SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Chandro
#
Digital Transformation
#
Advanced Persistent Threat Protection
#
SOCs

AI-human partnership: The way forward in security world

Wed, 18th Mar 2026
By Chandrodaya Prasad, Chief Product Officer, SonicWall

As cybersecurity threats have evolved and multiplied, the foundational structures of traditional security platforms have faced increasing scrutiny. Today's complex digital landscape demands solutions that go beyond the legacy approaches once considered standard. To understand the limitations of these older systems and why a shift is needed, it's essential to first examine how they were originally conceived.

A platform built for a different world

The security platform as it was designed; the architecture, the assumptions baked in, the data model, was built for a different world. A world where threats were matchable signatures. Alert volume was manageable by a team watching a dashboard. The perimeter was real. Reporting happened after the incident. The system's job was to collect data, not act on it.

None of those assumptions hold anymore.

Adding AI to a legacy security architecture is like adding GPS to a paper map. Impressive party trick. Wrong object.

What the AI-era platform looks like

The platform of the AI era looks fundamentally different.

It presents conclusions with evidence, not raw data for human triage.
It treats correlation as the core function, happening continuously across every signal.
It learns what "normal" looks like for your specific environment, not a generic ruleset.
It treats the analyst as the decision-maker, not the data processor. – Can this section be written in a more comprehensive manner to fit into an article.

At SonicWall, we have been actively addressing this challenge by evaluating three decades of architectural decisions to determine what needs to evolve. Some changes that can be explored:

1. The hardest part isn't the AI. It's the data

AI is only as useful as the breadth, quality, and recency of what it can see. Most security vendors sit on siloed, inconsistent telemetry never designed to feed a model. Getting the data architecture right is the unglamorous prerequisite that makes everything else possible.

2. Partners and customers are ahead of the vendors

The MSPs and MSSPs we work with didn't need convincing. They've been living the analyst capacity problem for years. What they needed was AI that actually works in their environment, at their scale, without a team of data scientists to configure. The demand is real. The supply of genuinely useful AI is still catching up.

3. Trust is the product

When AI tells an analyst something is a threat, the analyst needs to understand why. Not as an audit requirement, because the analyst's judgment is the last line of defense. A black box that's right 95% of the time will be ignored the moment it's visibly wrong. Explainability isn't a nice-to-have. It's the foundation of human-AI collaboration in security.

3 questions every security leader should be asking right now

Even though every platform claims to have AI, the signal is in the answers to these three questions:

  • Was this platform's data architecture designed to feed AI, or was AI designed to work around the existing data architecture?
  • Does the AI reduce alert volume and increase signal quality, or add a new layer of AI-generated noise on top of existing noise?
  • Does this platform make my analysts more powerful, or ask them to trust a system they can't understand?

The answers will separate the platforms that define the next decade from the ones that spend it defending why their architecture still makes sense.

The AI human collaboration

We are entering the Age of Collaborative Intelligence, where the synergy between humans and artificial intelligence is reshaping security operations. Rather than replacing analysts, AI is enhancing their capabilities, enabling faster decision-making and stronger defense lines. In this new era, platforms that foster transparency and empower analysts will define the future of security.

Will AI replace the security analyst?

Many believe AI will replace security analysts, but it's more complex. AI helps automate threat detection and reduce alert fatigue, but its true strength is supporting human expertise. Products like Microsoft's Security Copilot and Google's Chronicle process large data sets and spot patterns missed by humans, yet analysts are still needed for context and handling tough situations. Reports from Gartner and Forrester stress that combining AI with human decision-making delivers better security. The most effective platforms are transparent and empower analysts rather than relying on a black box. After years working in this field, I've found the industry misunderstands the AI debate.

Will your security platform survive a world where AI is the analyst: Re-evaluating the role of the analyst

The emergence of this new landscape is imminent. Many platforms currently available were not originally designed to accommodate it.

Based on direct observation, difficulties within security operations are seldom attributed to analysts. In fact, analysts often serve as the critical element maintaining operational integrity.

The analyst is the one who knows:

  • The 2am alert that looks like a false positive is actually the third in a pattern that started six weeks ago.
  • The IP flagged today was in a threat report from a vendor they haven't used in two years.
  • What normal looks like for the CFO's login when she's traveling.

That contextual, judgment-based intelligence is extraordinarily hard to replicate. AI isn't close, not because AI lacks capability, but because that knowledge lives in people and relationships, not in datasets.

What AI can do is absorb the parts of the analyst's job that were never worthy of a human analyst in the first place such as triaging 10,000 low-fidelity alerts, correlating signals across systems that don't talk to each other, writing incident documentation at midnight when the analyst is exhausted.

AI handles the above faster, more consistently, and infinitely with more patience than humans, freeing the analyst to do the work that actually requires judgment.

Therefore, AI will not replace the security analyst. It will make the security analyst dramatically more powerful. That's not a hedge. That's what the evidence shows.

The honest truth: the analyst's role remains indispensable

Skills such as intuition, sound judgment, institutional knowledge, and the capacity to accurately assess incidents, much like a physician evaluates a patient, are fundamentally human attributes. These qualities will only become more essential as artificial intelligence increasingly influences the environment.

However, the platforms that analysts depend upon require comprehensive redevelopment. Rather than mere updates or enhancements, these systems must be entirely restructured, presuming AI serves as the initial responder while humans retain ultimate decision-making authority.

Organisations that recognize this distinction and adapt their strategies accordingly will be best positioned to withstand future challenges.

Such challenges are inevitable.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member