Eight in 10 security pros use unauthorized AI tools, survey shows

Call it AI on the DL: The vast majority of cybersecurity workers have used an AI tool of some sort without authorization at work, according to a recent survey commissioned by cloud security platform Devo. Eighty percent of 200 IT security professionals admitted to using such a tool, while a further 23% said they were aware a colleague had done so.

The survey doesn’t identify which tools respondents used, so it could refer to anything from network threat analysis and malware detection software to padding out reports with ChatGPT-style text generators. But 78% said they felt their organization would request that they cease use of the software if they became aware of it—at least until a risk assessment could be carried out.

Devo CEO Marc van Zadelhoff told IT Brew he thinks the poll results show widespread dissatisfaction with the state of automation in security operations centers (SOCs).

“So, 96% of these professionals said they just weren’t satisfied with the tool set available today,” van Zadelhoff said. “Forty-two percent said those tools just weren’t flexible enough. Other ones said the costs were [prohibitive] to use them.”

The Devo survey found that cybersecurity workers are eager for more SOC automation—around half said it would help them with incident and landscape analysis, threat detection and response, and new threat mitigation and prediction. Common complaints about the current degree of SOC automation included limited scalability/flexibility (42%), high costs (39%), and difficulty with integration (37%). Nearly 8 in ten said their organization used AI tools for IT asset inventory management in 2022, while 59% said AI was in use for threat detection.

“If you’re a security analyst, you’re dealing with sometimes hundreds of alerts coming in a day,” van Zadelhoff said. “Anything you can do to get through that data and get a faster answer helps you.”

Automation is “reducing the mean time to response from hours down to minutes on any particular alert that you’re looking at,” he added. High rates of AI use in asset inventory management—the process of providing a full accounting of devices in use across an organization and their status—may reflect that it is a very complex and time-consuming process without automation, according to van Zadelhoff.

Unauthorized use of SOC tools falls under the umbrella of “shadow IT,” or the deployment of programs and devices without authorization from the IT department. Many of the respondents to the Devo poll, however, would presumably be among those workers responsible for detecting the use of unapproved software. Van Zadelhoff warned cybersecurity professionals that using such automation tools might be uploading sensitive data to websites providing it.

“I mean, we’ve been able to detect websites employees go to for years, whether it’s gambling, porn, or, shadow IT—AI, in this case—and to the point of the survey, most people realize companies aren’t going to do anything about it,” van Zadelhoff told IT Brew. “So, 78% [said] they would stop it if discovered, but most people realize they’re probably not going to really pay attention to this data. It’s too hard.”—TM