Cybersecurity ‘Doomed to Fail’ Without AI, Experts Say
▼ Summary
– Joe Slowik warned at Infosecurity Europe that defenders must use AI to keep pace with cyber threats, or they are “doomed to fail.”
– Human-focused security operations centers (SOCs) cannot adapt to accelerated adversary timescales, as attackers exploit vulnerabilities within days or hours.
– Slowik advocates rethinking security operations by using AI agents to gather intelligence and speed up reactions to attacks.
– AI-enhanced SOCs can compile reports and defend networks faster than human-only SOCs, as demonstrated with the React2Shell vulnerability.
– Humans remain essential in the SOC but must combine their decision-making with AI to align with adversary workflows.
The cybersecurity industry is facing a stark reality: without integrating artificial intelligence into defense strategies, organizations are essentially “doomed to fail.” This urgent warning comes from Joe Slowik, director of cybersecurity alerting strategy at Dataminr, who spoke at Infosecurity Europe on Tuesday, June 2.
During a session on the AI & Cloud Security Stage, Slowik argued that defenders must adapt to the accelerated timelines of adversaries. Organizations that continue to rely solely on a human-focused Security Operations Center (SOC) will find themselves left behind and dangerously exposed to cyber threats. The rapid adoption of AI by cybercriminals has fundamentally shifted the battlefield.
“We don’t have a choice anymore. Quite simply, when it comes to security processes, those which are human-in-the-loop driven, just don’t adapt to new adversary timescales,” Slowik explained. He added that the traditional model of a human analyst digging into an intrusion and providing a summary is “no longer practical” given the speed at which attackers now operate.
Threat actors are leveraging emerging technologies like AI, machine learning, and large language models (LLMs) to supercharge their attacks. This has dramatically compressed the window between a vulnerability being discovered and exploited. Where security teams once had time to assess their posture, Slowik noted that attackers can now weaponize new flaws within days or even hours.
“I say this as someone who was skeptical of machine learning: the time has passed for skepticism, human-only solutions are doomed to fail,” Slowik warned. He emphasized that strictly human-in-the-loop approaches cannot align with adversary lifecycles.
The path forward, according to Slowik, requires a fundamental rethinking of security operations. Defenders must enhance their workflows with AI, but this goes beyond simply deploying LLMs. For instance, using AI agents to gather intelligence on known vulnerabilities, identify the most exposed network elements, and determine the best protection methods can vastly accelerate response times.
“Instead of waiting until after the ransom notice has been delivered or the wiper malware has been deployed, you can improve and enhance your ability to get ahead,” Slowik said. He cited the React2Shell vulnerability as a prime example: adversaries exploited it within hours. A human-only SOC might have needed days to compile a response, while an AI-enhanced SOC could rapidly generate reports and defend the network in real time.
“From these enrichments, I can embark on an informed and accelerated remediation lifecycle, in real-time, alongside events to enhance improved decision-making processes,” Slowik noted. “Adversary operations from time to breach to time to objectives are accelerating. It’s a matter of fact defenders have to keep pace, this is not optional.”
Despite the emphasis on AI, Slowik stressed that humans remain indispensable. The goal is not to replace analysts but to augment them. Combining human judgment with AI assistance is the only viable way to keep pace with attackers who are doing the same.
“Humans will still definitely be making decisions, but assisted with AI to align with adversary workflows,” Slowik concluded.
(Source: Infosecurity Magazine)
