What AI can do and what it can't in cyber security

Decoding the associated terms Decoding the associated terms

Often, if you read about AI you will hear it discussed interchangeably with two other concepts: Machine Learning and Data Science. These three terms are related, but not interchangeable:
Artificial Intelligence: A broad term related to how to make machines mimic human thinking and action.
Machine Learning: A subset of AI related to teaching machines how to learn from past data and create their own knowledge. 
Data Science: Various activities within data engineering that needs to be "taught" to a computer to enable machine learning. 
Once you see that AI is not about deploying a "general" intelligence that can handle every cybersecurity activity, it becomes clear that AI produces the most benefit for cybersecurity when it's deployed around data-heavy analytics-dependent activities such as:
Triaging: AI deploys historical patterns, clustering, association rules, and data visualisations to present human experts with fully triaged and enriched alerts.
Threat Hunting: AI does not require fixed rules to uncover the patterns, anomalies, and outliers that indicate unknown attacks.
Incident Analysis/Investigation: In the event of an attack, AI defines the impact of the attack, who the attackers are, what the attack chain looked like, and who was the attack's "patient zero".
Threat Anticipation: AI compiles terabytes of global threat data, applies it to each organisation's unique context, and proactively evolves their defences against likely incoming threats.
- Sunil Gupta is President & COO, Paladion