If you read security-product marketing in 2026, every product is "AI-powered." If you read independent product analysis, the picture is more interesting: some categories of security tooling have been genuinely transformed by machine learning, others have been mostly relabelled, and a few have absorbed AI in ways that are quietly dangerous.
A category-by-category assessment, with the goal of separating genuine capability from marketing.
Where AI has substantially changed the game
Email security and phishing detection. Modern email filters use deep learning on email content, sender behaviour, link analysis, and historical patterns to catch phishing that signature-based filters miss. Microsoft Defender for Office 365, Proofpoint, Abnormal Security, and Mimecast have all moved from rule-based to ML-driven detection over the past five years. Abnormal Security in particular built a credible product around behavioural ML for business email compromise. The improvement is measurable; phishing detection rates against modern AiTM kits and BEC attempts are meaningfully higher than they were in 2019.
Endpoint malware detection. Static and dynamic analysis using ML have largely replaced signature-only AV. CrowdStrike, SentinelOne, Microsoft Defender, Sophos, and others run ensemble ML models that classify previously-unseen binaries with reasonable accuracy. The gap between ML-driven EDR and signature-only AV is real and material; the gap between competing ML-driven EDRs is smaller and harder to demonstrate.
Network anomaly detection. Darktrace, Vectra, ExtraHop, and similar use unsupervised learning on network telemetry to flag deviations from baseline. The category has matured; false-positive rates are workable; high-entropy environments still produce noisy alerts. Useful in mature SOCs that can triage; less useful in environments without analysts to review.
Vulnerability prioritisation. EPSS (covered separately) is a credible ML deployment in security. Tenable, Qualys, Rapid7, and others use ML to predict exploitability and prioritise patching. The signal is real and the consensus among security teams that have adopted it is positive.
Behavioural authentication and fraud detection. The fraud-detection industry has been ML-native for over a decade. Cardholder-not-present fraud, account takeover, and synthetic identity detection are areas where ML is the dominant defensive technology and signatures have been obsolete for years.
Where AI has been added but not transformative
SIEM. Splunk, Elastic, Sumo Logic, Microsoft Sentinel, and the rest have integrated ML for anomaly detection, alert clustering, and correlation. The improvement is incremental; the underlying ergonomics of SIEM (data volume, schema chaos, alert fatigue) are not solved by ML. The "AI SIEM" marketing oversells what is in practice a pattern-matching layer with some ML enrichments.
Vulnerability scanning. Pure scanning has not been transformed by AI; the underlying signature databases and exploitability tests are still the main work. ML adds value in prioritisation and correlation but the discovery layer is largely classical.
Threat intelligence. ML-assisted enrichment, clustering, and correlation are useful but not revolutionary. Most of the heavy lifting in threat intelligence is still done by human analysts; ML accelerates rather than replaces.
GRC and policy automation. Some incremental ML for policy mapping, control evidence collection. The category remains heavily manual.
Where AI has been actively over-claimed
"AI-powered firewall." A firewall that uses ML for application classification or threat detection is incrementally better than one that does not. It is not a fundamentally new category. The marketing premium is large; the security premium is small.
"Generative AI security copilot." Tools that summarise alerts, draft incident reports, or suggest remediations using LLMs. Useful productivity aids; do not change the underlying security posture. The risk: false confidence in LLM-generated explanations that paper over rather than illuminate complex incidents.
"Autonomous response." Marketing claims that an AI system can investigate and contain incidents without human involvement. The technology is not at this level. Automated response is real for narrow, high-confidence scenarios (block known malicious IPs, isolate confirmed compromised hosts) but fully autonomous incident handling is not credible in 2026.
Generic "AI/ML" labels on products that have not changed materially. The most common form of marketing inflation; some products quietly added small ML components and rebranded entire offerings around them.
Where AI is quietly dangerous
LLM-driven security automation that is not bounded. Granting an LLM agent access to production systems for "automated remediation" without strict capability boundaries is the same prompt-injection risk discussed in the separate post, applied to a security context. An attacker who can inject a prompt into the agent’s context can cause real damage.
ML-driven anti-fraud that produces unexplainable rejections. Banks and payment processors increasingly use ML models that reject transactions or accounts without providing explanation. Fair-lending and accessibility consequences are real. The Consumer Financial Protection Bureau and EU regulators have begun to push back.
ML-driven biometrics with insufficient security review. Voice authentication and face authentication have well-documented adversarial-example vulnerabilities. Banks deploying voice authentication on customer service lines have repeatedly been embarrassed by simple voice-cloning attacks. The 2023 Vice demonstration of bypassing Lloyds and other UK banks’ voice biometrics with AI-cloned voices is the canonical case.
Threat-intelligence "AI summarisation" that introduces hallucinated facts. LLMs summarising raw intelligence reports occasionally invent indicators, attribution, or events. Downstream consumers treat the summaries as authoritative. This is a real risk that has materialised in published threat reports more than once.
A pragmatic framing for procurement
When evaluating a security product that markets AI:
Ask which specific decisions are made by ML and what the model is trained on. The honest answer is short and specific; the marketing answer is long and vague.
Ask for false-positive and false-negative rates on representative data. Real ML-driven products can produce these numbers; marketing-driven products cannot.
Ask what happens in the failure mode. A SIEM with an ML correlation feature that fails should still function as a SIEM. A product whose entire functionality depends on a model that occasionally hallucinates is a different risk profile.
Ask whether the model is updated in response to new threats and on what cadence. Detection ML models that are static are decaying constantly.
Ask whether independent benchmarks exist. MITRE ATT&CK Evaluations, ICSA Labs, AV-Test, and a few others publish independent comparisons; vendor-provided benchmarks should be discounted.
The longer trend
ML is genuinely changing the operational reality of cybersecurity in two specific directions: detection at scale (catching subtle patterns in high-volume data), and analyst productivity (reducing the cognitive load of alert triage and report drafting). It is not changing, and probably will not change in the foreseeable future, the underlying threat-and-defence dynamic. Attackers continue to find new techniques; defenders continue to chase. ML moves the bar; it does not eliminate the asymmetry.
The threat side is also adopting ML. LLM-assisted phishing, ML-assisted vulnerability research, and adversarial-ML attacks against defensive models are all real in 2026. The arms race is now operating across both sides.
The right framing for security teams: AI in cybersecurity is a useful and increasingly important capability, applied unevenly across product categories, and not a strategy in itself. The products that work well, work well for specific reasons that the vendor can explain. The products that do not, often cannot.
NIST’s AI Risk Management Framework, the OWASP guidance, and CISA’s emerging AI security advisories are the credible public references. Use them. Discount the marketing.