Humans at the Center of AI Security

Whenever the conversation turns to AI’s role in cybersecurity, one question inevitably surfaces — sometimes bluntly, sometimes between the lines: “If AI can spot patterns faster than I can, will it still need me?”

It’s a fair question — and one that reflects a deeper anxiety about the future of security careers. AI is everywhere now: embedded in email gateways, SOC workflows, identity systems, and cloud defenses. But here’s the truth: AI isn’t erasing security roles. It’s reshaping them.

The real risk isn’t replacement — it’s readiness. Too often, organizations fail to prepare people to work effectively alongside AI. Research has found that 40% of workers struggle to understand how to integrate AI into their jobs, and 75% lack confidence in using it.

From my vantage points as a CIO, the question isn’t “Will AI replace my team?” The real question is “How do I keep humans at the center of AI-driven security?”

AI Is Reshaping Cybersecurity 

AI isn’t just a buzzword — it’s already transforming how security teams operate. Analysts are using tools with built-in agents and AI assistants that handle tasks such as pulling signals from various data sources, stitching together related alerts, and summarizing long tickets. This ensures teams across different regions view incidents with consistent context and speed.

In other words, AI delivers scale and velocity that humans alone cannot match. But the ultimate decisions? Those still rest with people.

This shift redefines the division of labor between humans and machines, amplifying the value of human judgment. AI should handle repetitive, time-consuming tasks so people can focus on strategic, higher-value, and impactful work. That only happens if people invest in three things: governance, literacy and collaboration.

Governance that Protects Data and Fuels Innovation

AI runs on data, and data is one of the most important assets any security team protects. That’s why governance isn’t optional — it’s foundational. Organizations should establish a cross-functional AI council that brings together legal, compliance, security, and business leaders. This council should meet regularly with a clear mandate: 

1. Review AI projects
2. Monitor emerging regulations
3. Adjust controls as risks evolve

Two guiding principles should shape every decision:

1. Protect the data. 

Meter or block sensitive flows to AI tools, including security telemetry, customer information, and intellectual property. Guardrails must be strong enough to prevent leaks without slowing critical operations.

2. Enable innovation. 

Overly rigid controls can stifle legitimate experimentation by product and engineering teams. Governance should strike a balance between setting clear boundaries while empowering authorized personnel to explore AI’s potential safely.

Raising AI Literacy Across the Organization

Even the best AI strategy will fail if people are afraid to use the tools or do not know how to use them well.

Studies have predicted that rapid technological change, evolving work models, and new AI-driven priorities will force organizations to adjust. At the same time, employees must learn new skills to keep up. People hear about AI in the news and may use a chatbot in their personal lives, but they do not always know what it means for their day job or what best security practices to follow.

Organizations should also implement an AI training program tailored to their employees across all business functions. Most employees can use AI chat for everyday tasks. A smaller group, with more training and clear rules, can build agents. Don’t ask a nontechnical employee to take the same course as an engineer. Instead, the program offers different paths that match various levels of comfort and responsibility. 

Along with improving productivity, it’s all about hardening your security posture. People who understand AI ask better questions. They know which data they can share and which data they must never paste into an unmanaged tool.

Turning Employees into Co-Designers of AI-Enabled Workflows

AI security works best when frontline teams help design how it fits into daily work.

Companies should build an AI roadmap for their function and name AI champions within their organization. These champions understand both the business and the technology and are curious about new ways of working. They help identify use cases and guide colleagues through early experiments.

Hackathons have been especially effective. Instead of limiting them to engineers, it’s important to also open them to finance, HR, and other functions. Participants can use internal AI tools to solve everyday problems, such as analyzing exit surveys or improving internal processes. Hackathons can also focus on faster alert triage, better incident documentation, or smarter analysis of phishing reports. When analysts and responders help design those workflows, they trust the outputs more and are more likely to use the tools in real incidents.

It helps to remember the difference between automation and augmentation. Automation replaces a task. Augmentation enables analysts to do things they could not do before, such as exploring an entire attack path across multiple systems in seconds.

Keeping Humans at the Center

AI is permanently changing how security pros work, and they are asking for alignment and upskilling. Security leaders need governance that protects critical data while still enabling the testing of new ideas. Organizations should also offer employees the training they need to use AI safely and with confidence while bringing them into the design process — so AI-enabled workflows reflect how work actually gets done.

When leaders take this approach, AI becomes a force multiplier. It handles the heavy lifting while teams continue to bring judgment, creativity, and leadership to every decision.