19 Feb How to Get Started with AI in Cybersecurity
For many CISOs in government agencies, AI in cybersecurity is still an abstract concept. They’ve heard the buzzwords—machine learning, anomaly detection, automated threat response—and the big claims, but translating those into a real-world strategy or practical applications feels daunting. Some have dabbled in pilot projects, applying AI-powered analytics to log files or using AI-enhanced phishing detection tools. Others are at the starting line, wary of the hype even as they recognize the potential.
As a result, a lot of organizations lag behind where they say or think they’re going to be with AI. According to Gartner research, as many as a quarter of all organizations have said every year from 2019 to 2024 that they planned on deploying AI within the following 12 months. Only 2% to 5% actually did so.
A lot of this comes down to not knowing where or how to start. So, how do you go from a cautious first step to an AI-driven cybersecurity framework that truly makes a difference?
Start with a Clear Problem Statement
The first step isn’t choosing a tool; it’s defining the problem AI should solve. AI is best at handling tasks that require large-scale pattern recognition, anomaly detection, and automation. Are phishing attacks overwhelming your security team? Is your agency struggling with zero-day threats? Do you need to speed up incident response? Identifying one or more specific pain points will help focus your AI adoption and prevent wasted effort on solutions searching for a problem.
Another way to look at this is to understand how you are not going to use AI. Don’t treat it like an “everything tool” or panacea. “To help increase the success rate, CIOs should start by helping set the organization’s AI ambition — that is, decide where and how you will use AI in the organization,” writes Gartner. “Given that today’s AI can do everything, including decide, take action, discover and generate, it’s as important to know what you will not do.”
Build a Data Foundation and Focus on Data Security
AI is only as effective as the data it learns from. Before implementing AI, CISOs must ensure their agency has clean, structured, and adequately labeled data. This means centralizing logs, normalizing data across different systems, and eliminating inconsistencies that could skew AI-driven insights. Without high-quality data, even the most advanced AI models will fail to deliver useful results.
Similarly, while traditional cybersecurity approaches have long emphasized perimeter security—securing firewalls, monitoring access points, and limiting external threats—AI-driven cybersecurity initiatives require a shift in focus: protecting the data itself. “Though protecting the institution’s perimeter is still important, focusing on an ill-defined or shifting perimeter opens an institution to a false sense of security,” says the latest Cybersecurity and Privacy report from Educause, a nonprofit association advancing the use of technology in higher education. “Regardless of where or how an institution’s data are stored, they must be protected.” In other words, a data-first approach to AI-driven cybersecurity is essential.
Pilot a Small, High-Impact Use Case
Rather than attempting an agency-wide AI overhaul, start small. One practical entry point is AI-driven threat detection, where machine learning models can analyze network traffic and flag unusual activity. Another is automating repetitive security tasks, such as log analysis or malware classification. A well-scoped pilot allows teams to test AI’s capabilities, refine the approach, and demonstrate value before scaling.
Gartner recommends that this use-case should focus on “workforce augmentation” rather than outright automation. Why? It comes down to making the best use of the strengths of both AI and human workers while minimizing the risks of each. AI excels at processing vast amounts of data and identifying patterns, but human expertise is still essential for interpreting nuanced threats, making critical decisions, and addressing ethical considerations. By using AI to enhance analysts’ capabilities—such as automating routine threat detection while allowing experts to focus on complex investigations—agencies can strike a balance between efficiency and oversight. Workforce augmentation ensures that AI serves as a force multiplier rather than a replacement.
Seek External Expertise
Few government agencies have in-house AI specialists with deep expertise in cybersecurity. Partnering with external experts can accelerate implementation and help avoid common pitfalls. Without the right expertise, agencies risk deploying AI solutions that are ineffective—or worse, introduce new vulnerabilities.
That’s a real risk. In fact, technology research and advisory firm Forrester is a rare voice downplaying the role of Gen AI in the near future. Their Predictions 2025: Cybersecurity, Risk, And Privacy report anticipates “growing disillusionment with generative AI among CISOs.” They argue that Gen AI is caught up in such a hype cycle that practical outcomes can’t match expectations.
But it’s worth asking why. Gen AI is capable of producing real gains. The issue is that it takes dedicated expertise to design and implement an effective AI program. Don’t underestimate the value of accessing expertise at the point of intersection between cybersecurity and AI. If you don’t have in-house personnel who are simultaneously experts at both, getting outside expert help can be what makes the difference between a successful AI deployment and a disappointing one.
In the end, the journey from curiosity to implementation will simply take time. But by starting small, focusing on real security challenges, and bringing in the right expertise, organizations can move from AI as a concept to AI as a critical tool in their cybersecurity arsenal. For CISOs looking to take their first real step, the key is simple: start with a problem, build on data, and bring in the right people to guide the way.
About PSL
PSL is a global outsource provider whose mission is to provide solutions that facilitate the movement of business-critical information between and among government agencies, business enterprises, and their partners. For more information, please visit or email info@penielsolutions.com.
