When Artificial Intelligence Automates Cybersecurity: The Role of Cybersecurity Experts in the Age of Autonomous Systems

For a long time, cybersecurity was primarily a reactive discipline. Cybersecurity experts would step in after an incident, analyzing event logs, identifying vulnerabilities, and implementing fixes to mitigate the impact of attacks. Defense systems relied mainly on predefined rules, known threat signatures, and traditional monitoring mechanisms.

But this approach has shown its limitations in the face of rapidly evolving cyber threats. Attacks have become more sophisticated, faster, and, above all, harder to detect. From ransomware and zero-day attacks to automated phishing and large-scale exploitation of software vulnerabilities, cybercriminals now use advanced techniques, some of which are powered by artificial intelligence.

At the same time, the attack surface has expanded significantly. The widespread adoption of the cloud, connected devices, remote work, and distributed digital infrastructures exposes organizations to constant risks. Every device, every API, and every data stream becomes a potential entry point.

In this context, complexity is skyrocketing. Information systems generate millions of security events every day, making comprehensive human analysis impossible. According to IBM Security, the average cost of a data breach reached $4.45 million in 2023, a record high that illustrates the scale of the economic stakes involved in cybersecurity¹.

The figures illustrate this shift:

• The number of ransomware attacks has risen sharply in recent years, affecting both businesses and public institutions.
• Organizations must analyze massive volumes of logs and events in real time, often numbering in the millions per day.
• The time it takes to detect and respond to incidents remains a major challenge for many companies.

Given this situation, a paradigm shift is needed. Cybersecurity can no longer be purely reactive; it must become predictive, capable of anticipating threats before they materialize.

The field is thus entering a new era. Cybersecurity experts are no longer limited to protecting systems; they must now manage complex digital environments, where artificial intelligence has become a key tool for detecting, analyzing, and neutralizing increasingly autonomous threats.

 How AI Is Transforming Cybersecurity Practices

Artificial intelligence is not only transforming information systems; it is profoundly transforming the way cybersecurity is conceived, organized, and operated. Historically, the work of cybersecurity experts relied on a defensive approach based on rules, known threat signatures, and often manual analysis processes. Incident detection required constant monitoring, the analysis of complex logs, and rapid human intervention. But with the rise of intelligent systems, cloud infrastructures, and distributed digital environments, an increasing portion of these tasks is now automated, augmented, and orchestrated by AI. Cybersecurity experts are thus operating in an environment where tools can detect abnormal behavior, correlate events at scale, and trigger real-time responses, profoundly transforming the discipline itself.

This trend is evident at several key stages of the cybersecurity lifecycle.

• Threat detection through behavioral analysis: Traditional systems relied on known signatures, which are ineffective against previously unseen attacks. AI now makes it possible to analyze behavior rather than signatures. By identifying anomalies in network traffic, user access, or system interactions, it detects even unknown attacks. According to Capgemini, organizations using AI for cybersecurity can improve their threat detection capabilities by more than 40%².
• Enhanced SOCs (Security Operations Centers): Security operations centers today handle massive volumes of alerts. AI enables these alerts to be filtered, prioritized, and contextualized in real time. It reduces information noise, identifies critical incidents, and helps analysts focus on truly dangerous threats. This enhancement significantly reduces the average time to detect and respond to incidents.
• Automated Incident Response (SOAR): Security Orchestration, Automation, and Response (SOAR) platforms now incorporate AI capabilities to automate certain actions, such as isolating a compromised workstation, blocking an IP address, or deactivating a suspicious account. These automated responses make it possible to contain an attack in a matter of seconds, whereas human intervention would have taken several minutes or even hours.
• Predictive Analysis and Attack Anticipation: AI enables the anticipation of threats by analyzing massive volumes of data from various sources, including internal logs, vulnerability databases, the dark web, and low-signal indicators. It identifies recurring patterns and behaviors that foreshadow attacks. This capability transforms cybersecurity into a proactive discipline, capable of preventing attacks rather than merely reacting to them.
• Cybersecurity for complex environments (cloud, IoT, edge): Modern infrastructures are distributed and dynamic. AI enables continuous monitoring of these complex environments, identifies risky configurations, and detects abnormal behavior at scale. It is becoming essential for securing hybrid architectures that cannot be monitored manually.
• Combating automated attacks and malicious AI: Cybercriminals also use artificial intelligence to automate attacks, generate personalized phishing campaigns, or bypass detection systems. AI thus serves as both a defensive tool and an offensive weapon. Cybersecurity experts must understand this dual nature in order to adapt their strategies.

