AI Resilience Report forInformation Security Analysts

Some core duties of security analysts – like scanning for new viruses or sifting through massive logs – are increasingly aided by AI tools. For example, Microsoft has built an AI system (Project Ire) that can automatically break down software and identify malware on its own ^[1]. In tests it was able to correctly flag dangerous files 98% of the time ^[1], a task that humans used to do manually.

Likewise, security platforms now include AI “agents” to handle high-volume tasks. One report notes Microsoft’s new Security Copilot adds 11 AI agents focused on tight-turn tasks – one hunts phishing emails, another drafts breach-notification letters – freeing analysts from repetitive work ^{[2] [2]}. Cybersecurity experts also point out that AI can “continuously analyze vast streams of telemetry” to spot real threats in the noise ^[3].

In other words, browsing threat feeds and alerts – like deciding when to update virus definitions or shut down a bad login – is often automated with AI today.

By contrast, tasks that need human judgement or teaching tend to stay with people. Writing or updating security policies still relies on human review (though AI helpers might draft outlines), and most user training and counseling remain human-led for now. If an AI flagging system learns too aggressively, for example, analysts step in: Microsoft’s system lets analysts review an AI’s decision (an “explainability” map keeps humans in the loop) and even override it if needed ^[2].

In short, AI tools are strong at handling large data and routine alerts, but people still manage, interpret, and communicate the outcomes.

Organizations are motivated to adopt AI in security for several reasons. There is a global shortage of trained security analysts, so many experts see AI as a way to ease that gap. (One survey found U.S. employers have staff for only 83% of open cyber jobs ^[2].) High alert volumes – imagine teams getting thousands of security warnings a day – make AI appealing: it can quickly triage routine alerts, letting analysts focus on the most important problems ^{[2] [3]}. Moreover, even small efficiency gains can pay off because data breaches are very costly; analysts note that “AI-driven productivity” can boost security without needing a bigger team ^{[3] [2]}.

However, adoption isn’t without hesitation. Some organizations worry about trusting AI decisions in security. For instance, Microsoft used an internal “red team” to test its AI security agents before releasing them ^[2], highlighting caution.

Experts also warn that AI outputs need careful oversight – about 45% of AI-generated code can have flaws ^[3] – so humans must still check AI work. Privacy and legal rules can also slow things down, since AI systems often need data logs (which may be sensitive). In short, companies weigh the high potential of AI with the need for human control and ethics.

Overall, the trend is one of augmentation, not replacement. AI is already handling many repetitive monitoring and alerting tasks (making security work more efficient ^{[2] [3]}), while humans continue to add value through judgment, communication, and policy. This means security analysts can look forward to using AI as a helpful assistant.

By focusing on skills like strategy, communication, and creative problem-solving – things AI can’t easily do – people remain at the heart of cybersecurity even as the tools evolve ^{[3] [2]}.