Post

AI and the Security Landscape: An Introduction

AI is changing security faster than most of us can comfortably track. This is the start of a series where I try to think through what that actually means — honestly, practically, and without the hype.

AI and the Security Landscape: An Introduction

What this series is

Over the coming weeks and months, I’m going to work through the major ways AI is intersecting with security — as an attack tool, as a defensive capability, as an organizational challenge, and as a set of ethical questions that the industry hasn’t fully reckoned with yet.

The topics I’m planning to cover, in roughly this order:

  • AI as an attacker tool — phishing, deepfakes, automated reconnaissance, polymorphic malware, and the lowering of the skill floor for bad actors
  • AI as a defender tool — behavioral detection, alert triage, threat intelligence, and where AI genuinely helps versus where it’s just a marketing slide
  • The murky middle — things like automated red teaming and prompt injection that don’t fit cleanly on either side of the line
  • The skills gap — what AI actually changes about what practitioners need to know, and how to keep up without losing your mind
  • Privacy and ethics — surveillance creep, bias in detection systems, accountability gaps, and the governance questions nobody wants to have
  • The bigger picture — where this is all heading and what it might mean for the profession

That’s a lot of ground. I’m not going to rush it. Some of these topics probably deserve multiple posts. Some will evolve as things change — and things are changing fast enough that I fully expect to write something, publish it, and have it partially outdated within a few months. That’s fine. The goal isn’t a definitive reference. It’s a running conversation.

Why I’m writing this

Partly because writing is how I think. If I’m going to spend serious time working through a topic, I’d rather do it in a form that might be useful to someone else.

But mostly because practitioners need more honest, ground-level takes on AI in security — fewer hot takes, fewer vendor whitepapers dressed up as analysis, fewer breathless predictions about how AI will either save us or end us depending on which newsletter you read that morning.

From where I sit, the reality is more interesting and more complicated than either of those narratives. AI is a genuine capability shift for attackers and defenders both. It introduces real risks we haven’t fully mapped. It also opens up possibilities that would have seemed far-fetched a few years ago. I think that complexity is worth taking seriously rather than collapsing into a simpler story.

What this series is not

It’s not a vendor comparison. I’ll mention tools when they’re relevant, but this isn’t a buyer’s guide. It’s not academic either — I’m a practitioner who reads a lot and tries to apply things in the real world, not a researcher.

It’s not doom and gloom, and it’s not uncritical enthusiasm. If I had to label my overall stance, it would be cautiously optimistic with eyes open — which is, I’d argue, the right place to stand when a technology this significant lands in a field where the stakes are this concrete.

And it’s not finished. This is a series in progress, written as I learn and think. I’ll probably get some things wrong. I’ll update my thinking when I do.

A word on the moment we’re in

Security has always rewarded adaptability. The attack surface has never been static — new techniques, new categories of vulnerability, new ways for things to go wrong appear on a regular enough cadence that keeping up is a permanent condition of the job, not a temporary inconvenience.

AI doesn’t change that dynamic so much as it dramatically accelerates it. The gap between a new capability emerging and that capability being weaponized is compressing. Attacks that used to require real resources and skill are getting cheaper and faster. And the tools available to defenders are genuinely getting smarter in ways that matter — which is the part that tends to get lost in the doom-scrolling.

It can feel like a lot. Especially when you’re also trying to do the actual job: the incidents, the alerts, the compliance requirements, the meetings, all of it.

My honest take is that you don’t need to understand everything. You need to understand enough to make good calls and recognize when something important is happening that deserves your attention. That’s always been true. AI just makes it more important to be deliberate about it, because the surface area got a lot bigger.

That’s what this series is about. Not mastery — just honest engagement with something too important to ignore and too complicated to fit in a listicle.

Let’s work through it together.


This is the first post in the AI and the Security Landscape series. The next post will cover AI as an attacker tool — how it’s changing what we’re up against and what that actually means for practitioners.

This post is licensed under CC BY 4.0 by the author.