top of page

AI in Security: Speed, Depth, and What It Means for Your Organisation

9 June 2026

AI is no longer a distant threat—it is an active capability in the hands of attackers today. In this CyberCuration, we explore the compression ratios that define AI’s edge in offensive security, what that means for your defensive capability, and how organisations should be thinking about AI adoption, accountability, and ROI.

The Offensive Advantage: Measuring Speed and Depth

AI’s offensive advantage is measured in two key compression ratios—speed and depth. Both have profound implications for your security posture. Current models can evaluate code and chain together vulnerabilities at a scale no human can match:

  • Speed Compression Ratio (6,000x): This represents the rate at which AI finds vulnerabilities compared to a human. Based on current models using a codebase of 50k lines, AI is likely to find vulnerabilities 6,000 times faster than a human.

  • Depth Compression Ratio (46x): This measures the ability to create complex chains exploiting multiple vulnerabilities. When finding a 3-step chain, current models are 46 times faster than a human. Crucially, this advantage is exponential: the longer the chain, the higher the ratio.

 

AI leads in speed and depth. But what does that mean for your organisation?

The New Paradigm: Redefining AI vs. Human Capability

The paradigm has shifted: AI is deployed for bulk and depth, augmented with humans for high-value and targeted evaluation. This is not a threat to human roles—it is a redefinition of them.

Your code evaluation security capability requires both humans and AI working together, as each brings unique strengths to the table:

  • AI Strengths: AI excels at establishing speed and depth when creating an attack chain. It can systematically evaluate raw code at an unmatchable scale.

  • Human Strengths: Humans still lead in exploiting business logic and intent—understanding the “why” behind a process, not just the “what.”

AI is here to stay. The organisations that embrace it—thoughtfully—will outpace those that resist or ignore it. Make the most of it.

Managing Risk: Shadow AI and Tool Sprawl

As adoption increases, Shadow AI is now one of the biggest drivers of ungoverned risk. AI tool proliferation is accelerating across modern business units. Different tools excel in different areas there is no one-size-fits-all solution.

Because each vendor has vastly different security capabilities, you must know what you are getting before you deploy it. Personal preference among teams is real, but rigorous security requirements are not optional. You must know your tools, and you must know their risks. For instance, most organisations with an E5 licence already have AI visibility tools available but are they actually used?

Accountability, Guardrails, and AI Hallucinations

A fundamental governance principle remains unchanged: AI acts on behalf of the person owning the process accountability always lies with the human that initiated it. This principle does not change with agentic AI. In fact, where agentic spawning is enabled, risk increases significantly, making robust guardrails and resource limiting more important now than ever.

When structuring your governance, organisations must actively account for two key risks:

  1. AI Hallucinations: AI providing confident responses to people who don’t know the answer is a major vulnerability. This is most dangerous in long manual processes with variable outcomes.

  2. AI Auditability: How do you verify your AI is correct? You need senior humans. The long-term business risk is that senior people leave the organisation without leaving behind the internal capability to validate AI outputs.

For safe use, start with long manual processes that have known, measurable outcomes. These targeted areas are where AI delivers high value with minimal risk of invisible errors. Accountability sits squarely with the business owner not the AI vendor. Build your governance accordingly.

How to Measure Your AI ROI

Measurement is the foundation of AI ROI. Without it, value remains completely invisible and adoption stalls. Common corporate failures include forcing AI use without alignment to your specific business type or targeted use cases. If you cannot show value in numbers, adoption will stall and ROI will remain invisible.

To implement a successful framework, start by identifying manual tasks that can be augmented with AI, then measure the exact value difference. Ask yourself: What is the people cost of the current process ? Look for areas where AI can drive more efficiency, achieve a better time to solution, and yield more throughput.

Example Metrics to Track:

  • Time Savings: A process that previously took 7 days is optimized to take only 2 days.

  • Cost Reductions: A human cost of $6,000 is reduced to $2,000 via targeted AI augmentation.

  • Volumetrics: Increased total throughput, such as tickets resolved, incidents responded to, or general security coverage improved.

Define your metrics, pre-measure, post-measure, and report. Then rinse and repeat. This continuous cycle allows you to change hearts, remove FUD (Fear, Uncertainty, and Doubt), and clearly demonstrate value removing tedious tasks to make organizational roles fundamentally more rewarding.

 

Get in touch…

AI is not going away the question is whether your organisation is using it strategically, securely, and with clear accountability for outcomes.

Contact

Media enquiries

cybercure@cybercure.co.nz

bottom of page