This week, it was reported that several AI companies will work closely with the U.S. federal government, as part of the 2025 AI Action plan, which called for greater adoption of AI tools to increase efficiency, enhance national security, and modernize legacy systems.
As technology industry analyst Rob Enderle of the Enderle Group told ClearanceJobs, “AI is a potential game changer for government agencies, which are generally understaffed and underfunded.
However, it’s important to remember that GenAI should not be seen as a replacement for traditional cybersecurity, as it can’t replace the human experience.
It can also introduce new attack surfaces, including prompt injections designed to “trick the AI” and model poisoning, which employs corrupt training data. AI can also allow for data leakage, where sensitive information is disclosed.
Streamlining Work Flows
The adoption of AI could further streamline workflows with the federal government and aid cybersecurity, but the key is that it can aid, not replace.
“AI is now the only way organizations can keep up with security, but GenAI alone is not enough. It’s only one of the tools practitioners need in their arsenal, along with ML and data science,” explained Melissa Ruzzi, director of AI at AppOmni.
Ruzzi, who embraces a mix of technical and business skills and is passionate about creating applications using data science and machine learning to help organizations defend against cyber threats, will be speaking on GenAI’s role in cybersecurity at next month’s RSA Conference in San Francisco.
She told ClearanceJobs that GenAI is non-deterministic and language-focused, and that it should not be seen as the most appropriate tool in certain cases, especially those with deep mathematical needs.
“It’s like replacing a calculator by rolling a dice when you want to sum up numbers,” Ruzzi warned. “Because of the high volume and complexity of cybersecurity data, it takes an expert in both security and AI –including data science and machine learning (ML) – to know when and how to best apply AI to cybersecurity.”
Raw Power vs. Raw Data
GenAI is already transforming cybersecurity by enabling faster threat detection, automating security operations, and even enhancing incident response, but its limits are already being tested.
“While it appeared to offer added value in the early days, inserting raw security data into GenAI alone is extremely limiting, and the market now is waking up to the fact that, in the security domain, we need to go beyond GenAI,” suggested Ruzzi. “That’s because security domain knowledge, not sophisticated AI algorithms, is the primary driver of success.”
She further told ClearanceJobs that a good understanding of the different added value, challenges, and limitations of the variety of tools under the AI umbrella – which include statistics, traditional machine learning, and GenAI – is key for proper AI implementation to assure the best outcome and reduce over-engineering.”
“Pure statistical anomaly scoring is insufficient without risk contextualization, because GenAI may surface mathematical anomalies that don’t equate to actual risk,” Ruzzi continued.
Log Jam
To ensure that GenAI can do the job right, the correct metadata must be extracted from any security logs. Without it, the AI can’t do the job.
“This is much more important than using a more sophisticated model. You can use the fanciest model in the world, but if your data is wrong, your output is wrong. Security professionals should keep models as simple as possible, and optimize for detection effectiveness and cost,” Ruzzi added. “Remember, models are to be used, not believed: AI should assist analysts, not replace judgment.”
