The AI Cybersecurity Gap Between Attackers and Defenders  | eSecurity Planet

The AI Cybersecurity Gap Between Attackers and Defenders 

AI is widening the cybersecurity gap as defenders face constraints that attackers do not.

Written By
Curt Aubley
Curt Aubley
Jul 10, 2026
3 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Adversaries have no compliance reviews for their AI deployments. 

There are no approval chains, no token budgets and no governance committee debating whether a model is ready for autonomous action. 

They simply use AI aggressively and without constraint to overwhelm defenses.

This is the second article in our series by Curt Aubley, CEO of Sevii. If you missed the first installment, read it here.  

Key takeaways

  • Most AI cybersecurity tools still require significant human oversight, limiting their ability to reduce analyst workload and move security teams beyond triage.
  • Legacy security architectures and weak governance frameworks prevent AI from operating autonomously at the speed needed to match modern attackers.
  • AI token-based pricing models can create financial barriers that discourage organizations from fully leveraging AI for threat detection and response.
  • Defenders face growing operational and economic disadvantages as attackers adopt AI without the governance, compliance, and budget constraints common in enterprise environments.
  • Closing the AI cybersecurity gap requires rethinking both AI product design and the business models that shape how security teams use these technologies.

Why AI security tools struggle to reduce analyst workload 

Meanwhile, defenders are being sold AI tools with one hand behind their back. 

The uncomfortable truth is that most AI cybersecurity tools still create work for defenders.

Simply offloading repetitive daily tasks is not making teams any better or faster. 

And being a “co-pilot” is not a model designed to deliver the scale, speed or even the intelligence to meet the attackers one-on-one. 

The persistent reliance on legacy systems introduces unnecessary steps and requires additional human interaction/oversight. 

This reliance on many AI solutions is also a symptom of a lack of strong, built-in governance mechanisms that provide a comprehensive, customizable framework and controls for confident autonomous and independent action. 

Without those capabilities and the granular, immediate ability to intervene when required, AI solutions may add speed but cannot actually remove work because humans still have to review and act on the outputs. 

Thus, we’re not getting to where we need to be. 

Defense teams have implemented AI tools that do not allow them to advance beyond triage, which leaves them overburdened, outmanned and resource-strapped. 

Because they’ve come to accept this daily struggle, they view triage as an acceptable compromise instead of a symptom of systemic operational flaws.

Advertisement

Why Today’s AI Cybersecurity Tools Fall Short 

The tools problem is only half the story. The other half is the business model.

There is an inconvenient truth behind the promise of AI. 

Beyond technical challenges, the cybersecurity industry is also stuck in a business model —  based on profits and product design —  that limits, if not punishes customers for defending themselves too earnestly.

How AI Pricing Models Hurt Cyber Defenders 

Balancing the current dynamics in resource deployment and consumption, tokenization has become a de facto standard way to price AI implementations. 

While in other AI sectors it has become an accepted cost, it is already putting defenders at a substantial disadvantage. 

AI optimists have proclaimed that we will now be able to eliminate the talent gap which has plagued the industry for decades, ignoring the fact that tokenization is creating a cost gap that will far outweigh the benefits of eliminating the talent gap. 

By requiring defenders to use a token whenever they identify a threat, analyze an alert or remediate an attack, we are monetizing every aspect of threat defense and mitigation and unnecessarily profiting off the struggles of organizations under constant attack. 

We are forcing defenders to determine which alerts warrant the highest priority, forcing them to ignore certain threats, forcing them to cut investigations short, and forcing them to choose what warrants remediation. 

All because they lack the tokens to capitalize on the capabilities that AI promises. 

And, we are creating even more work for them. 

Rethinking AI Security for Modern Cyber Defense 

The industry needs to reckon with this honestly. Not just the tools, but the incentives behind them. 

As long as the pricing model profits from defender struggles, and as long as AI products are architected to keep humans in every loop regardless of the cost in time, we will continue to lose ground.

In the upcoming final article of this series, I’ll explore potential solutions and how organizations should be navigating AI as a force multiplier. 

Curt Aubley

CEO of Sevii and U.S. Army veteran

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.