Adversaries have no compliance reviews for their AI deployments.
There are no approval chains, no token budgets and no governance committee debating whether a model is ready for autonomous action.
They simply use AI aggressively and without constraint to overwhelm defenses.
This is the second article in our series by Curt Aubley, CEO of Sevii. If you missed the first installment, read it here.
Key takeaways
- Most AI cybersecurity tools still require significant human oversight, limiting their ability to reduce analyst workload and move security teams beyond triage.
- Legacy security architectures and weak governance frameworks prevent AI from operating autonomously at the speed needed to match modern attackers.
- AI token-based pricing models can create financial barriers that discourage organizations from fully leveraging AI for threat detection and response.
- Defenders face growing operational and economic disadvantages as attackers adopt AI without the governance, compliance, and budget constraints common in enterprise environments.
- Closing the AI cybersecurity gap requires rethinking both AI product design and the business models that shape how security teams use these technologies.
Why AI security tools struggle to reduce analyst workload
Meanwhile, defenders are being sold AI tools with one hand behind their back.
The uncomfortable truth is that most AI cybersecurity tools still create work for defenders.
Simply offloading repetitive daily tasks is not making teams any better or faster.
And being a “co-pilot” is not a model designed to deliver the scale, speed or even the intelligence to meet the attackers one-on-one.
The persistent reliance on legacy systems introduces unnecessary steps and requires additional human interaction/oversight.
This reliance on many AI solutions is also a symptom of a lack of strong, built-in governance mechanisms that provide a comprehensive, customizable framework and controls for confident autonomous and independent action.
Without those capabilities and the granular, immediate ability to intervene when required, AI solutions may add speed but cannot actually remove work because humans still have to review and act on the outputs.
Thus, we’re not getting to where we need to be.
Defense teams have implemented AI tools that do not allow them to advance beyond triage, which leaves them overburdened, outmanned and resource-strapped.
Because they’ve come to accept this daily struggle, they view triage as an acceptable compromise instead of a symptom of systemic operational flaws.
Why Today’s AI Cybersecurity Tools Fall Short
The tools problem is only half the story. The other half is the business model.
There is an inconvenient truth behind the promise of AI.
Beyond technical challenges, the cybersecurity industry is also stuck in a business model — based on profits and product design — that limits, if not punishes customers for defending themselves too earnestly.
How AI Pricing Models Hurt Cyber Defenders
Balancing the current dynamics in resource deployment and consumption, tokenization has become a de facto standard way to price AI implementations.
While in other AI sectors it has become an accepted cost, it is already putting defenders at a substantial disadvantage.
AI optimists have proclaimed that we will now be able to eliminate the talent gap which has plagued the industry for decades, ignoring the fact that tokenization is creating a cost gap that will far outweigh the benefits of eliminating the talent gap.
By requiring defenders to use a token whenever they identify a threat, analyze an alert or remediate an attack, we are monetizing every aspect of threat defense and mitigation and unnecessarily profiting off the struggles of organizations under constant attack.
We are forcing defenders to determine which alerts warrant the highest priority, forcing them to ignore certain threats, forcing them to cut investigations short, and forcing them to choose what warrants remediation.
All because they lack the tokens to capitalize on the capabilities that AI promises.
And, we are creating even more work for them.
Rethinking AI Security for Modern Cyber Defense
The industry needs to reckon with this honestly. Not just the tools, but the incentives behind them.
As long as the pricing model profits from defender struggles, and as long as AI products are architected to keep humans in every loop regardless of the cost in time, we will continue to lose ground.
In the upcoming final article of this series, I’ll explore potential solutions and how organizations should be navigating AI as a force multiplier.





