As cyberattacks continue to increase in frequency and complexity, organizations are turning to autonomous systems to bolster their cybersecurity defenses. However, this has raised important questions about the dynamics between human security teams and artificial intelligence (AI). Specifically, there is a need to determine the appropriate level of trust to place in an AI program and identify when human intervention is necessary to guide its decision-making.

Autonomous systems have revolutionized cybersecurity by allowing human operators to focus on higher-level decision-making. Rather than being overwhelmed by a deluge of minute “micro-decisions,” operators can now establish guardrails and parameters for AI machines to follow as they make millions of granular decisions at scale. This shift has allowed security teams to elevate their decision-making and leverage the power of AI to enhance their overall cybersecurity posture.

The advent of autonomous systems in cybersecurity has transformed the role of human operators, elevating their decision-making to a macro level. Instead of being bogged down by micro-level tasks, they can now focus on higher-level and more strategic responsibilities. Their involvement is limited to essential requests for input or action, as AI machines handle the bulk of the micro-level decision-making. This shift has enabled human operators to operate more efficiently and effectively, ensuring that they are able to devote their attention to the most critical tasks at hand.

As the role of AI in cybersecurity continues to evolve, questions about the nature of the relationship between humans and machines have come to the fore. In an insightful piece, the Harvard Business Review outlined four possible scenarios for how humans and machines may interact in the future. These scenarios offer a glimpse into the varied possibilities for this relationship and provide a framework for exploring how it may manifest in the context of cybersecurity.

Human In the Loop (HITL)

One of the scenarios presented by the Harvard Business Review entails a dynamic in which humans are the primary decision-makers, with AI machines serving as advisors. In this scenario, machines provide recommendations for actions and offer context and supporting evidence to accelerate decision-making and reduce time-to-action for human operators. Essentially, the machines function as force multipliers, providing critical insights and recommendations that enable humans to make more informed and effective decisions in a shorter amount of time.The human security team is completely in control of how the machine behaves under this setting.

While the scenario where humans retain full control over AI decision-making is effective, it requires significant human resources in the long run. Often, organizations may not have the personnel to sustain this approach over time. However, this stage can be crucial in establishing trust in the AI autonomous response engine. As organizations become more comfortable with the technology, they can move towards more streamlined models that strike a balance between human oversight and machine autonomy, leveraging the strengths of both to maximize their cybersecurity defenses.

Human In the Loop for Exceptions (HITLFE)

Another scenario described in the Harvard Business Review involves a model where the majority of decisions are made autonomously by AI machines, with humans stepping in only when exceptions occur. In this model, the AI machine operates largely independently, with the human providing input or making judgments only when necessary to support the decision-making process. This approach is highly efficient, allowing organizations to leverage the power of AI to make decisions at scale while also ensuring that human oversight is in place to handle complex or nuanced situations.

Under this scenario, humans maintain control over the logic used to determine which exceptions require human review. As organizations deploy increasingly diverse and customized digital systems, they can tailor the level of autonomy granted to the AI machine to meet specific needs and use cases. This enables a flexible approach that allows organizations to balance the benefits of machine autonomy with the need for human oversight and intervention in situations where complex or novel scenarios arise. By providing granular control over the decision-making process, humans can ensure that the AI machine operates in a way that aligns with their strategic objectives and risk tolerance.

In this scenario, the AI-powered autonomous response engine takes charge of the majority of events, enabling immediate and autonomous action. However, the organization remains “in the loop” for special cases, with flexibility over the emergence and timing of these cases. In such cases, the human operator can intervene as necessary but must exercise caution when overruling or declining the AI’s recommended action without careful review. By leveraging the power of AI to handle routine tasks, organizations can reduce the burden on human operators and improve efficiency, while maintaining a human touch for exceptional scenarios that require human judgment and expertise. This approach strikes a balance between autonomy and oversight, enabling organizations to benefit from AI technology while maintaining control over critical decisions.

Human on the Loop (HotL)

In this scenario, all activities are carried out by the machine, and the human operator may evaluate the results of those actions to comprehend the context in which those actions were taken. This configuration enables AI to confine an attack in the event of an emergent security incident while alerting a human operator that a device or account requires help, in which case they are brought in to address the situation.

This security setup is ideal in the eyes of many. It is simply not possible to have the human in the loop (HitL) for every event and every potential vulnerability due to the complexity of the data and the scope of the judgements that must be taken.

With this structure, humans still have complete control over how, when, and where the system behaves, but once events do happen, the computer is in charge of making millions of little decisions.

Human out of the Loop (HootL)

Every choice is made by the machine in this approach, and the improvement process is likewise an automatic closed loop. As a result, each AI component feeds into and enhances the next, increasing the ideal security state, creating a self-healing, self-improving feedback loop.

This is the apex of security without intervention. It is doubtful that human security operators would ever desire “black boxes,” or autonomous systems that operate completely autonomously without allowing security teams to even have a general understanding of the activities it is doing or why. A human will always desire oversight, even if they are sure they won’t ever need to interfere with the system. Transparency will therefore become more crucial as autonomous systems develop over time.

Each of the four models provides unique benefits and can be applied to different use cases, enabling companies with varying levels of security maturity to leverage the recommendations of AI systems confidently. By harnessing the power of AI to analyse data and make decisions at a scale beyond what any individual or team could accomplish in the time available, organizations can effectively detect and respond to cyberattacks.

This allows businesses of any size and type to utilize AI decision-making in a way that aligns with their specific needs and use cases. With AI handling routine tasks and providing recommendations, human operators can focus on strategic decision-making and exceptional cases that require their expertise. Ultimately, by combining the strengths of humans and AI, organizations can better protect themselves against cyber threats and prevent the disruption they can cause.