These changes are fundamentally transforming the nature of the profession. Cybersecurity experts are no longer limited to monitoring and fixing systems. They must now orchestrate intelligent systems, understand algorithmic logic, and ensure that automated decisions remain reliable, explainable, and tailored to security challenges.

 A new role for the cybersecurity expert

The widespread integration of artificial intelligence into information systems is not only transforming cybersecurity tools; it is also fundamentally redefining the role of the cybersecurity expert within organizations. Long viewed as a technical expert responsible for protecting infrastructure and responding to incidents, they are now becoming a strategic player in digital resilience. Their role is no longer limited to securing systems, but also involves anticipating complex threats, managing autonomous systems, and ensuring the reliability of critical digital environments.

In a landscape where attacks are becoming increasingly automated and defense systems themselves incorporate artificial intelligence, the value of a cybersecurity expert now lies in their ability to understand, oversee, and manage these systems. The challenge is no longer simply to block an intrusion, but to interpret weak signals, assess risks in real time, and ensure that automated mechanisms make relevant and controlled decisions.

This trend has led to several major changes in the industry.

• Augmented Cybersecurity Architect: Cybersecurity experts design defense architectures that integrate intelligent systems capable of detecting, analyzing, and responding to threats. They no longer simply configure tools; instead, they build comprehensive ecosystems that combine SIEM, SOAR, AI, and cloud infrastructure to ensure comprehensive and consistent protection.
• Autonomous Security Systems Supervisor: With the increasing automation of incident responses, this expert must oversee systems capable of acting without immediate human intervention. They define orchestration rules, monitor automated actions, and ensure that decisions made by algorithms remain in compliance with security policies.
• Threat Intelligence Analyst: Beyond operational management, this role involves a strong analytical component. The cybersecurity expert analyzes data from multiple sources—including threat intelligence, the dark web, and weak signals—to anticipate attacks and guide defense strategies. They play a direct role in risk management across the entire organization.
• Ensuring Governance and Compliance: The use of intelligent cybersecurity systems raises significant regulatory challenges. The expert must ensure that these systems comply with applicable standards—such as the GDPR, NIS 2, and the AI Act—and that automated decisions are traceable, explainable, and auditable.
• The intersection of technology, management, and business functions: Cybersecurity is no longer solely a technical issue. It has become a strategic priority involving senior management, legal teams, and business units. Cybersecurity experts must be able to translate technical risks into business challenges and support the decision-making process.
• Head of Ethics and Digital Trust: The automation of cybersecurity raises questions related to surveillance, data protection, and accountability for algorithmic decisions. The expert helps establish frameworks that ensure the responsible and proportionate use of security technologies.

According to an analysis by the World Economic Forum, jobs related to cybersecurity and digital risk management are among the most strategic and fastest-growing fields by 2030³.

As a result, the cybersecurity expert of the future will no longer be merely a technical expert. They will become a cornerstone of organizations’ digital strategies, capable of orchestrating intelligent defense systems and ensuring a balance between technological performance, security, and accountability.

What skills does a cybersecurity expert need in the age of generative AI?

The fundamentals of the cybersecurity expert’s profession—expertise in networks, systems, security protocols, encryption mechanisms, and IT architectures—remain the indispensable foundation of the discipline. Technical rigor, the ability to analyze vulnerabilities, and an understanding of attackers’ methods remain at the heart of the practice. However, the rise of artificial intelligence, the automation of attacks, and the increasing complexity of digital environments are significantly expanding the scope of skills expected.

