Much has been written about the threats artificial intelligence (AI) can pose to an organization's security, but the technology can be transformative for security teams as well, helping them tackle the key challenges they face. In recent keynote speeches at BSides and RVAsec, Caleb Sima, chair of the Cloud Security Alliance's AI Security Alliance, highlighted how AI can revolutionize cybersecurity by taking on key challenges facing security operations center (SOC) teams.
SOC teams face persistent challenges in areas as varied as vulnerability management, detection, compliance, measurement, third-party incidents, and least privilege, as Sima noted in his talks. He added that solutions to those challenges are impeded by issues involving coverage, context, and communication. But all of those challenges can be addressed by AI, Sima stressed.
Here are highlights from Sima's talks — along with important insights from other experts about how to put AI to work on improving your cybersecurity posture.
[ See Webinar: Do More With Your SOAR: Enhance Your SOC With Threat Intelligence Enrichment ]
With today's threat landscape, it's a matter of scale
With rising threats such as software supply chain security (SSCS) being exacerbated by attackers' use of AI, security teams have to expand coverage, and AI's ability to scale is the key to success. Vulnerability detection and response can be automated, along with status reports and the tracking of security metrics such as privilege reduction. AI can also prioritize vulnerabilities based on their severity, potential impact, and exploitability, ensuring that the most critical issues are addressed first, and it can make recommendations for remediation. Such assistance would have greatly helped avoid some high-profile breaches of the past, Sima said. "It’s highly likely that in most successful attacks, we actually saw the event, but no one looked because it was buried among the countless medium and low alerts."
"Coverage, in my opinion, is responsible for 99% of breaches. It’s all about width and depth. It’s not a matter of having the technology to detect an issue, but rather being there to see it and not letting it fall through the cracks. Coverage makes the biggest impact."
—Caleb Sima
He explained that your organization could use AI to analyze every engineering discussion, requirements document, and code commit for security-related issues, allowing you to "significantly improve your coverage and make a substantial difference in your security posture."
Create context with AI for more actionable outcomes
SOC teams face information overload, making it difficult for them to synthesize information. AI can help by analyzing the context of each vulnerability, considering factors such as how critical a system is to an organization, the data it handles, and the current threat landscape, Sima said.
"A single vulnerability alert in a dashboard requires a massive amount of work, like an iceberg underneath the water. This is why things don’t change, because we have thousands of these icebergs to deal with. Context is critical and applies to everything."
—Caleb Sima
Context is the most challenging aspect, but it’s also one of the most feasible to address with AI today, Sima said. "You can create oracles of information where AI agents can communicate with each other, pull relevant information, synthesize it properly, and present it in a meaningful way."
"ChatOps, which is making a comeback, can be a real game changer when combined with AI. If you need context, an AI can engage in a conversation with an engineer via Slack, ask follow-up questions, gather data, synthesize it, and send it back. This is not only possible, but it's already being done today."
—Caleb Sima
AI can also improve communication by tailoring data for audiences. AI takes the data, synthesizes it, formats it, and translates it for the intended recipients.
"At its core, communication is about translation. It’s about translating a version of the truth to another person or system, whether it’s through reports, system-to-system communication, or interactions with auditors, regulators, and partners. It’s about presenting a version of the truth to different audiences in a meaningful way."
—Caleb Sima
Integrate AI with your SecOps tools
Others in the industry have advice on getting the security benefits of AI. In the coming months, organizations will increasingly be making AI-enabled tools a top priority because of the clear benefits. Making those new tools work with your team's existing tools is key, said Amit Zimerman, co-founder and chief product officer at Oasis Security. "To successfully integrate AI-enabled security tools and automation, organizations should start by evaluating the effectiveness of these tools in their specific contexts," he said.
"Rather than being swayed by marketing claims, teams should test tools against real-world data to ensure they provide actionable insights and surface previously unseen threats. Existing security frameworks may need to be updated, as older frameworks were designed for non-AI environments. A flexible approach that allows for the continuous evolution of security policies is critical."
—Amit Zimerman
While AI has become common in tools such as SIEM (security information and event management), in 2025 generative AI will augment nearly every layer of cybersecurity, from endpoint protection to threat intelligence, said Steve Wilson, chief product officer at Exabeam.
“The ubiquity of these systems will enable a much more dynamic and resilient security posture, able to address complex threat landscapes with speed and precision."
—Steve Wilson
Broaden your training programs for the AI era
To prepare for that trend, organizations should invest now in AI security certifications and frameworks, positioning themselves to meet emerging regulatory and compliance requirements around AI in cybersecurity, Wilson said. This foundation will be key as more AI systems are integrated across security architectures, he stressed.
Expanding AI capabilities within security teams will run into a problem now facing the entire industry, Zimerman said. "There is currently a shortage of AI security skills, and this is a trend to watch in the year to come."
"To address the shortage of AI security skills, organizations need to invest in upskilling their teams through dedicated AI security training programs. These programs should focus on both foundational AI security knowledge and emerging threats like prompt injection."
—Amit Zimerman
Partnering with universities and industry certification bodies to develop standardized curricula can help bridge the gap, Zimerman said. And by encouraging cross-functional collaboration between AI specialists, security professionals, and software engineers, teams can stay ahead of evolving threats. "Implementing AI security tools that provide real-time threat detection and learning capabilities can also alleviate the skills gap by automating the identification of vulnerabilities like prompt injection," he said.
AI can revolutionize your cybersecurity approach
In the future, AI-powered security will provide detailed context for alerts, automate vulnerability fixes, and streamline access requests — and has the potential to automate status reports and simplify tracking of security metrics like privilege reduction, Sima stressed in his recent talks:
"AI can revolutionize the way organizations approach security challenges, particularly in the areas of context, coverage, and communication, he maintained, and it has the potential to make their security journeys easier and more effective."
Keep learning
- Learn how to do more with your SOAR with our Webinar: Enhance Your SOC With Threat Intelligence Enrichment.
- Get schooled by the lessons of Layer 8: See Dr. Jessica Barker on The Human Elements Driving Cyber Attacks.
- Go deep on e-discovery with our Webinar: Strengthening Malware Defenses in Legal Firms.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.