Humans, Machines, and the Future of Work

By Alex Thaman, CTO at Andesite

As AI becomes increasingly capable, where we are headed will be determined by the guidance and guardrails provided by those of us working in the field. How humans and AI will work together is an essential, some might say existential, question that will shape the future. 

What we need to remember is that purpose inherently shapes performance. This is true whether we’re talking about a human being, a tool or a technology. When things are engineered for a particular objective, that’s what they’re going to be best at.

This directly applies to AI, where models are optimized to meet specific goals. They’re designed to function in certain conditions and meet specific performance expectations. As we think about the future of work in cybersecurity, the challenge with AI is that our specifics are constantly evolving — new threats are always being created. The attack surface continually expands. Markets are eternally shifting.

No matter how automated your environment is or becomes, certain human skillsets – like agency and actualization – are  essential in cybersecurity.

Agency – Humans bring high levels of open-world competence to cybersecurity. While machines exist only in text and conversation, humans exist in the dynamics of the real world, impacted by all of their senses, multiple levels of goals, and regular interactions with other people. Humans have the ability to operate effectively with unsupervised, goal-directed behavior in unstructured environments. Where we can quickly think laterally, even with little data, AI requires extensive context for this kind of functioning. 

Actualization – While models focus on the prescribed goal, humans can redefine goals based on the situation to meet higher order objectives. AI models are people-pleasers by nature. We’ve trained them to be that way with human-in-the-loop reinforcements that prioritize specific answers and efficiency in delivering a response, because no one wants an AI agent to ask 20 follow-up questions all the time when given a prompt. While this is an effective way to train the model, it discourages curiosity and empathy, natural behaviors for an analytical human and essential ingredients for true actualization. Human reflection adds nuance based on context, experience, and judgment, while machines only focus on facts.

Why does it matter that humans bring a different perspective and skillset to cybersecurity? It forces us to think carefully about how we structure our approach to AI-driven cybersecurity so we can better understand the limitations and build in the guardrails that will minimize risk. 

Humans Make AI Work 

Humans must always oversee AI, especially in the SOC. AI systems can sound authoritative while skipping the careful reasoning their answers seem to rest on. They may be able to guess well based on the data they’ve seen, but because their processes are grounded in intuition, AI can have trouble deeply explaining why. It may offer a surface explanation, but humans are much better at introspection where past significant experience comes into play. 

AI can absorb large amounts of context and relate it directly to risk and value. But you need humans in the equation, reviewing that context and layering in reasoning, ensuring procedures are followed, and providing the meta-analysis (analyzing patterns of analysis) that aligns efforts towards broader goals. Additionally, you want a human accountable for the result, as accountability shapes behavior more for humans than machines. This makes having a human at the helm essential for AI in SecOps. 

While machines can gather information, correlate it to itself, and present recommendations, humans have a much broader, global context, and can better align that context with organization goals, which may require balancing many human incentives and thinking patterns. Collaboration between humans and machines is the way forward.  

One area of information that’s hard for AI to gather is business context, at both the corporate and industry levels. AI lacks the ability to effectively gather this essential layer of insight that directly impacts outcomes, as it is not always written or accessible to machines. Actual, lived experiences by individuals and communities also add unique perspective and depth that only humans can grasp. Similarly, AI cannot perform reasoning around corporate risk. This kind of systems-level thinking is best powered by human curiosity.

Humans can look at and absorb what’s happening in the industry, what they have experienced in the past, what’s shaping the economy. They have inherent knowledge about the pressures the business is under and how the world is evolving. At the same time, humans have their limitations. It’s simply not possible for people to gather, condense, and evaluate available data at scale fast enough, and our inherent biases tend to intervene.   

Human-AI Collaboration

This is why human-machine collaboration is the superior approach. For the best possible outcomes, you need the best of both worlds, especially amidst the complexity of SecOps. Humans can look at the broader context and point machines in the right direction, showing the AI what’s important and where it should go looking for things. The machines are good at executing on that direction at speed and scale. 

In addition, humans provide the essential ability to course correct. What often makes AI systems frustrating is that people don’t feel like they have any control over the system. They don’t have visibility and they don’t have the ability to make changes easily. It’s human nature to want to correct an issue when you see it. And the expectation is that you’ll be able to see the improvement quickly.

This is where humans and AI working in concert is invaluable in cybersecurity. In some situations, AI can get stuck, unable to work its way out or ask for help. You need a human in the loop to redirect and correct the system quickly. 

Humans also are aware of how constraints and resource limitations are affecting operations. Machines have no capacity for the nuance that human reflection can bring to a situation. They learn facts, but lack empathy, an unexpectedly essential factor in SecOps applications.

Accountability Matters

When it comes to cybersecurity environments, AI black boxes are never the answer. You must always have a way to verify conclusions and follow the data chain, because when facing a major incident, you need to know what happened, why, and how.

The responsibility and accountability that human oversight provides is essential. Not a single CISO our team has spoken to thinks the AI should be the accountable party. There’s no precedent for a machine being held responsible in the event of an incident, and for good reason. 

Machines should not be our peers. Human learning paths incorporate the ability to respond to pain signals and rewards. We have the unique capacity to determine objectives, purpose, and path appropriateness. Machines, on the other hand, are more transactional. They don’t have feelings around consequences the way humans do. 

If we give AI the room to come up with its own objectives, there’s a huge risk that it will ultimately not be able to be constrained. By keeping accountability with humans, technology remains grounded in societal norms. While we may someday have access to robust cyber-insurance that completely covers AI issues, we’re still a long way from that. Today, when an AI system takes an action, there has to be a person who’s accountable, a proverbial “throat to choke.”

This makes the guardrails for AI in SecOps environments an essential consideration. In the cyber world, if you get it wrong, a company can disappear. Customers can be hurt. The outcomes are very real, and very serious. To be effective, AI has to decrease organizational risk. Greater efficiency with a net increase in risk simply won’t cut it. 

Humans at the Helm

In mission critical scenarios like cybersecurity, humans bring essential skills and guardrails to the application of AI. There are many things we could be doing with AI, but the bigger question is what should we be doing with it. 

Any AI system is inherently a reflection of its creator, their beliefs, values, and intent. This is why, from our inception, Andesite has put humans at the helm. We use AI to empower SecOps teams, never to replace them. We believe humans must always be the guides, the steady hand that keeps AI systems pointed in the right direction and working towards the right multi-level goals. 

One thing we definitely don’t want is machines that decide their own intent or purpose, without at least some supervision. Whether your reference is  2001: A Space Odyssey or WarGames, we’ve seen this kind of abdication of responsibility play out fictionally — and it never ends well. Anthropic released an article exploring what it means for AI to build itself. As today’s models continue to learn and improve on their own, the responsibility for keeping that evolution aligned with broader, agreed upon goals must reside with humans.

AI is an incredible resource for deriving insights, but human oversight is essential. In cybersecurity, context is everything. AI has the power to bring that context to the fore quickly and thoroughly. But ultimately, SecOps decision making demands the breadth and nuance of human thought and consideration.

About Alex Thaman
Over a 20+ year career, Alex has been an engineering leader at Microsoft, Unity Software, and Scale AI. At Microsoft, Alex worked on compiler technologies before transitioning to AI. He helped develop Xbox Kinect, Hololens, and Microsoft’s Speech platform. As Chief Architect and Manager for Computer Vision at Unity Software, he developed and led an engineering and product team that worked to simplify the creation of synthetic data to train and test computer vision models. Alex holds a BS with a double major in Computer Science and Math from Purdue University.