AI and the role of cyber-security

When cyber-security teams first embraced AI, the promise was clear: reduce manual toil, streamline workflows, and let analysts focus on the threats that truly matter. In practice, the reality looks very different. Across IT and security operations, AI adoption has quietly transformed skilled analysts into supervisors of the very tools designed to make their jobs easier. Instead of freeing teams, AI often demands constant monitoring, correction, and explanation, a phenomenon I call the “AI babysitting” problem.

 

The frustration is understandable. Modern IT environments are already complex, with fragmented systems, expanding data volumes, and ever-growing attack surfaces. Analysts were expected to manage this complexity with lean teams. AI entered the picture with the promise of intelligent automation, yet many organisations have seen a proliferation of alerts, dashboards, and summaries that require human validation. The work has not disappeared; rather, it has shifted from solving incidents to babysitting machines.

 

Lost context and alert fatigue

Dashboards and AI-generated summaries illustrate the challenge well. Designed to surface insights, they often break context at the moment it matters most. An alert fires, a summary appears, but the supporting data and relationships are scattered across multiple systems. Analysts do not simply review what AI reports; they reconstruct the context, validate assumptions, and trace the logic behind each recommendation. When summaries prioritise narrative over evidence, the job becomes one of translation rather than investigation. The result is slower response times, greater cognitive load, and a growing risk that genuine threats will slip through the cracks.

 

Alert fatigue has not disappeared; it has been repackaged. AI may reduce the number of low-priority notifications, but it can also introduce complex, “insightful” alerts that require far more effort to evaluate. Without transparency into thresholds, contributing signals, or operational context, each alert demands manual verification. Analysts end up spending more time proving what they already suspect, while attackers move faster, exploiting gaps that humans can no longer address in real time.

 

The operational reality gap

The impact is especially acute for lean teams, where even small inefficiencies compound rapidly. In these environments, AI tools that fragment data paths or require parallel consoles create operational friction instead of relieving it. Unified data practices, where logs, asset information, and vulnerability context are connected, are critical. AI can accelerate correlation and pattern recognition, but only when it operates within the flow of real-world workflows, not alongside them as a separate, opaque system.

 

Ultimately, the challenge is not the technology itself – it is how AI has been deployed. Analysts are paying the price because operational reality has not caught up with adoption. Supervision and verification dominate the day-to-day, creating security debt that quietly accumulates. Over time, confidence erodes. Teams stop trusting tools, leaders stop trusting metrics, and manual workarounds become policy.

 

Augmentation over automation

The path forward is clear: AI should augment human expertise, not replace it. It should accelerate decision-making, connect insights directly to data, and remain explainable at every step. Workflows must prioritise investigation over presentation, ensuring that context, evidence, and relationships remain visible and actionable.

 

AI adoption has not failed IT and security teams because the technology is flawed. It has failed because too much of it was deployed without respect for analyst experience. When AI demands more supervision than it delivers speed, skilled professionals become babysitters. When it erodes context instead of reducing effort, it creates risk while masquerading as progress.

 

The next stage of AI adoption will not be defined by smarter models alone. It will be defined by tighter workflows, clearer evidence, and systems that lower cognitive load instead of simply shifting it elsewhere. Teams that get this right will not need to talk about AI at all. Their analysts will close work faster, make decisions with confidence, and leave work on time.

 

That result is far more meaningful than another dashboard or summary; it is the point of automation done right.

 

---

 

Kimber Spradlin is Chief Marketing Officer at Graylog 

 

Main image courtesy of NoteGPT