The Intersection of AI and Cybersecurity: Leveraging AI for Threat Detection and Response

By Siarhei Fedarovich, Program/Project Manager at IBA Group, PMI-ACPand Julia Kanaikina, Head of Delivery, Cybersecurity services at IBA Group, PMP certified

As cyber threats grow in complexity, AI is becoming essential in modern cybersecurity. Here, we integrate AI-driven tools across banking, healthcare, telecom, and logistics to enhance threat detection, automate response, and reduce analyst workload.

AI in Cybersecurity Today

In my opinion, AI is proving to be a game-changer. For instance, in banking and healthcare, AI is used to detect unusual behavior in real time - something traditional systems often miss. A recent example involved identifying an insider threat through AI-driven behavioral analysis that flagged a suspicious login pattern long before damage could occur.

AI is also accelerating incident response. In many environments, there have been implemented automated workflows where AI triages alerts and, in some cases, initiates actions - like isolating endpoints or blocking traffic - without waiting for manual input. According to the Osterman Research Report, almost 90% of SOCs are overwhelmed by backlogs and false positives, with more than 80% of analysts reporting feeling constantly behind.This not only reduces response time but relieves security operations centers (SOCs) from alert fatigue.

Personally for me, another interesting area is phishing protection. AI can analyze incoming emails and detects phishing attempts based on linguistic and structural patterns. This is especially crucial in healthcare with a large amount of patients’ medical records.

AI Advantages Over Traditional Cybersecurity Methods

Traditional tools work well for known threats, but struggle with anything that doesn’t follow a predictable pattern. AI, on the other hand, brings a major advantage in areas that require pattern recognition, adaptability, and speed. It does not just look for known bad behavior - it learns what "normal" looks like across users, systems, and networks, and flags anything that deviates from that baseline. This makes it incredibly effective for detecting dynamic threats, insider attacks, and zero-day exploits - the types of threats that traditional tools often miss entirely.

AI-driven behavioral analytics can identify unusual data access patterns, privilege misuse, or file transfers that are out of character for a user - even if they haven’t violated a specific rule. AI looks at behavior - things like unexpected system calls or abnormal process executions - to identify and respond to suspicious activity before it becomes a full-blown incident.

Case 1: Speed and Precision

One of the most compelling success stories comes from a banking area player overwhelmed by alerts from their SIEM platform.

The problem was solved by integrating an AI-based analytics layer on top of their existing SIEM platform. The goal was to enhance detection by using machine learning to analyze event patterns, user behavior, and contextual relationships between logs - across endpoints, applications, and their internal network. The AI engine fed enriched, high-confidence alerts directly back into the SIEM, so the client could act on them using their existing tools and workflows. It also provided detailed context - like related events, asset criticality, and risk scoring - so the investigation could be fast-tracked.

This was a clear win not only for detection speed, but also for improving the overall value of the tools they already had in place.

Machine Learning Role In Unknown Threats Detection

Traditional security tools are limited by static rules and known Indicators of Compromise (IOCs). According to Google Cloud Community, static rules for cloud security are used for identifying "toxic combinations," they often miss novel threats due to their reliance on predefined scenarios, requiring significant manual updates as threats evolve. This is where machine learning has benefits. By continuously learning the baseline of what "normal" looks like for system processes, network traffic, or user activity, ML models can detect deviations that may otherwise go unnoticed. For example, a previously unseen process suddenly triggering a spike in CPU or memory usage, or a user accessing sensitive systems outside of their usual working hours - these don’t match any known threat signature, but ML recognizes them as contextually abnormal.

It’s important to acknowledge that machine learning may also make mistakes.

One of the key techniques here is correlation across diverse data sources. Another way AI helps is through adaptive learning. Over time, the models refine their understanding of what constitutes normal and malicious activity. They "learn" from analyst feedback, reducing repeat false positives and improving alert quality. So the longer AI runs in an environment, the more accurate it becomes.

Now we can see real impact here, for example, in telecom projects, AI-based alert scoring reduced low-confidence alerts by more than 60%, allowing analysts to focus only on high-priority, high-confidence incidents. 

It’s all about quality over quantity, and that’s a game-changer for modern threat detection.

Ethical and Privacy Considerations

Beside the data privacy that is regulated by GDPR in Europe, for example, there is an issue around bias and fairness in AI models. If the training data isn’t well-balanced or diverse enough, it can prefer certain interpretations or flag certain behavior. Transparency is another key ethical concern. AI models can behave like “black boxes”. 

Finally, we highly recommend you always emphasize a combined approach. AI should never be the only one decision-maker. In my experience, the most successful AI implementations come from tight collaboration between machines and people. Analysts interpret AI outputs and help train and refine models.

Who Will Benefit The Most?

One of the most obvious examples is banking and financial services. AI helps by enabling real-time fraud detection, behavioral analytics for insider threat monitoring and automated alert triage to support overburdened SOCs. 

Another industry that benefits greatly is healthcare. AI can help by monitoring for suspicious access to patient data, flagging unusual network traffic and detecting phishing attempts through advanced content analysis. 

Telecommunications is another key sector. AI helps by performing real-time analysis of network behavior, identifying abnormal patterns at scale and reducing false positives in NOC/SOC operations. 

I also see strong use cases in manufacturing and logistics, especially with the rise of IoT and OT (Operational Technology) integration. AI can detect anomalies in machine-to-machine communication, unusual access to industrial systems, or potential disruptions in supply chain systems.

Across all these industries, the common thread is that AI delivers value where there is:

● A high volume of security events

● A need for real-time or near-real-time response

● A limited human workforce relative to the threat surface

● And a requirement for regulatory compliance or data sensitivity

The Future of AI and Cybersecurity

Over the next 3–5 years, we foresee several major trends. 

First is a predictive defense. AI will move from detection to anticipation, using early indicators to prevent threats before they strike. Secondly, AI will be integrated deeply in every layer of security architecture, from endpoint to cloud and identity. I also expect major progress in explainable AI (XAI). 

At the same time, we will see an increase in cyber attacks, forcing defenders to match their sophistication.

I believe the successful implementation is a balance between leveraging AI to handle scale and complexity while preserving the human insight.