The Defender's Dilemma: AI, MDR, and the Future of Security | eSecurity Planet

The Defender’s Dilemma: AI, MDR, and the Future of Security

Traditional cybersecurity approaches are struggling to keep pace with modern threats, making autonomous AI essential.

Written By
Curt Aubley
Curt Aubley
Jul 6, 2026
4 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Security teams have spent 20+ years drowning in alerts, and the average breach still goes undetected for 241 days. Here’s why.

This is the first in a series of guest posts from Curt Aubley, CEO of Sevii.

Key Takeaways

  • The Defender’s Dilemma continues to leave organizations struggling to keep pace with modern cyber threats.
  • Alert fatigue is driven more by tool sprawl and budget constraints than by a cybersecurity skills shortage.
  • AI that only automates tasks without reducing human involvement delivers limited security gains.
  • Autonomous, governed AI can help defenders respond at machine speed while reducing operational complexity.
  • Organizations should begin evaluating AI-driven alternatives as cybersecurity moves beyond traditional MDR.

Why Cybersecurity Defenders Keep Falling Behind 

In 2002, I was supporting NASA’s cybersecurity efforts when China launched the Titan Rain cyberattack — targeting NASA, the FBI, defense contractor networks, and agencies across the UK. 

It was a watershed moment. And for 24 years since, it has exposed the cybersecurity industry for what it is: built on a shaky, whack-a-mole foundation.

Today’s attacks are faster, more sophisticated and are arriving at a greater scale than anything defenders faced a decade ago. 

The average cost of a data breach has climbed from $3.86 million in 2020 to $4.44 million today. The threat landscape has outpaced the architecture built to contain it, and that gap is widening every year. 

“The bad guys only have to be right once. The good guys need to be right every time.” It’s known as the Defender’s Dilemma. And it is why breaches remain hidden in systems for an average of 241 days before they are identified and contained.

Advertisement

The Real Cause of Alert Fatigue in Modern SOCs 

Ask anyone in the industry and you’ll hear the same thing: SOCs are overwhelmed. But the diagnosis behind that complaint is usually wrong. 

The industry has spent years framing this as a skills problem, but I’m here to tell you that the cybersecurity skills shortage is actually a budget shortage.

Add to this that our industry loves to declare things dead but rarely actually removes them. 

Legacy technologies amble and stagger in enterprises like zombies, with few signs of life, feasting on precious budget resources with little to show for it. 

Previous “innovations” have by-and-large been additive to the existing security infrastructure, often only marginally improving performance, while compounding complexity and friction. 

The pattern is familiar: a new tool arrives promising to change the game. It reduces one old workload, but creates two new ones. 

Security teams get busier, attackers get faster. The gap widens.

AI Cybersecurity Needs More Than Automation 

AI promised to break this cycle. And to be fair – AI offers not only an exponential step change in speed, scale and efficacy, but also the opportunity to begin to streamline the infrastructure and reduce complexity. 

It finally allows organizations to move forward with agility and the ability to defend at machine speed. For the first time, we can finally level the playing field and begin to erase attackers’ advantage. 

But that potential is being squandered by vendors who can’t resist selling evolution when the moment demands revolution.

Automating repetitive tasks is a great first step and can help free up personnel and resources, but it does little to actually improve a business’ security posture. If a solution requires continuous human review and sign-off at every step, how intelligent is it really?

Real innovation is possible and available now – in solutions that address new and emerging threats and have the governance that establishes the trust and confidence to empower it to act independently – especially when human interaction cannot scale to meet the volume or speed of an attack.

While in security industry terms, AI may still be considered in its infancy, advancements in models and solutions are maturing at speeds unlike any other category. 

We are already seeing some early AI solutions “age out.”  While private conversations point to a dramatic shift for legacy vendors, one segment is beginning to face its public reckoning. 

Advertisement

Why Organizations Should Rethink MDR 

Is MDR dead? Maybe not yet, but as a platform built for triage and intended to support resource constrained defense teams, the life support alerts are ringing. 

If you are a business that still invests in MDR, you may want to start looking seriously at new AI solutions that can take the place of your alert readers and actually take steps to improve your protection efforts.

Stay tuned for Part 2 of this series, where I examine the growing AI arms race between attackers and defenders and the business models shaping its future.  

Curt Aubley

CEO of Sevii and U.S. Army veteran

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.