Cybersecurity experts must no longer simply protect a single system; they must understand hybrid technology ecosystems, monitor smart devices, and anticipate ever-evolving threats.

This transformation is redefining training, professional conduct, and the culture of the profession.

Technical and digital skills

• Understanding artificial intelligence systems applied to security: Cybersecurity experts must have a solid grasp of the machine learning principles used for anomaly detection, threat classification, and behavioral analysis. They must understand how these models are trained, as well as their limitations and potential vulnerabilities.
• Mastering complex environments (cloud, IoT, edge computing): Modern infrastructures are distributed and dynamic. Experts must be able to secure hybrid, multi-cloud, and interconnected architectures, where traditional security perimeters are disappearing.
• Analyzing automated security systems (SIEM, SOAR, XDR): Cybersecurity tools now include advanced automation capabilities. Experts must know how to configure, monitor, and interpret these systems to ensure their operational effectiveness.
• Understanding the vulnerabilities of intelligent systems: AI introduces new attack vectors, such as adversarial attacks, training data manipulation, and model poisoning. Experts must be able to identify and mitigate these new risks.

According to a McKinsey study, organizations that integrate advanced technologies into their cybersecurity systems significantly improve their ability to detect and respond to incidents⁴.

Analytical and decision-making skills

The cybersecurity landscape is becoming increasingly complex and data-driven.

• Maintain a critical mindset when dealing with automated alerts: AI systems can generate false positives or miss certain threats. The expert must retain the ability to analyze information independently.
• Interpreting weak signals and complex correlations: Modern attacks often leave fragmented traces. The expert must be able to connect these signals to identify attack scenarios.
• Making quick decisions in uncertain situations: In the event of an incident, response times are critical. The expert must quickly weigh different options—isolation, containment, monitoring—while assessing the potential impacts.

Ethical, Legal, and Regulatory Competencies

Cybersecurity is at the heart of the challenges surrounding digital trust.

• Understanding regulatory frameworks (GDPR, NIS2, AI Act): The expert must ensure that security systems comply with legal requirements regarding data protection and transparency.
• Ensuring the traceability of automated actions: In an environment where decisions can be made by autonomous systems, it is essential to be able to trace actions and understand their origin.
• Addressing issues related to surveillance and privacy: Cybersecurity tools can analyze user behavior. Experts must strike a balance between security and the protection of individual freedoms.

Interdisciplinary and strategic skills

Cybersecurity is no longer a standalone discipline; it is part of a comprehensive risk management approach.

• Collaborating with multidisciplinary teams: The expert works with developers, data scientists, legal professionals, and decision-makers. The ability to communicate effectively with these professionals is essential.
• Understanding the business implications of security: A cybersecurity decision can have a direct impact on business operations. Experts must take economic and operational constraints into account when making decisions.
• Supporting organizations’ digital transformation: Cybersecurity is becoming a strategic driver. The expert helps define security policies and foster a risk-aware culture.

According to the World Economic Forum, skills related to cybersecurity, artificial intelligence, and digital risk management are among the most in-demand by 2030⁵.

As a result, tomorrow’s cybersecurity expert will not be merely a technical specialist. They will become a key player in digital resilience, capable of managing intelligent systems, anticipating threats, and ensuring the secure and responsible use of technology.

Can artificial intelligence make cybersecurity more reliable?

One of the strongest arguments in favor of artificial intelligence in cybersecurity is its ability to improve detection, response speed, and the accuracy of analyses in the face of increasingly complex threats. By processing massive volumes of data in real time—including system logs, network traffic, and user behavior—machine learning models can identify anomalies invisible to the human eye, detect previously unseen attacks, and respond within seconds.

In an environment where every second counts, these capabilities are fundamentally transforming the way organizations protect their information systems.

