ISC2’s new paper Artificial Intelligence and Real Consequence: Operational Perspectives from the Cybersecurity Community discusses the practicalities of applying AI-led automation to cyber operations.
As we have noted before, this approach is nothing new, but just because the concept has been around for some time this does not mean we now consider it to be straightforward, well established or universally acceptable: in fact, as one participant in its construction noted, the existence of AI in the cyber industry can actually increase the pressure on security professionals by way of escalating expectations of ever increasing productivity in the field.
Readers of the paper will gain an understanding of how the landscape is evolving, particularly with regard to where and how decisions are made, and they will be reminded of where responsibility ends and accountability begins – and how the different concepts can be applied when AI tools are involved in the automation of cyber operations and responses. The paper talks about the “unaccountable machine.” Do we really want to stand in front of our senior managers trying to explain that it is not our fault that the AI wrongly decided to shut down something vital in the interests of what it perceived as a security alert? If not, how do we deal with where accountability lies?
Speed is another key area of interest: AI can make very intelligent – but not always correct – decisions at a speed that a few years ago would have been impossible to imagine, which means that (as the contributors note): “Errors can propagate across systems before they are detected.”
Decisions and judgment are another core topic. How do we justify a decision made by an AI machine, and how do we defend it if we need to? Equally important is the exploration of how to deal with what the paper terms the “Judgment Gap” (the tendency for many to follow unquestioningly what the AI is telling us, and to accept what it is doing for us) rather than validating outputs before using them. The reader will be led to consider how to manage the trade-off between letting the AI machine do things quickly and the value (or downside) of allowing such rapid decisions.
Finally there are some observations about how governance is clearly lagging behind the growth of AI in cyber automation, with more views of how we can deal with that and mitigate the risk of falling foul of policies, rules and regulators. The topic is aligned with the context of some March 2026 research that revealed a disappointing proportion of organisations that admitted they do not have formal AI governance in place.
The take-aways from the paper are practical actions that the reader can take in order to face the challenges they will inevitably recognize when they read it. As the text puts it, it is “preparing practitioners for evolving expectations”.
By and From Our Members’ Peers
These papers are constructed from member input and comments obtained via surveys, workshops and direct conversation. The insights in this paper are from 10 cyber professionals in a variety of roles, industries and operating environments, including SecOps, engineering, governance and risk management, and leadership. Their experience comes from the public and private sector, and from critical infrastructure organisations.
If you are an ISC2 member or associate you can access the paper by signing into your account, visiting the Member Benefits link, and selecting the Resources filter at the top of the page. Or you can visit the Peer-Sourced Guidance Documents page to view this and the other papers developed by ISC2 members.
