* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/)
* Beyond the Hype --- Where A...

# Beyond the Hype --- Where AI Can Shine in Security

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F01%2Fwhere-ai-can-shine-in-security%2F)  
[](https://twitter.com/share?text=Beyond+the+Hype+%E2%80%94+Where+AI+Can+Shine+in+Security&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F01%2Fwhere-ai-can-shine-in-security%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F01%2Fwhere-ai-can-shine-in-security%2F&title=Beyond+the+Hype+%E2%80%94+Where+AI+Can+Shine+in+Security&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2024/01/where-ai-can-shine-in-security/&ts=markdown)  
\[\](mailto:?subject=Beyond the Hype — Where AI Can Shine in Security)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
Jan 24, 2024  
5 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown)  
[AI's Impact in Cybersecurity](https://www.paloaltonetworks.com/blog/tag/ais-impact-in-cybersecurity/?ts=markdown)  
[Interview](https://www.paloaltonetworks.com/blog/tag/interview/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)  
![](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/audio-icon.svg)  
Jesse Sampson --- Dynamic Threat Landscape  
*00:00* *00:00*  
Volume Slider  
10s 10s  
10s 10s  
Seek Slider

*["AI's Impact in Cybersecurity"](https://www.paloaltonetworks.com/blog/tag/ais-impact-in-cybersecurity/?ts=markdown) is a blog series based on interviews with a variety of experts at Palo Alto Networks and Unit 42 with roles in AI research, product management, consulting, engineering and more. Our objective is to present different viewpoints and predictions on how artificial intelligence is impacting the current threat landscape, how Palo Alto Networks protects itself and its customers, as well as implications for the future of cybersecurity.* *In our recent interview with Jesse Sampson, a consulting manager at the renowned Unit 42 Threat Intelligence[and research organization](https://unit42.paloaltonetworks.com/), we explored the dynamic threat landscape.*

Artificial intelligence (AI) intersects with the defense against cyberthreats. Sampson's experience and insights shed light on the transformative potential and challenges associated with integrating AI into the cybersecurity paradigm.

## The Proliferation of AI Tools in Cybersecurity

Sampson's deep understanding of AI's role in cybersecurity is evident in his observations of the widespread adoption of AI-powered tools. He foresees a trajectory where the rising demand for AI skills and training programs will lead to the creation of an increasing array of tools designed to harness algorithms efficiently. According to Sampson, this proliferation is not solely in tool creation, but also in AI's capacity to manage and analyze the extensive data and alerts generated by these tools. It's a crucial need in making the flood of information actionable and meaningful for security practitioners. He predicts, "There are going to be more and more tools that get created to utilize algorithms, as well as the need to sift through all the outputs of all those different tools in a way that's meaningful and actionable."

While acknowledging AI's potential, Sampson remains pragmatic, assessing the current trends in AI technology, particularly in the context of generative AI and large language models (LLMs). He suggests that the initial enthusiasm and exuberance surrounding these models might gradually recede as their limitations and actual applications become more apparent. This is similar to the evolution observed with prior AI technologies, he explains:

*"I think that we're going to start seeing those types of models go down the hype curve a little bit, as we see with other technologies that have been part of AI's history. At one time, deep neural nets were supposed to be the gateway to artificial general intelligence, and they were going to solve everything. And, it turned out that they were really good at identifying images of cats. They're also pretty good at finding malware, but they can't do everything. It's not a miracle tool that's going to change all of industry and revolutionize everything. And, I think that we've found the same thing is true with LLMs. So, I think we're going to get out of the hype cycle piece of maturity and into the, 'okay what really is the sweet spot for this new newest technology?'"*

## AI's Dark Side --- Potential Misuse and Threats

Sampson's conversation also veers into the potential darker aspects of AI integration in cybersecurity. He expresses concerns about the misuse of AI for social engineering purposes, highlighting the rising threat of deep fakes and sophisticated phishing attempts that leverage AI-generated content. Sampson warns about the potential sophistication of attacks, including voice cloning and tailored social engineering as AI capabilities are harnessed by malicious actors.

Delving into the defensive strategies, Sampson emphasizes the proactive steps necessary to safeguard AI models from adversarial attacks and data manipulation. He underscores the significance of continually monitoring data quality, pipeline integrity and detecting anomalies within the training data -- a crucial aspect in fortifying AI against potential vulnerabilities and manipulations. Sharing some of the questions to consider around data model integrity, Sampson further states:

*"You have to monitor the regular stuff. I think this is the main thing you need to do to ensure data quality for a good model. Get a really good understanding of where your training data is coming from, and what that pipeline ought to look like. Are you monitoring that pipeline? Do you have metrics on your data pipelines? Are you looking at the outputs? Do you have a ton more detections than you had last week? Do you have as many detections as you had last week? Is there anything that's not getting scanned by your model? Just because it's automation and a model, doesn't mean it doesn't require a ton of maintenance and care and feeding. And, if you keep your eye on all those things and they're working, then you ought to be able to detect data poisoning, or something like, that if that happens."*

## The Future Landscape --- AI's Impact on SOC Operations

Discussing the future landscape of cybersecurity operations, Sampson envisions AI's role in transforming the conventional SOC operational models. He contemplates the potential reconfiguration of the tiered SOC structure, predicting that AI's capability to automate routine tasks might lead to a shift, wherein more advanced roles focus on proactive threat hunting and mitigation, saying, "I think that we're going to see a complete change of the traditional four-tier model because AI seems to be able to do a lot of the stuff that a Tier 1 SOC analyst would traditionally do."

While acknowledging AI's potential to bolster defense mechanisms, Sampson emphasizes the importance of vigilant, proactive defense strategies and a realistic understanding of AI's capabilities and limitations. As the cybersecurity landscape continues to change, the integration of AI demands a delicate balance between technological advancements and the human expertise required to navigate its complexities and challenges.

Learn more about AI in Cybersecurity. See the latest innovations from XSIAM 2.0 in action through our [on demand demo](https://www.paloaltonetworks.com/engage/xsiam-ai-driven-soc-platform?overlay_url=/engage/xsiam-ai-driven-soc-platform/cortex-xsiam-go-big-videos/go-big-video-3?pflpid=16131&overlay_url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fengage%2Fxsiam-ai-driven-soc-platform%2Fcortex-xsiam-go-big-resources%2Fannouncement-xsiam-2-continuing?pflpid=16131&ts=markdown).

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI in Cybersecurity --- A CISO's Perspective](https://www.paloaltonetworks.com/blog/2024/03/ai-in-cybersecurity-a-cisos-perspective/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### AI in OT Security --- Balancing Industrial Innovation and Cyber Risk](https://www.paloaltonetworks.com/blog/2024/08/ai-in-ot-security/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI Provides an Rx for Cybersecurity in Healthcare](https://www.paloaltonetworks.com/blog/2024/07/ai-provides-an-rx-for-cybersecurity-in-healthcare/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Dark Side of AI in Cybersecurity --- AI-Generated Malware](https://www.paloaltonetworks.com/blog/2024/05/ai-generated-malware/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Let AI Handle the Heavy Lifting in the Modern SOC](https://www.paloaltonetworks.com/blog/2024/03/ai-in-the-modern-soc/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Who's the Boss? Teaming Up With AI in Security](https://www.paloaltonetworks.com/blog/2024/02/teaming-up-with-ai-in-security/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language