Skip to main content
Hashnodeshesecures

Command Palette

Search for a command to run...

Understanding AI: The Technology Everyone Talks About But Few Really Explain

Updated
7 min read
Understanding AI: The Technology Everyone Talks About But Few Really Explain
M
Megha BL

Security operation centre analyst | Vulnerability management and penetration testing (VAPT) | Qualys Compliance | Cloud security

Part of seriesArtificial Intelligent (AI)

I remember sitting in a SOC war room in 2019, staring at a QRadar dashboard flooded with alerts, wishing something — anything — could help me triage faster. A senior colleague leaned over and said, "Soon, AI will do this for you." I half-laughed. It felt like science fiction.

Six years later, AI isn't science fiction. It's in our SIEM platforms, our vulnerability scanners, our threat intel feeds, and honestly — in almost every tool we touch. And yet, when someone asks "but what actually IS AI?" — the room goes quiet.

This post is for that question. Whether you're a student stepping into cybersecurity for the first time, or a practitioner who's been in the game for years — let's actually understand AI together, from the ground up.

So, What Is Artificial Intelligence?

At its simplest, Artificial Intelligence is a machine's ability to perform tasks that would normally require human intelligence — things like recognizing patterns, understanding language, making decisions, or predicting outcomes.

Think of it this way. When you look at a login attempt at 3 AM from a foreign IP on an account that never travels — your brain flags it. You draw on experience, context, pattern recognition. AI tries to replicate exactly that kind of reasoning, but at machine speed and scale.

The term "AI" was first coined back in 1956 at a Dartmouth conference. But what we're living through now — the ChatGPT, the AI-powered SIEMs, the autonomous vulnerability scanners — is decades of research finally reaching a tipping point.

The Three Types of AI (And Why It Matters)

Not all AI is the same. This distinction matters a lot, especially in cybersecurity.

1. Narrow AI (ANI — Artificial Narrow Intelligence)

This is the only type of AI that actually exists today. It's built to do one specific thing — and it does that thing very well.

Tool, You Know The Narrow AI Behind It
QRadar / Microsoft Sentinel Anomaly detection & alert correlation
Qualys VMDR Vulnerability risk scoring & prioritization
CrowdStrike Falcon Behavioral threat detection
ChatGPT Language understanding & generation
Google Translate Language translation

Narrow AI is powerful within its lane. But ask your antivirus to write a poem, and it'll have nothing to say.

2. General AI (AGI — Artificial General Intelligence)

This is the AI of science fiction — a machine that thinks, reasons, and learns across any domain the way a human does. It doesn't exist yet, though it's what a lot of research is working toward. When it arrives, it will fundamentally change everything — including security.

3. Super AI (ASI — Artificial Super Intelligence)

Beyond human-level intelligence in every possible domain. Entirely theoretical. The stuff of both exciting possibilities and serious ethical debate.

The takeaway: When someone says "AI" in a security conversation today, they always mean Narrow AI. Keep that mental model clear.

How Does AI Actually Learn?

This is where people's eyes start to glaze over. Let's fix that with a simple breakdown.

Machine Learning (ML) — Learning from Data

Traditional programming is you write rules, the machine follows them.

Machine Learning flips it: you give the machine data, it figures out the rules itself.

Imagine you're training a spam filter. Instead of writing rules like "if the email contains 'free money', mark as spam" — you feed it 100,000 examples of spam and legitimate email. The ML model learns the difference on its own. Then when a new email arrives, it applies that learned understanding.

In security, ML powers:

  • Behavioral baselines (what does "normal" network traffic look like for this org?)

  • Anomaly detection (what just broke that pattern?)

  • Risk scoring (how dangerous is this vulnerability in our specific context?)

Deep Learning — Layers of Understanding

Deep Learning is a subset of ML that uses neural networks — loosely inspired by the human brain — with multiple layers of processing. Each layer extracts increasingly abstract features from the data.

A simple example: when detecting a phishing page, one layer might learn to recognize "this is a login form," the next learns "the domain doesn't match the brand," the next learns "the SSL certificate is 3 days old." Together, those layers conclude: phishing.

Deep Learning is what powers image recognition, voice assistants, and increasingly — advanced threat detection.

Generative AI (GenAI) — AI That Creates

This is the category that exploded in 2023 and hasn't stopped since. Generative AI doesn't just analyze — it creates. Text, code, images, audio, synthetic data.

