Is AI hype or reality?
Recently “AI” has been the buzzword on everyone’s lips and the number of companies claiming to have AI capabilities is rocketing, especially within the cyber security industry.
With 40% of Europe’s self-proclaimed “AI companies” having been exposed as not actually using AI in their offerings, according to MMC Ventures, it’s difficult to know whether you’re dealing with a company whose claims of “AI power” are legitimate.
So how can security professionals get beyond the buzzwords to identify a real AI company?
First, it’s important to point out that AI is an imprecise term. Through different phases of technical innovation, our understanding of what it means to us has changed significantly since its initial introduction into our lexicon in 1956 by John McCarthy when he held the first academic conference on the subject.
The CTO view on AI: business critical or hype monster?
AI as a tool, not a goal
In the security industry, AI is the hype everyone is jumping on currently because they feel it’s what they need to do to stand out. However, it is actually doing the opposite – the number of companies now shouting about their ‘AI capabilities’ is creating noise around those companies who genuinely have AI at the core of their business. There is an overwhelming number of general AI tools out there that don’t help to solve a specific problem, and security teams struggle to filter through the fakers to find what they are really looking for.
AI, in its many forms, offers users the chance to accomplish tasks at scale and speeds that humans alone cannot achieve. AI can also tease out new insights from analytical tasks. It’s not simply a case of capturing big data and throwing advanced mathematics at it. It’s called data science for a reason; it’s not just about building amazingly intricate algorithms. Aside from selecting algorithmic approaches, the data scientist also has to manage the curation of data, feature selection and extraction, and training.
For example, in cyber security we use AI technology to automate tasks to detect and respond to very subtle signals of hidden advanced attackers who have gained a footprint inside an organisation.
Our industry needs expert security researchers to hypothesise and validate attacker technical behaviours, something a data scientist alone wouldn’t have any insight into. Only when collaborating with the security researcher can the data scientist develop an effective cyber security attacker detection algorithm. In this scenario, AI is a tool that helps security teams, but it doesn’t make up the entire picture.
As a result, AI is augmenting security analysts and also making a considerable contribution to bridging the cyber skills and resource gap by allowing less experienced analysts to enter the profession and achieve more, more quickly.
Beyond AI hype: AI once stood for algorithmic intelligence
Challenging the hype and spotting a ‘real AI company’
When evaluating a company’s true AI capabilities, there are a number of questions you should arm yourself with. For example, what’s the depth and breadth of their development capability? How many of their team have a machine learning (ML) or data science background?
Look for evidence of a commitment to long term innovation and demonstrable results. Any awards and industry recognition will allow you to determine the credibility and relevance of a company in terms of AI. Additionally, determining whether the company has patents pending shows commitment in building value through innovation.
Do some digging on the company’s LinkedIn profile and its employees. If you’re only able to find one developer with no demonstrable machine learning experience, then at best they’re likely to have bolted on an open source machine learning library to some existing code and are just “playing” with AI doing simple unsupervised learning trying to cluster data. Particularly for younger businesses you should critique the executive team, and their backers. Do they have relevant experience in the sector, or at least tangential to it? What’s their track record and reputation, where else have they been successful? Look for teams and investors that are not just looking at AI as an easy funding source, that overly hype themselves, or are simply chasing a ride on a perceived market opportunity.
It’s also a good idea to look for evidence of happy long-term customers that prove the AI tool’s claimed efficacy and value. Vendor case studies are nice, but independent verified reviews and user communities provide even more powerful sources of feedback. Testing a prospective AI tool in your own organisation is the gold standard to understanding how effective it could be for you. Look for evaluation or proof of concept programs that allow you to get hands on, in your environment, and consider a competitive bake off between alternatives.
Artificial intelligence: from hype to reality in healthcare
One final note…
Overall, the boom in artificial intelligence is a positive thing, it just means security professionals need to be more sceptical when entering into discussions or projects with companies claiming to have AI capabilities.
Despite all its positive effects, remember that as a group of technologies AI is just the tool, not the goal or reason. It’s the “How” not the “Why?”