* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Company \& Culture](https://www2.paloaltonetworks.com/blog/category/company-culture/)
* AI Is Changing Security ---...

# AI Is Changing Security --- 5 Predictions from Cortex

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F01%2Fai-is-changing-security%2F)  
[](https://twitter.com/share?text=AI+Is+Changing+Security+%E2%80%94+5+Predictions+from+Cortex&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F01%2Fai-is-changing-security%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F01%2Fai-is-changing-security%2F&title=AI+Is+Changing+Security+%E2%80%94+5+Predictions+from+Cortex&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2024/01/ai-is-changing-security/&ts=markdown)  
\[\](mailto:?subject=AI Is Changing Security — 5 Predictions from Cortex)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
Jan 10, 2024  
9 minutes  
[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[2024 predictions](https://www.paloaltonetworks.com/blog/tag/2024-predictions/?ts=markdown)  
[AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown)  
[AI's Impact in Cybersecurity](https://www.paloaltonetworks.com/blog/tag/ais-impact-in-cybersecurity/?ts=markdown)  
[Cortex XSIAM](https://www.paloaltonetworks.com/blog/tag/cortex-xsiam/?ts=markdown)  
[GigaOm Radar](https://www.paloaltonetworks.com/blog/tag/gigaom-radar/?ts=markdown)  
![](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/audio-icon.svg)  
"The Large-Scale Democratization of AI: Empowering Human-AI Collaboration in Automation" -Matt Kraning  
*00:00* *00:00*  
Volume Slider  
10s 10s  
10s 10s  
Seek Slider

*["AI's Impact in Cybersecurity"](https://www.paloaltonetworks.com/blog/tag/ais-impact-in-cybersecurity/) is a blog series based on interviews with a variety of experts at Palo Alto Networks and Unit 42 with roles in AI research, product management, consulting, engineering and more. Our objective is to present different viewpoints and predictions on how artificial intelligence is impacting the current threat landscape, how Palo Alto Networks protects itself and its customers, as well as implications for the future of cybersecurity.*

The rapid evolution of artificial intelligence (AI), including a new wave of generative AI capabilities, has already had a dramatic impact on cybersecurity. Hackers are using AI to script ransomware, author phishing threats and create more adaptive and evasive botnets while AI-powered cybersecurity systems are bringing new speed and precision to threat detection and response. And, there's much more still to come.

With these critical developments at hand, we decided to reach out to our own teams at Palo Alto Networks to get some candid opinions about the impacts of AI in cybersecurity; near and long term:

* What are your top five predictions regarding AI's impact on security?
* What is your understanding of artificial intelligence being applied in the field of cybersecurity?
* How do you see artificial intelligence influencing the future landscape of security operations?
* What should security companies be doing to ensure AI models are trained properly and that AI is implemented in security systems in a responsible and transparent way?
* What types of cybersecurity threats or attacks do you think AI-powered systems are particularly effective at detecting and preventing?
* What proactive steps can be taken to protect AI models from adversarial attacks and evasion techniques?
* What key performance metrics do you use to evaluate the effectiveness of AI-powered security solutions, and how do you track their performance over time?

Based on those conversations, we've compiled an overview of some of the predictions and general thoughts from the perspectives of our diverse teams.

The following are a list of some opinions that stood out and bear our attention:

## **1. AI Will Help Detect and Prevent Novel Attacks**

When creating a new attack, cybercriminals often seek to evade defenses by chaining together a finite set of tactics, techniques and procedures (TTPs) in new combinations. AI is making this process easier for attackers, but it offers similar benefits for defenders as well.

In the past, threat detection systems could be trained effectively on existing examples of individual techniques, but new variations in the way the malware was constructed and delivered would need to be captured individually over time. "There are a lot of exciting things happening with using LLMs \[large language models\] to construct datasets where it was very hard to get data before. Now you can just make your own data," says Billy Hewlett, leader of the AI research team here at Palo Alto Networks.

Matt Kraning, CTO, Cortex, explains, "With AI, we're now able to simulate many more examples of the ways different techniques can combine together from, without hardening only limited variations. For example, from a single piece of malware that contains a novel attack vector, we can automatically simulate what that attack vector would look like paired with other known malware TTPs, generating thousands or more of new attack simulations that our threat detectors can all be trained over. In this way we greatly improve the robustness and comprehensiveness of our training data, both improving accuracy and lowering false positives."

For attackers, it will no longer be enough to create novelty through minor variations on existing themes. "For an attack to be truly unseen, they're going to have to go back to basics," says Kraning. "This is a great example of the way AI asymmetrically raises costs on attackers, which is ultimately the way that we win."

## **2. AI Will Enable Natural Language in SecOps**

Security operations can encompass distinctly different skill sets. It takes one type of expertise to deeply analyze data and determine whether a threat is present, while an entirely different type of knowledge is needed to build systems for data analysis. Kraning believes:

*"Being really good at breaking things doesn't necessarily mean you're great at building things, or vice versa. Right now, security analysts have to be this kind of unicorn, able to understand not only how the attackers might get in but also how to set up complex automations and queries that are highly performant over high volumes of data."*

Now generative AI will make it possible to interact with data more easily. "It's what I call natural language SecOps," says Kraning. "People with deep domain expertise will be able to focus on analyzing a situation without worrying about a whole slew of different requirements to gather data, understanding its vagaries and biases, or becoming a SQL triple black belt or security data lake database administrator."

Similar capabilities will simplify tasks across the security operations center (SOC). Greg Heon, senior director, product management says, "There's huge potential for new generative AI-powered interfaces. I see this in ChatGPT every day, where just asking a high-level question instead of clicking around a graphical user interface can often give me a better answer. That approach will replace more and more of the traditional interfaces in the web applications built to serve security operations teams."

