The writer is a Cyber risk expert and researcher in Law and technology trends: NJ passi
The Digital Arms Race and the Need for Balance 👇
In the current digital era, where information systems are the lifeblood of businesses, governments, and critical infrastructure, cyber attackers (Black Hats) leverage artificial intelligence (AI) to enhance the efficiency of their attacks. AI-based tools enable them to identify code vulnerabilities, generate personalized attacks, and adapt strategies at an astonishing speed. However, the scalable counter-solution is the development of AI systems that empower human capabilities on the defense front: accurate vulnerability detection, high-quality fix suggestions, and acceleration of analysis processes in complex environments like Security Operations Centers (SOCs). This post, based on current trends and up-to-date research, examines how AI systems are becoming an essential tool for organizational cyber defenders. From organizational security teams to security researchers and maintainers of open-source software, as well as risk managers shaping long-term defense strategies, all require these capabilities. I will focus on the rationale visible today, with an emphasis on investments in development and their impact on the field, including changes in workforce structure in the industry, as seen in current trends.
👉 Directions of LLM Companies and Security Companies
Large AI companies (LLMs) like Anthropic are leading the shift to AI-based cyber defense, focusing on specific defensive tasks. In their latest article, Anthropic introduced Claude Sonnet 4.5, an AI model specializing in code vulnerability detection, fix creation, and network analysis, while avoiding any enhancements that favor offensive activities like writing malicious software. (https://red.anthropic.com/( The model achieves faster and more comprehensive results than humans; for example, it solved CTF (Capture-the-Flag) challenges in just 38 minutes, compared to an hour or more for human experts. The model detects new vulnerabilities in 33% of open-source code projects.
This is part of a broader trend where LLM companies are investing in defensive research to balance the advantage attackers gain from AI systems, as seen in disruptions created by Anthropic against cyber operations using AI for data fraud or espionage.
This trend is spreading to additional AI companies. For example, Google launched "A Summer of Security" in July 2025, an initiative including the Big Sleep agent for faster code vulnerability detection and the Google Unified Security platform that integrates data checking, threat intelligence, unified SOC, and AI-based automation. OpenAI, for its part, published a report in June 2025 on disruptions it created against malicious uses of its AI model, including collaboration with the U.S. Department of Defense to enhance AI capabilities in cyber defense. This defense emphasizes preventing AI exploitation by authoritarian regimes.
These companies are partners in the trend of focusing on defensive development, while integrating AI into existing tools to empower cyber defenders and information security.
At the same time, traditional security companies are integrating LLMs and AI into SOC management systems to achieve maximum control over incident analysis. For example, Palo Alto Networks completed the acquisition of IBM's QRadar SaaS assets in 2024, strengthening its Cortex XSIAM platform through integration of advanced SIEM capabilities.
This acquisition advanced SOC capabilities to address new issues like advanced AI threats and automation in threat detection, making Palo Alto a key player in the market. Not only due to internal AI development but also seamless integration with existing systems, enabling major wins already in 2025. Splunk, which currently dominates the SOC systems market as a leader in SIEM, emphasized in its State of Security 2025 report the need for a smarter SOC.
59% of organizations report that AI systems improve SOC efficiency. Along with automation of threat detection and reduction of alert fatigue states, while integrating platforms like Cisco Data Fabric. This, through machine learning integration for real-time identification of important security events. This trend is based on a practical need for AI systems that enable faster and more comprehensive analysis than a professional human and reduce incident response time by approximately 44%, in cases as examined in HackerOne cyber incidents.
👉 Use Cases - AI as a Human Empower
AI does not replace organizational cyber defenders but empowers them in specific tasks. Here are examples based on current implementations:
- Vulnerability Detection and Fixing in Code - In the DARPA AI Cyber Challenge, teams used LLM models like Claude to analyze millions of lines of code, identify new vulnerabilities, and create fixes, including those integrated into open-source software. AI scans code at a high scale, offers precise solutions, and reduces fix time from days to just a few hours.
- SOC Automation, Real-Time Threat Detection - CrowdStrike uses the Falcon AI platform to detect anomalous behaviors in endpoints, cloud access, and data, and responds automatically to threats. For example, it analyzes network traffic and dismantles malicious software, with a 76.5% success rate in Cybench challenges, double that of previous models. This allows SOC teams to focus on strategy instead of manual analysis.
- Organizational Risk Management, Vulnerability Exploitation Prediction - Microsoft Security Copilot uses AI to predict which vulnerabilities will be exploited based on trends and offers tailored fixes. For open-source maintainers, Darktrace provides behavioral analysis that detects vulnerabilities in WiFi and cloud systems, while providing repair recommendations.