Specific examples:

• Advanced intrusion detection: AI-based systems continuously analyze network behavior. They can identify anomalies, unusual connections, suspicious privilege escalations, and lateral movement—even in the absence of known signatures. These approaches enable the detection of zero-day attacks that are often invisible to traditional systems.
• Combating fraud and automated cyberattacks: In the banking and e-commerce sectors, algorithms analyze millions of transactions in real time to detect fraudulent activity. These systems can block a suspicious transaction in a matter of milliseconds, significantly limiting financial losses.
• Reduced incident response time: Platforms that integrate AI and automation capabilities can identify, analyze, and contain an attack in a matter of seconds. According to IBM Security, organizations that use automation and AI significantly reduce the time it takes to detect and respond to incidents⁶.
• Predictive vulnerability analysis: Artificial intelligence can anticipate security breaches by analyzing attack histories, vulnerability databases, and system configurations. This enables organizations to prioritize patches and reduce attack surfaces before they are exploited.
• Attack simulations and resilience testing: Companies use intelligent systems to simulate complex cyberattacks and test the robustness of their infrastructure. These simulations help identify hidden vulnerabilities and improve defense strategies.

The results are already evident. Integrating artificial intelligence into cybersecurity systems significantly improves threat detection, reduces response times, and minimizes the impact of attacks on organizations.

However, these advances also bring new challenges.

• The risk of reliance on automated systems: Overreliance on AI tools can lead to a lapse in human vigilance, increasing the risk in the event of a system failure.
• The opacity of detection models: Some systems operate like black boxes, making it difficult to understand the alerts they generate and complicating security audits.
• Attacks on AI systems themselves: Cybercriminals are developing techniques to bypass or manipulate models—such as adversarial attacks and data poisoning—which create new vulnerabilities.
• Reliance on data quality: Incomplete or biased data can reduce the effectiveness of detection systems and lead to misinterpretations.

Thus, artificial intelligence can significantly enhance cybersecurity, but it does not replace human expertise. The most resilient organizations are those that combine the power of automated systems with the analytical, decision-making, and oversight capabilities of cybersecurity experts.

What will the role of a cybersecurity expert look like in the future?

The cybersecurity expert of tomorrow will operate in an environment where artificial intelligence systems are ubiquitous and deeply integrated into organizations’ digital infrastructures. Defense mechanisms will become more autonomous, attacks more sophisticated, and IT environments increasingly distributed across the cloud, edge computing, and connected devices. In this context, the role of the cybersecurity expert will not disappear; rather, it will evolve into a role focused on oversight, strategic direction, and the orchestration of intelligent defense systems.

Several significant changes are already evident.

• The Rise of Augmented Cybersecurity: Security platforms will increasingly incorporate artificial intelligence to automate detection, event correlation, and incident response. Cybersecurity experts will spend less time on repetitive operational tasks and more on strategic analysis, interpreting weak signals, and managing complex risks.

• The emergence of autonomous defense systems: Technologies such as XDR (Extended Detection and Response) and SOAR will evolve into systems capable of making decisions in real time, without immediate human intervention. Experts will need to define the rules, oversee the actions, and ensure that these systems remain under control and aligned with security policies.

• The emergence of new hybrid roles: The line between cybersecurity, data science, and artificial intelligence will become increasingly blurred. New roles will emerge, such as AI cyberdefense architect, data-driven threat analyst, AI model security specialist, and algorithmic governance manager.

• Securing artificial intelligence systems themselves: AI systems will become targets in their own right. Cybersecurity experts will need to protect these models against adversarial attacks, data manipulation, and misuse, opening up a new field of specialization.

• Stronger collaboration between humans and machines: Cybersecurity tools will become capable of automatically generating contextualized alerts, attack scenarios, or response recommendations. The expert’s role will be to validate, evaluate, and guide these proposals within an operational context.

• Greater integration of cybersecurity into organizational strategy: Security will no longer be merely a technical issue, but a pillar of overall governance. Cybersecurity experts will play a role in strategic decision-making, risk management, and the development of digital resilience policies.

According to the World Economic Forum, jobs related to cybersecurity and digital risk management are expected to remain among the most in-demand in the coming years, due to the steady rise in cyber threats and organizations’ growing reliance on digital systems⁷.

