Skip to content Skip to sidebar Skip to footer
Home Resources Blog “The greatest challenges are rarely technical. They are human.”

“The greatest challenges are rarely technical. They are human.”

4 minutes reading time

“The greatest challenges are rarely technical. They are human.”

The debate about AI in cybersecurity often starts with capability. What can the model detect? How fast can it analyse code? Can it generate an exploit, triage an incident, or suggest a patch? Those questions are important. But Jackie Janssen’s keynote at the Cyber Security Coalition’s Solstice Event shifted the focus to a different issue: what remains distinctly human when machines become faster, more knowledgeable and increasingly autonomous?

At first glance, that line of thinking might seem ‘soft’ in a room full of security professionals. It is not. As Janssen put it: “The greatest challenges are rarely technical. They are human.” In cybersecurity, those difficulties encompass incentives, pressure, judgement, trust, communication and accountability.  

AI is already stronger than humans in processing data, information and knowledge, identifying patterns at a scale no analyst can match. But pattern recognition is not the same as understanding intent. Attackers do not merely produce anomalies. They pursue objectives. 

The analyst is not obsolete 

AI may take over some of the workload for analysts buried under thousands of alerts. But that is not the same as replacing the analyst. It is AI removing noise so that human judgement can be used where it matters. AI can summarise, correlate, classify and accelerate. It can support malware detection, incident analysis, secure coding and response preparation. But it cannot define risk appetite. It does not understand organisational context in the way a CISO, architect or incident lead must. It will not assume accountability when an automated response disrupts production, or a false negative is ignored. 

Janssen framed AI not only as a micro tasker, but increasingly as a companion, delegate and teammate. An AI agent nowadays can read emails, accesses files, prepares priorities, or participates in decisions. The interaction model is beginning to shift: AI no longer merely responds to human prompts, but increasingly proposes actions, priorities and questions of its own. 

Human urgency as a security risk

Janssen’s strongest security point was less about attackers using AI than about employees turning to AI at vulnerable moments. Under pressure, people look for help. They may paste code, contracts, credentials, internal context or incident details into an AI tool because it offers what the official process often does not: immediate structure, speed and reassurance. 

The risk is not always malicious intent; often, it is urgency. AI also removes social friction. Employees may ask an AI tool to review code, interpret an error message, or assess an incident detail more easily than they would ask a colleague, manager or helpdesk. This creates a new disclosure channel inside the organisation: informal, fast, invisible and often outside governance. 

The humanity check 

Janssen proposed a practical lens for assessing AI initiatives: the Humanity Check. It asks three questions: 

  1. Does the system make people more autonomous or more dependent? 
  2. Does it strengthen connection within the team or replace it? 
  3. Does human judgement still matter, or has meaning been removed from the work? 

Those questions are highly relevant for security leaders. Used well, an AI assistant can help teams collaborate during incident response and strengthen human capability. Used poorly, it can lock expertise inside opaque automation. The same applies to autonomy: tools that help analysts understand context can increase it; systems that silently decide what matters can reduce it. 

Janssen’s argument is not that every AI initiative must preserve every human task. Repetitive and low-value work should be automated where possible. Organisations need to deliberately decide where they digitise and where they humanise. That is a governance question as much as a technical one. 

Not speed, but judgement 

If security becomes purely a race for speed, humans lose. Machines can process more data, at greater speed and continuously — and attackers will use that speed as well. The human contribution lies elsewhere: judgement, empathy, meaning and accountability. In cybersecurity, that means deciding which risks matter, how to communicate them, when to escalate, which trade-offs are acceptable, and who is responsible when automation acts. The human role will survive only if AI is used to strengthen that judgement, not to bypass it. 

 

Solstice AI in the Ring 18-06-26
About the author
Frank Simkens

Frank Simkens

Frank Simkens is a seasoned marketing and communications expert with a passion for technology and innovation. As a copywriter at The Content Company, he knows better than anyone how to extract the essence from complex stories and translate them into clear messages.
Join our podcast
Please choose your preferred listening platform and language

Spotify

EN

FR

NL

Apple

EN

FR

NL

Join our newsletter

Cyber Pulse keeps you up-to-date on the latest cybersecurity news, community actions and member stories.