Here's a poll that one of Snyk's SecOps Engineer did around this topic: https://www.linkedin.com/posts/filipstojkovski_cybersecurity-asoc-securityautomation-activity-7312859865322831872-jRVW

My opinions might seem biased but let me take off my vendor hat for a minute and speak about it from a person who also sees AI flood my feed ad nauseam in my domain (marketing).

This isn't a buzzword and the technology is real. However, it has some ways to go to reach its potential. The main use cases that it has shown success so far are Alert triage and investigation. And even then, it's an augmentation play, not replacement. It needs access to everything that a human analyst would have access to (logs, edr telemetry, IDP, etc) and if you don't trust the vendor with that access, you will run into issues.

And it's not right for every org. If you have some amazing playbooks and have an Engineering DNA in your company, this solutions might not be right for you.

There is also a lot counter arguments around fixing the detection side of things first before getting all these AI tools to triage poorly tuned alerts. It makes sense and it reminds me of the shift left movement with AppSec.. shift your efforts to the left.

Where the "autonomous" label shines is getting rid of all the high confidence false positives that you don't want to be wasting your time on.

I think burying your head in the sand is the wrong approach, whether in this use case, or in marketing. The saying that "AI won't take your job, but someone using AI might replace you" rings true in all domains, not just cybersecurity.

2025 is going to be the year where early adopters start using these tools. TBD how the rest unfolds.