement groups are including AI clauses. CISOs are below stress to be seen to “do one thing with AI”. That creates fertile floor for advertising and marketing: extra webinars, extra whitepapers, bolder claims, and a recent wave of “we are able to automate your SOC” pitches.
Alongside that comes the acquainted FUD cycle: attackers are utilizing AI, so for those who don’t purchase our AI, you’re behind. There’s a grain of reality – attackers do use automation and can more and more use AI – however it’s usually used to hurry patrons into instruments that haven’t confirmed they cut back danger in your setting. It’s the identical gross sales playbook as ever, simply sporting an AI trenchcoat.
A extra helpful strategy to body that is easy: in 2026 you’re not deciding whether or not to undertake AI in safety; you’re deciding whether or not a particular product’s AI options are mature sufficient that will help you with out introducing new danger. Some AI options genuinely save analyst time or enhance detection. Others are little greater than chatbots bolted onto dashboards.
So, the primary takeaway is a warning label: AI claims are low-cost. The onerous half is figuring out what’s actual and measurable versus what’s principally branding – and guaranteeing the push to look fashionable doesn’t quietly create new governance issues. These may embody knowledge leakage, mannequin danger, audit gaps, provider lock-in, or, in defence and CNI environments, new types of operational fragility.
Begin with outcomes and risk mannequin, not options. Anchor selections to your high dangers – id abuse, ransomware, knowledge exfiltration, third-party publicity, or OT/CNI constraints – and to the controls you genuinely want to enhance.
That results in the second precept: don’t purchase an AI cyber device as a result of it sounds intelligent. Purchase one thing as a result of it fixes an actual downside you have already got.
Most organisations have a small variety of recurring ache factors: alert overload, sluggish investigations, vulnerability backlogs, poor visibility of internet-exposed property, provider connections they don’t totally perceive, id sprawl, or logging gaps. When you begin with “we’d like an AI product”, you’ll decide distributors on demos and buzzwords. When you begin with “we have to cut back account takeover” or “we have to halve investigation time”, you may decide instruments on whether or not they ship that end result.
That’s what risk modelling means in plain phrases: what are you really making an attempt to defend in opposition to, in your setting? A financial institution will prioritise id fraud, insider danger, and regulatory proof. A defence provider might deal with IP theft and supply-chain compromise. A CNI operator might deal with availability and security as absolute constraints, with little tolerance for automation that might disrupt operations. The identical AI device could be a good slot in one context and harmful in one other.
Virtually, write down your high dangers and the few enhancements you need this quarter or yr, then check each gross sales pitch in opposition to that checklist.
For instance, a vendor guarantees ‘autonomous response’. It sounds compelling – till you realise your actual downside is incomplete id logging and endpoints that don’t reliably report. In that case, autonomy is lipstick on a pig. Outcomes first, options second.
It’s additionally price studying to identify hype patterns early. Pink flags embody obscure ‘autonomous SOC’ claims, no measurable enchancment in detection or response, shiny demos with no reproducible testing, black-box fashions with no auditability, and pricing that scales with panic somewhat than confirmed danger discount.
Purchase like a grown-up: governance, proof, and an exit plan. Demand proof by pilots in your setting. Ask for false-positive and false-negative knowledge, readability on failure modes, and proof the device reduces danger or effort – not simply produces nicer summaries.
Pay shut consideration to knowledge dealing with. Know what knowledge the device ingests, the place it goes, who can entry it, and whether or not it’s used to coach fashions. In authorities, defence, and CNI settings, a useful AI assistant can quietly turn into an unapproved knowledge export mechanism for those who’re not strict.
Accountability and auditability matter too. If a device recommends or takes motion, you need to be capable of clarify why – properly sufficient to fulfill audit, regulators, or prospects. In any other case, you’re buying and selling safety danger for governance danger.
Human oversight is crucial. Automation fails at machine velocity. The most secure sample is gradual: read-only, then recommend, then act with approval, and solely automate totally the place confidence is excessive and blast radius is low. Good distributors aid you design these guardrails.
Lastly, have an exit plan earlier than you signal. Guarantee you may extract your knowledge, keep away from proprietary black bins, and revert to earlier processes and not using a six-month rescue challenge. Don’t create a single level of failure the place monitoring or response relies upon fully on one vendor’s opaque mannequin.
In brief: show worth, management the information, maintain selections explainable, put people within the loop till belief is earned, make sure the device matches the way you really function, and be sure you can stroll away cleanly if the magic turns into mess.
