Creating AI that will broadly protect an enterprise across all its digital operations will in ways resemble efforts being taken by driverless car companies today. For example, since 2009, Waymo’s driverless car software has trained on over 15 billion miles of simulated driving and more than 20 million miles of public driving experience. Waymo has a rigorous approach to testing at different levels of fidelity (simulation, closed course, real world), executing scenarios with thousands of variations, all the while collecting data for the purpose of improvement.

This isn’t a perfect analogy for AI in security, but it is pretty good—testing with simulated data, testing in lab environments with simulated or real attacks, and testing in real-world operations across a diverse set of enterprises. Security problems with natural access to cleaner data will emerge with truly AI-powered products sooner than the harder data problems across the entire enterprise security stack. It is going to take time and capital to get there, and innovations that are ruthlessly focused on the data problem will be first and foremost to unlock broad transformation. Today, many security tools just don’t focus on data normalization because they tend to be siloed in specific pain points in the overall infrastructure.

What transformative AI in security will look like

Imagine that every IT initiative, configuration, security log, and alert could be reviewed by the world’s leading human security expert in that given area in real time, with no disruption to business operations. Imagine that enterprise analysts could consult with and get direction from that expert. AI in security will eventually feel like that.

How? Products that are built on thoughtful data assets, that reduce data complexity, will ultimately be category kings; otherwise, the product won’t work from customer to customer, and it will be a product with service-like margins and won’t scale. In fact, Andreessen Horowitz found that most of its enterprise AI companies have much lower margins than comparable SaaS businesses because of the inherent costs of building and scaling AI.

These future category kings will first have to invest in data infrastructure and collection, likely for years, before their data can truly be considered an asset and assist in the self-improving nature of their product. However, once these company kings obtain a real data asset for AI, their pace of innovation will be difficult (if not impossible) to match by competitors, and they will be crowned a category king, as long as they still manage to maintain an intuitive product. Just as the search engine category quickly consolidated to Google, the same will happen with data-intensive cybersecurity solutions. Specifically, look for major consolidation in security information and event management (SIEM), eXtended detection and response (XDR), endpoint detection and response (EDR), and network detection and response (NDR) markets.

AI is emerging in security first on smaller problems where there is less data complexity, as noted in the email fraud and malware examples earlier. AI will then slowly deploy to more complex data problems, but only products that are ruthlessly focused on managing data complexity will emerge with meaningful AI engines. To be effective, an AI-driven security program must be able to collect data from all available security tools and threat feeds, and then normalize this data so that it’s useful for training the AI engine. This is what AI’s future in cybersecurity will look like.