## **3. AI Will Expand the Scope of Data Analysis**

Data throughout the enterprise can have value for threat detection and prevention, as well as remediate and improve an organization's security posture. For example, integrating the data in a company's HR system can make it easier to ensure that a user requesting access to a Zero Trust network is actually a company employee or contractor. But first, organizations need a way to join these diverse datasets. Heon says:

*"AI is quite good at what I think of as 'fuzzy joins.' If you have different databases where the fields don't quite line up or there are inconsistencies in data standards, AI can help you stitch them together to provide visibility you wouldn't otherwise have. AI will play more and more of a role in breaking down these silos to aid security decisions."*

## **4. AI Automation Will Enable SecOps Scale**

After a years-long talent shortage in cybersecurity, AI may finally help enterprises scale their security operations without adding headcount. Hewlett says:

*"Security can't be done just by human experts anymore. When attackers are using polymorphism to generate millions of files, we can't cover them anymore using signatures. We need to automate the classification of files, web pages and other things, and the only way to do it is with artificial intelligence."*

In addition to that theory, Kraning believes:

*"Even the AI systems that are already available can have a similar impact on productivity that we saw with the cloud. Cloud took a data center team that was previously 15 people and made it a DevOps team of three to five people. Some of the current AI systems, especially large language models, are increasing individual SecOps throughput by a factor of five or more."*

The impact of AI on scale will be especially dramatic in terms of security automation, which has been constrained to date by engineering requirements. "We haven't had automated automation," says Kraning:

*"Combining automation with AI will democratize it and allow many, many more automations to take place. What might have taken one person 10 weeks, or 10 people a month, will now take one person a single week, and they'll be able to pervasively orchestrate automation across the enterprise."*

## **5. AI Model Security Will Be a Top Priority**

As LLMs consume data for training, attackers may seek to open a new vector for exploitation. Yoni Allon, vice president of research, says, "We might see something like AI pollution or data pollution where attackers deliberately try to create a fake reality. Models will train on that reality and produce hallucinations or malicious content based on the attacker's intent."

Another possibility might be injecting exploits directly into prompts. Preventing such tactics will call for protective measures around access both to and from the model. Heon believes that protecting AI models requires a different point of view:

*"In terms of protecting AI models from adversarial attacks, you can think of models as just another form of code. As with any other type of system, you need to think about OWASP \[Open Worldwide Application Security Project\], vulnerabilities and making sure the code doesn't start doing anything unexpected. You don't want to allow anyone, whether an adversary or a regular user, to have direct access to model artifacts."*

This kind of classical security applies in the other direction as well. Heon added, "At the end of the day, a model ends up looking quite similar to the kind of systems we've already been protecting, just a new type of content."

#### **Expect the Unexpected**

A year ago, few would have predicted the tsunami of innovation triggered by the wave of generative AI. A year from now, we may well be looking back at further developments unforeseen by even the most astute observers today, and looking ahead at still greater advances. If there's one thing we can be certain of, it's that we've only just begun to see the impact of AI on cybersecurity.

#### **Explore the Future of Cybersecurity with Cortex XSIAM® --- Palo Alto Networks AI-Driven Security Operations Platform**

Discover how this innovative approach leverages AI to enhance, not replace, your security teams.

**![GIGAOM Radar Report, Autonomous security operations center, leader 2023](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/01/word-image-311333-1.png)**

[**The GigaOm Radar Report**](https://start.paloaltonetworks.com/xsiam-gigaom-radar-report-2023) on Autonomous Security Operation Center (SOC) solutions published, and Cortex XSIAM has been recognized as both a Leader *and* Outperformer. In this dynamic landscape, ensuring the utmost security for your organization is paramount. The question isn't whether to embrace AI and automation, but rather how to stay ahead of the curve by choosing the most advanced and comprehensive solution.

## **Explore the Power of AI in SecOps**

Cortex XSIAM is an [award-winning](https://www.techascensionawards.com/cybersecurity-awards-winners-2023) and groundbreaking AI-driven platform that converges SOC capabilities, leverages AI for accurate threat protection and applies an automation-first approach to security operations. See the latest innovations from XSIAM 2.0 in action through our [on demand demo](https://www.paloaltonetworks.com/engage/xsiam-ai-driven-soc-platform?overlay_url=https://www.paloaltonetworks.com/engage/xsiam-ai-driven-soc-platform/cortex-xsiam-go-big-videos/go-big-video-3?pflpid=16131&overlay_url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fengage%2Fxsiam-ai-driven-soc-platform%2Fcortex-xsiam-go-big-resources%2Fannouncement-xsiam-2-continuing?pflpid=16131).

*** ** * ** ***

## Related Blogs

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### AI in Security --- Ready for Prime Time](https://www2.paloaltonetworks.com/blog/2024/01/ai-in-security/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### AI in OT Security --- Balancing Industrial Innovation and Cyber Risk](https://www2.paloaltonetworks.com/blog/2024/08/ai-in-ot-security/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### CISOs Take Note --- Don't Let AI Adoption Outpace Due Diligence](https://www2.paloaltonetworks.com/blog/2024/01/ai-adoption-outpace-due-diligence/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### The Hidden AI Risk Lurking In Your Business](https://www2.paloaltonetworks.com/blog/2024/09/the-hidden-ai-risk-lurking-in-your-business/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### The Promise and Perils of Building AI Into Your Business Applications](https://www2.paloaltonetworks.com/blog/2024/08/the-promise-and-perils-of-building-ai-into-your-business-applications/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI Provides an Rx for Cybersecurity in Healthcare](https://www2.paloaltonetworks.com/blog/2024/07/ai-provides-an-rx-for-cybersecurity-in-healthcare/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language