According to this expert, humans will continued to oversee and fine-tune strategies as intelligent automation does the grunt work
As the modern cybersecurity landscape is becoming more complex, traditional security methods, while still viable, are struggling to keep up. With its ability to process massive volumes of data in real time, AI can be a valuable asset to security teams.
However, the integration of AI in incident response introduces its own challenges. Adversaries may attempt to exploit AI vulnerabilities to bypass security measures or manipulate automated systems. This necessitates securing the AI models themselves against adversarial attacks and ensuring that human oversight remains in place to mitigate errors or unforeseen consequences.
CyberSecAsia.net interviewed Aneesh Jain, Chief Technology Officer, ThrivePass, to find the ins and outs of AI-powered incident response automation.
CybersecAsia: How is AI transforming incident detection and response in cybersecurity?
AJ: AI significantly reduces the time between threat detection and reaction. Traditional methods often fail to keep pace with modern threats because manual investigation and response are inherently slow, especially when managing vast amounts of data. AI-driven Security Information and Event Management (SIEM) systems address this gap by leveraging algorithms to detect anomalies and trends faster than humans can.
For example, once a threat is identified, AI can automatically initiate responses within seconds — such as isolating compromised endpoints, blocking malicious traffic, or alerting the appropriate personnel. This shift transforms security from a reactive to a proactive approach, enabling faster and more effective incident handling.
CybersecAsia: What role can AI play in threat intelligence and risk prediction?
AJ: AI can enhance threat intelligence by automating data analysis across diverse sources such as the open web, Dark Web, and internal systems. The volume of data required to comprehend the threat landscape is overwhelming, but AI simplifies this by identifying risks, categorizing them by severity, and even predicting possible attack vectors.
Through Natural Language Processing (NLP) and Machine Learning (ML), AI can be used to integrate insights directly into incident response protocols, enabling teams to prioritize high-risk threats and adjust defenses proactively.
This predictive capability can allow organizations to not only react swiftly but also anticipate and prepare for cyber threats.
CybersecAsia: How can AI be used to alleviate pressure on security teams and enhance human-AI collaboration to enhance cybersecurity?
AJ: The cybersecurity talent gap remains a critical challenge, with many professionals facing burnout due to the constant demand for threat detection and response. AI mitigates this by automating repetitive tasks such as triaging alerts, analyzing malware, and preparing post-incident reports. This allows human analysts to focus on complex, strategic decisions rather than time-consuming manual processes.
Despite the strengths of AI, we note that it complements rather than replaces human expertise.
AI excels at processing large datasets quickly, but humans provide critical thinking, intuition, and contextual understanding. For instance, while AI can detect anomalies, human judgment is essential to determine their severity and appropriate response. This partnership maximizes efficiency and ensures that AI-driven insights are both actionable and reliable.
CybersecAsia: What are the real-world applications and future challenges of AI in incident management and crisis response?
AJ: The impact of AI on crisis response is already evident across industries.
Financial institutions use it to monitor transactions in real time, identifying fraud within milliseconds. Healthcare organizations rely on AI to secure sensitive patient data and maintain compliance with regulations. However, AI adoption does present challenges.
Training AI models requires extensive and unbiased datasets… and explainability — the ability to understand AI decision-making process — remains a concern. Additionally, adversaries are developing techniques to mislead AI systems, posing new risks.
Despite these hurdles, AI continues to evolve, becoming more transparent, reliable, and adaptive. As AI systems advance, their integration into security operations will expand, potentially enabling more autonomous incident management with humans overseeing and refining strategies. The ability of AI to learn and adapt implies that it will improve over time, keeping up with the shifting threat landscape.
The future will most certainly see even more integration of AI into security operations, with AI taking on a more autonomous role in incident management as humans oversee and fine-tune strategies.
CybersecAsia thanks AJ for sharing his professional insights on AI-powered incidence response