Models like GPT-4, Claude, and Gemini are Large Language Models (LLMs) — trained on enormous amounts of text, they understand and generate human language with remarkable fluency.

For security professionals, GenAI is:

  • A report drafting assistant

  • A code review partner

  • A threat intelligence summarizer

  • A training content generator

  • And, as we'll discuss in a future post — a double-edged sword

A Quick Map of the AI Landscape

Where AI Is Genuinely Helping Security Teams

Let's get practical. Here's where AI is making a real difference right now — not hypothetically, but in tools practitioners use daily.

Threat Detection & SIEM

Modern SIEM platforms like Microsoft Sentinel use ML to build behavioral baselines for users and entities (UEBA). Instead of a rule that says, "alert if login outside business hours," the AI learns what normal looks like for each user — and flags deviations from that. The result is fewer false positives and better signal quality.

QRadar's AI-assisted correlation can surface attack chains that a rigid rule set would miss entirely — connecting a reconnaissance event on Monday to a lateral movement attempt on Thursday.

Vulnerability Management

Qualys VMDR's TruRisk scoring doesn't just report CVE severity — it layers in threat intelligence (is this being actively exploited in the wild?), asset criticality (is this a production database or a dev box?), and environmental context. That's an AI-driven prioritization engine helping teams focus on what actually matters, not just what scores highest on CVSS.

SOC Automation & Alert Triage

The average SOC receives thousands of alerts daily. AI-driven SOAR platforms can automatically triage, enrich, correlate, and in some cases — close low-risk alerts entirely without human intervention. This frees analysts to focus on genuine threats.

Threat Intelligence

AI can ingest and correlate threat feeds, dark web signals, and IOC databases at a scale no human team can match — flagging relevant intelligence specific to your industry, geography, or tech stack.

The Defender's Advantage — For Now

The honest truth is this: AI gives defenders capabilities they've never had before.

  • Speed: Threats that used to take days to detect can surface in minutes

  • Scale: One analyst backed by AI can do the work that previously required a team

  • Context: AI can correlate signals across massive datasets that humans simply cannot hold in their heads

  • Consistency: AI doesn't get tired, doesn't have bad days, doesn't miss alerts because it was distracted

For a BFSI environment — where the threat landscape is relentless and compliance requirements are unforgiving — AI isn't optional anymore. It's a force multiplier.

But Here's the Thing...

Every powerful tool cut both ways.

The same capabilities that help a SOC analyst detect threats faster? They're available to attackers too. The same GenAI that helps you write a threat report? It can write convincing phishing emails. The same autonomous agents that automate your vulnerability scanning? They can automate an attack campaign.

In our next post, we're going to go there — the risks, the hallucinations, the attacker playbook, and what it means for how we defend.

Because understanding AI completely means understanding both what it can do for us, and what it can do to us.

Key Takeaways

  • AI is an umbrella term — today's AI is Narrow AI, built for specific tasks

  • It learns through Machine Learning, refined through Deep Learning, and creates through Generative AI

  • In cybersecurity, AI is already powering SIEM, VM, SOC automation, and threat intel

  • The defender's advantage is real — but it's not one-sided

#cybersecurity#womenintech#ai

Comments

Join the discussion

No comments yet. Be the first to comment.

Artificial Intelligent (AI)

Part 1 of 3

AI is everywhere — in the tools we defend with, in the tools attackers are weaponising, and in every headline that makes security feel more overwhelming than ever. But how many of us have actually stopped to understand it — not the buzzwords, not the vendor slides, but what AI really is, how it works, and what it means for the people defending organisations every day? This three-part series is my attempt to answer that question honestly. We start with the fundamentals — what AI actually is, the types, how it learns, and where it's genuinely helping security teams right now. Then we go to the uncomfortable side — hallucinations, Shadow AI, attackers using the same tools we rely on. And finally, we talk about the shift that changed everything: how AI went from answering questions to taking actions on its own. No hype. No jargon for the sake of it. Just a practitioner trying to make sense of a technology that's reshaping everything we do — written for anyone who wants to understand it, whether you're just starting out or have been in the field for years. Because in security, understanding your environment is always the first step.

Up next

The Dark Side of AI: Hallucinations, Attacker Playbooks, and What Defenders Must Know

A talk about threats and risks of AI

More from this blog

shesecures

27 posts

Welcome to SheSecures.in!

Dive into the world of cybersecurity with expert tips, latest threats, practical advice, and industry insights to safeguard your digital life. Stay informed, stay secure!