In today’s rapidly evolving technological environment, artificial intelligence (AI) is transforming the security landscape for enterprises worldwide.
Paul Stokes, whose 7-year-old company Prevalent AI provides a “security data fabric” and exposure management solutions to major banks, telecommunications, and insurance companies, is at the forefront of this transformation.
With approximately 150 employees, his firm helps large enterprises manage and make sense of their security data.
This comes at a critical time when, according to recent Microsoft data, security teams face overwhelming challenges – including 7,000 password attacks every second and over 30 billion phishing emails targeting Microsoft customers in 2024 alone.
As organizations generate massive amounts of data across various systems, the need for sophisticated security solutions has never been more critical.
The Challenge of Data Integration
One of the most significant challenges facing large enterprises is managing the vast quantities of security data generated by different tools and systems. According to Stokes, the key is bringing this data together effectively.
Effectively we provide [clients] with an ability to take the data that is in their organisation generated by all the different products and vendor tools they use…We bring it all into a single place. We remove all of the noise. We clean up the data and we put it in what’s called a knowledge graph.
This approach allows organizations to visualize relationships between different data points, creating a comprehensive view of their security landscape that might otherwise remain fragmented across various systems.
The approach aligns with the industry’s move toward more intelligent security solutions, as evidenced by Microsoft’s recent expansion of its Security Copilot with autonomous AI agents designed to handle routine security tasks across their platform.
Beyond the AI Hype: A Balanced Approach
While AI dominates headlines, security experts suggest that a more nuanced approach to data science may yield better results in many cases. Stokes emphasizes this point:
The whole of our approach is based on different data science approaches of which AI is obviously one of them, but also machine learning and statistical approaches, a whole range of different data science approaches… you don’t always need the sledgehammer to solve some of the problems, so we use a range of approaches to solve the different problems depending on what it needs.
This pragmatic perspective suggests that companies might benefit from deploying a range of data science approaches – including machine learning, statistical analysis, and AI – depending on the specific security challenge they face. Such flexibility could potentially lead to more cost-effective and precise solutions than relying solely on cutting-edge AI models.
This balanced view is crucial as organizations navigate the AI security landscape, where according to Microsoft’s recent report, 57% of organizations have already seen an increase in security incidents related to AI usage.
The Talent Equation
The growth of AI security presents both challenges and opportunities in the talent market. Companies are increasingly looking beyond traditional technical roles to build effective AI security teams.
We’re interested in people who understand security because to understand how AI is going to help a customer’s got a security problem, you need to understand why, you know their problem. Companies that are successful are the ones who have got an ability to use AI. But they are applying it to problems that they…have deep understanding domain wise.
Interestingly, Stokes highlights an emerging trend in hiring practices that could reshape the security industry:
The other skill set that I think is…massively underrated but is becoming, I think, more recognised is not that stem style skills, which are obviously very important…but the more liberal arts style skills say the English, the philosophy, being able to understand how to ask questions about a problem and reason.
This perspective on talent aligns with the industry-wide security skills gap that companies like Microsoft and Cisco are trying to address with their AI-powered security tools. As AI agents take over routine security tasks, human security professionals may need to develop more strategic and analytical skills rather than purely technical ones.
Looking Ahead: Potential Trends and Threats
In terms of cybersecurity threats, organizations will likely face more sophisticated attacks that only AI-powered systems can effectively detect. However, attackers might also employ AI to create more convincing phishing attempts, potentially leading to a technological arms race.
As AI handles routine security tasks, the nature of security roles may shift toward oversight and strategic decision-making.
Organizations that balance technical innovation with domain expertise, while building diverse teams that include both technical and humanities perspectives, will likely be best positioned to address tomorrow’s security challenges.
