Although artificial intelligence, specifically machine learning and large language models, is in the news, it isn’t very useful in enterprise IT. In this episode of the On-Premise IT podcast, Karen Lopez, W. Curtis Preston, Michael Levan, and Stephen Foskett discuss the use case for AI in security. The panel acknowledges that machine learning can be beneficial in identifying anomalies and patterns that humans may overlook. It can assist in generating policies, templates, and rule sets, as well as providing best practices based on aggregated data. However, they also express concerns about the responsible use of AI and the need for training models on specific environments to ensure effectiveness. They highlight the importance of having the right data sets and the challenges of dealing with the black box nature of machine learning. Despite potential exploits and limitations, they agree that AI is currently the best tool available for detecting and addressing security threats, such as data exfiltration and unauthorized access.

In this episode of the On-Premise IT podcast the discussion focuses on the use of AI in enterprise security. They emphasize the potential benefits of AI, particularly machine learning and large language models, in identifying anomalies and patterns that might go unnoticed by human analysts. By leveraging AI, organizations can generate policies, templates, and rule sets that enhance security measures. Furthermore, AI can provide valuable insights and best practices based on aggregated data, assisting security teams in making informed decisions and strengthening their defenses.

Despite these advantages, the panel also raises concerns about the responsible use of AI in security. They emphasize the necessity of training models on specific environments and datasets to ensure the accuracy and effectiveness of AI systems. Without proper training, AI algorithms might produce false positives or negatives, leading to inadequate security measures or unnecessary alarm. This highlights the importance of utilizing relevant and high-quality data sets to achieve optimal results.

Another challenge discussed in the podcast is the “black box” nature of machine learning models. While AI algorithms can detect and flag suspicious activities, it can be challenging for human operators to comprehend and interpret the reasoning behind those decisions. The lack of transparency poses difficulties in understanding the rationale of AI systems, potentially impeding the ability to trust and effectively utilize them for security purposes.

In spite of these challenges, the panel unanimously agrees that AI, at present, is the most powerful tool available for detecting and addressing security threats. It can effectively identify data exfiltration attempts, unauthorized access, and other malicious activities. The panel members emphasize the importance of continuously refining and enhancing AI models to adapt to evolving threats and changing attack techniques.

Overall, the discussion offers a balanced view of the use of AI in security. While acknowledging the potential advantages of AI in augmenting human capabilities, the panel highlights the need for responsible implementation, proper training, and ongoing refinement of AI systems. By leveraging the power of AI and combining it with human expertise, organizations can bolster their security defenses and effectively combat sophisticated threats.

See all of the Cloud Field Day 17 presentations on the Tech Field Day website or on