3 min Security

Security teams want to adopt GenAI, but aren’t doing it yet

Security teams want to adopt GenAI, but aren’t doing it yet

GenAI is in demand among security professionals, even though the vast majority have not yet made up their minds. What is clear, however, is that there’s a strong preference for AI tools made by cybersecurity vendors, not by others.

That’s according to a report from CrowdStrike in its 2024 State of AI Survey. Said survey consisted of 1,022 respondents, mostly in North America (77 percent). 61 percent are managers or security practitioners, while 28 percent work at the Director level and 11 percent are in the C-Suite or are VP. A wide range of industries are represented in this group, from manufacturing and healthcare to telcos and retail.

An AI platform (from a security player)

First, respondents indicated that a platform approach is desirable. This is just as well, as security venders are moving to this approach en masse. So we recently spoke with twelve security parties about what they mean by a security platform. Obviously, AI is a topic that comes up quickly, encapsulated in an umbrella system that processes signals from other solutions and responds to them.

Tip: The security platform: what is it and what does it deliver?

The integration of GenAI tooling into security solutions is no. 1 on the wishlist of those surveyed. 80 percent want it to be part of the security platform they purchase. In addition, 63 percent are willing to switch to another party to find the GenAI solution they want, meaning vendors should be keen to introduce said integration. Still, this is a matter that’s going to be hotly contested: GenAI tools have only been purchased and/or already deployed by 6 percent, 11 percent have made a choice, 18 percent are still testing and evaluating, 29 percent are researching at an earlier stage and 32 percent are still just learning about them. In short, few organizations are already really working with GenAI within their security platform.

Clear wishes

However, the desires are clear: GenAI should be served up by those in the cybersecurity industry. Unleashing an AI solution on a security stack separate from a security vendor is therefore out of the question for those surveyed. In addition, IT professionals are not thinking of AI replacing them or their coworkers, instead seeing GenAI as an addition for better security.

What’s still unclear is whether GenAI is cost-effective to purchase within the context of cybersecurity. That unanswered question is the most prominent concern among those surveyed, while the ultimate cost and the existence of unpredictable pricing models are also stumbling blocks.

Those who do end up deploying GenAI have a bunch of headaches to overcome. For example, security specialists touch on the fact that sensitive data can be leaked by LLMs, and as such, the surveyed professionals also see GenAI as an attack tool for cybercriminals, and a lack of guardrails for GenAI tooling is a concern as well. AI hallucinations and a lack of public policy complete the list of concerns among those surveyed.

Also read: Crowdstrike and Omnissa merge solutions into one package