|
 |
The first generation of security automation promised to eliminate repetitive work. Security orchestration, automated playbooks and machine learning-assisted detection all aimed to help analysts process larger volumes of alerts without increasing headcount. For much of the past decade, however, these systems remained firmly under human control. They could enrich alerts, execute predefined workflows and recommend actions, but the final decision almost always rested with a person.
By 2026, that distinction is beginning to disappear. Artificial intelligence has become more than another security tool. Across security operations centres (SOCs), vulnerability management teams and incident response functions, AI systems are increasingly performing tasks that previously required human judgement. Analysts are no longer asking AI to summarise events or explain suspicious behaviour. They are asking it to investigate incidents, prioritise risks, recommend containment strategies and, in carefully controlled circumstances, take action without waiting for human approval.
 |
This does not represent the replacement of cybersecurity professionals. Instead, it marks the transition from automation to autonomy. Rather than defining every individual step within a workflow, security teams increasingly establish objectives, constraints and levels of authority, allowing intelligent systems to determine how best to achieve those outcomes.
For organisations facing expanding attack surfaces and persistent skills shortages, autonomous security has become less of a technological curiosity and more of an operational necessity.
As, a part of this, that means discussing that social engineering is about manipulating people’s emotions and that we must identify the susceptibilities that hackers use to exploit people.
 |
This NINJIO Insights Report dives into the key emotional susceptibilities that make social engineering work and offers concrete steps that your security team can take to equip your workforce to resist cyberattacks.
When Automation Reached Its Limits
In the first article in this series, we explored how AI transformed software development through vibe coding. This second article examines the corresponding transformation inside the security operations centre, where AI is increasingly becoming an operational participant rather than simply another tool.
Security operations have struggled with scale for years. Enterprise environments generate millions of security events every day. Endpoint detection platforms, cloud security tools, identity providers, firewalls and application monitoring systems continuously produce telemetry that must be analysed, correlated and prioritised. While advances in automation reduced much of the repetitive administrative work, the overall workload continued to increase.
Traditional automation performed well when workflows were predictable. A suspicious email could automatically be quarantined. A malware hash could be blocked across endpoints. Known indicators of compromise could trigger predefined investigations.
The difficulty arose when incidents became more complex. Sophisticated attacks rarely follow linear paths. They involve multiple identities, cloud services, compromised credentials, legitimate administration tools and behaviour that appears benign when viewed in isolation. Understanding these attacks requires context, reasoning and the ability to evaluate competing explanations—tasks that conventional automation struggled to perform effectively.
At the same time, security teams found themselves responsible for increasingly diverse technology estates. Cloud-native applications, SaaS platforms, hybrid infrastructure and AI services introduced new sources of telemetry without reducing existing responsibilities. The result was familiar across the industry: more alerts, more tools and greater operational complexity.
Most security professionals understand that OT threats are real. Far fewer have had the chance to open an OT malware sample, examine how it works, and understand what it means for critical infrastructure defense.
 |
Join Filipi Pires on 3rd July, 2026 for a free one-hour virtual session that introduces attendees to the world of OT malware through one of the most significant industrial cyberattacks ever observed: Industroyer. And, even better, it’s entirely free.