No, but it’s fundamentally changing them.
Generative AI (GenAI) is quickly becoming an essential part of everyday security workflows. So … is it a partner or competitor?
The wide-ranging implementation of GenAI technologies into virtually every aspect of the security stack has, on the whole, helped security teams work more efficiently to mitigate threats. GenAI is providing security practitioners access and analysis to data they otherwise would never have had — making their work even more impactful than it’s ever been.
At the same time, GenAI has also expanded the attack surface — whether through adversaries’ abilities to scale production of malicious code, the risks associated with employees’ use of large language models (LLMs), or increasingly sophisticated social engineering campaigns.
So, how does all this affect today’s security professionals?
Table of Contents
How GenAI is helping security professionals
With GenAI on board, security practitioners’ daily scope of work is changing in real time. Here are some of the traditional tasks by role and how exactly GenAI is alleviating burdensome processes for each.
Security engineers and architects
Task: Collect and normalize a new data source.
GenAI helps by: Recommending integrations; creating and converting ingest pipelines
Task: Create or convert a detection rule.
GenAI helps by: Creating and converting detection rules; explaining alerts
Task: Triage alerts.
GenAI helps by: Automating triage by correlating related alerts into attack-level findings
Security analysts
Task: Investigate a threat.
GenAI helps by: Performing key investigation steps like providing a detailed description of the attack, summarizing hosts and users, displaying related MITRE ATT&CK® tactics, and more (Built-in AI assistants can also create step-by-step remediation plans and streamline ad-hoc analysis and enrichment by generating preferred program language queries.)
Task: Respond to an incident.
GenAI helps by: Suggesting remediation steps and helping document incidents
SOC leaders
Task: Monitor security alerts.
GenAI helps by: Automating alert triage by filtering out false positives and prioritizing genuine threats based on severity and potential impact
Task: Manage team performance.
GenAI helps by: Tracking and summarizing metrics on response time, alert volume per analyst, case management, team fatigue levels, and more
Task: Report metrics and insights to executives.
GenAI helps by: Aggregating and visualizing security metrics, generating concise summaries, and providing predictive insights to better communicate with stakeholders
AI-driven security analytics
With the help of GenAI, security teams can more easily prioritize critical incidents, reduce alert fatigue, and accelerate investigations through real-time integrated threat intelligence, automated triage, and LLM-enhanced workflows. AI-driven security analytics transform security operations into a more proactive, adaptive, and efficient function — allowing organizations to stay ahead of today’s threat actors (who themselves are also using GenAI) and respond with greater speed and accuracy.
Here are some estimates on how much time security teams can expect to save with AI-driven security analytics:
Today’s AI-equipped security professional
OK, so GenAI is elevating efficiency, productivity, and overall defense capabilities … but how might it help you in your role? Check out this resume from the perspective of a humble-yet-powerful AI assistant and see why GenAI is the newest team member you need.
GenAI has been a big win for security teams worldwide. While it’s unlikely to take cybersecurity professionals’ jobs, it is bringing forth a powerful level of automation that uplevels the traditional day-to-day workload of practitioners — shifting their role to adopt more strategic focus and creative problem-solving.
By automating away many of the time-intensive and mundane tasks that have burned out many security analysts and admins, security teams can now focus on the priorities that truly matter and further strengthen overall security posture.
Check out our webinar on security trends for 2025 to gain further insight into the relationship between practitioner and AI, and see how AI can help your team accomplish more.
The release and timing of any features or functionality described in this post remain at Elastic’s sole discretion. Any features or functionality not currently available may not be delivered on time or at all.
In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.
Elastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.
Leave a Reply