In this environment, cybersecurity experts will no longer be merely technical specialists. They will become orchestrators of digital security, capable of managing autonomous systems, understanding complex threats, and linking technological capabilities to strategic, economic, and societal challenges.

Toward enhanced cybersecurity that remains human-centered

Artificial intelligence is profoundly transforming the way organizations protect their information systems, but it does not change their underlying purpose. It accelerates the analysis of massive volumes of data, automates threat detection, and enables the identification of anomalous behavior that is invisible to the human eye. It is shifting cybersecurity priorities: less manual monitoring, more orchestration of intelligent systems; less post-incident response, more predictive anticipation; less isolated analysis, more large-scale real-time correlation.

Yet, amid all these changes, one thing remains constant: system security is still a deeply human endeavor.

Augmented cybersecurity does not mean fully automated defense. It relies on the synergy between algorithmic intelligence and human judgment. Artificial intelligence systems can analyze millions of events, detect weak signals, and trigger automated responses. But it is the cybersecurity expert who interprets these alerts, understands their implications, and places them within an organizational, technical, and strategic context.

This distinction is crucial. A security decision is not merely an algorithmic calculation. It affects business continuity, the protection of sensitive data, the company’s reputation, and sometimes the safety of its users. It requires a thorough understanding of the risks, the potential impacts, and the trade-offs between security, performance, and user experience.

From this perspective, the role of cybersecurity experts increasingly involves ensuring the controlled and responsible use of artificial intelligence.

This includes, in particular:

• Rigorous validation of intelligent security systems to ensure their resilience in real-world environments and against evolving attacks.
• Continuous monitoring of detection models to identify drift, false positives, or loss of effectiveness due to evolving threats.
• Transparent governance of data and algorithms, enabling automated decisions to be explained and building trust in security systems.
• Constant human oversight, especially in critical situations where decisions have a direct impact on operations or users.

The rise of augmented cybersecurity also opens up significant opportunities. It helps organizations build resilience against cyberattacks, anticipate complex threats, and secure increasingly interconnected infrastructures. It can reduce response times, limit financial impacts, and improve the overall defense capabilities of digital systems.

But this transformation goes far beyond the technological aspect. It raises questions about the role of humans in an environment where security is becoming partially automated. It requires us to redefine expertise—no longer merely as technical proficiency, but as the ability to manage intelligent systems with discernment, responsibility, and strategic vision.

In a world where attacks are becoming increasingly automated, the value of a cybersecurity expert will not be measured by their ability to compete with machines, but by their ability to oversee them, interpret them, and understand their limitations.

The machine can detect things faster. The expert, however, must continue to make the right decisions.

What if, in the end, the true revolution of artificial intelligence in cybersecurity isn’t about replacing the expert, but about revealing what lies at the heart of the profession: the ability to protect complex systems in an uncertain world, where technology serves as both a defensive tool and a source of new risks.

Learn more 

To broaden your perspective and understand how AI is reshaping other professions—from human resources to finance, and from healthcare to communications—we invite you to explore our dedicated section “AI & Professions”, which analyzes the concrete impact of intelligent technologies on skills, practices, and the organization of work.

References

1. IBM Security. (2023). Cost of a Data Breach Report.
https://www.ibm.com/security/data-breach

2. Capgemini Research Institute. (2020). Reinventing Cybersecurity with Artificial Intelligence.
https://www.capgemini.com/research/ai-cybersecurity/

3. Capgemini Research Institute. (2020). Reinventing Cybersecurity with Artificial Intelligence.
https://www.capgemini.com/research/ai-cybersecurity/

4. McKinsey & Company. (2022). Cybersecurity Trends and Insights.
https://www.mckinsey.com/

5. World Economic Forum. (2023). The Future of Jobs Report.
https://www.weforum.org/reports/the-future-of-jobs-report-2023/

6. IBM Security. (2023). Cost of a Data Breach Report.
https://www.ibm.com/security/data-breach

7. World Economic Forum. (2023). The Future of Jobs Report.
https://www.weforum.org/reports/the-future-of-jobs-report-2023/