- Incident Response - Triage Automation - SentinelOne integrates AI for zero-day detection and automatic response, including endpoint isolation. This reduces damage by 50% on average.
👉 Mapping of Leading Global Companies - Impact and Investments
Investments in AI for cyber defense surged in 2025, with a forecast of 5-7 trillion dollars in global economic trends. AI is becoming a leading investment target in security budgets. 74% of organizations report seeing positive impact from AI technologies in their organization (www.pwc.com). This highlights that AI systems are the top investment priority, also to address workforce shortages and increase operational efficiency. Below is a table mapping key global companies:
See table:
|
Company |
AI Focus |
Example of Impact |
Investments/Trends 2025 |
|
Anthropic (Claude) |
Vulnerability
detection and code fixing |
Partnership
with CrowdStrike and HackerOne, 44% reduction in response time |
Investment
in defensive research, AI-based threat disruptions |
|
Palo Alto Networks (Cortex XSIAM) |
SOC
automation and threat detection |
QRadar
SaaS acquisition, automatic alert enrichment, AI model protection |
Dominance
in AI-security market, 30% growth in AI investments, major SIEM wins |
|
CrowdStrike (Falcon) |
EDR
and behavioral analysis |
Cloud
threat detection and AI workloads, 76.5% success in CTF |
Native
AI platform, investments in AI security on AWS |
|
Darktrace |
Behavioral
analysis and prediction |
Azure
protection, anomaly detection in data |
Leading
predictive AI, partnerships with Microsoft |
|
SentinelOne |
Endpoint
protection and automated response |
Zero-day
detection, cloud identity management |
8
leading AI-security companies, growth in AI EDR |
|
Microsoft (Security Copilot) |
Risk
prediction and fixing |
Integration
with Azure, vulnerability trend analysis |
Top
investment target, 55% IT efficiency improvement |
|
Google (Big Sleep & Unified Security) |
Vulnerability
detection and unified SOC |
"Summer
of Security" initiative, AI automation |
Investments
in defensive AI, Growth Academy for expansion |
|
Splunk |
SIEM
and smart SOC |
State
of Security 2025, tier-1 automation |
SOC
market dominance, 59% AI efficiency improvement |
|
OpenAI |
Disruption
of malicious uses |
June
2025 report, DoD collaboration |
Focus
on preventing AI threats, built-in security |
Investment trends are emphasizing a shift to unified AI platforms, with a focus on SOC automation and protection of AI itself, as seen in organizations investing in customer support and IT efficiency improvements through the use of AI.
👉 Change Index - AI Efficiency vs. Humans and Workforce Structure Changes
As investments in AI development for cyber defense grow—with AI as the top budget priority—the change index becomes dramatic: 56% of organizations report improvement in threat prioritization capabilities, and 51% in enhanced SOC efficiency. AI systems are more efficient than humans in several metrics: analyzing massive data volumes in real-time (e.g., Google's Big Sleep detects vulnerabilities several times faster than a human expert), reducing human errors by 30-50%, and automating tier-1 tasks. The system responds to threats on a global scale without signs of fatigue in detection. However, AI requires human oversight for complex strategies. (https://mixmode.ai))
This change will profoundly impact the future workforce structure in cyber defense and information security departments. 52% of experts predict impact on entry-level hiring, with automation of basic tasks freeing analysts to focus on tier-2/3 (deep investigation and strategy) (www.isc2.org). Splunk reports that its SOC automated tier-1 without layoffs, but by reallocating workforce to higher-priority tasks – increasing efficiency by 43%. However, 46% of employees fear job loss, and 50% are concerned about AI accuracy risks. Organizations that invest more will see a shift to an "AI-savvy" workforce – experts combining AI with human judgment – which will reduce talent shortages by 30% and improve threat response by 55%.
👉 AI as a Partner in "Scalable Defense"
Building AI for cyber defense is not futurism; it is a current reality that balances the arms race. By empowering defenders through accurate vulnerability detection, SOC automation, and fix suggestions, we enable security teams, researchers, and risk managers to focus on implementing organizational defense strategy. The following investments in the field, around 5 trillion dollars and the expected impact, indicate acceleration in development in the field, but the emphasis must be on data-based implementations, as led by Anthropic, Google, Palo Alto, and Splunk. That is, not investing in unproven futuristic technologies, but focusing on practical applications based on real data: research, experiments, and measurable metrics.
