Formerly known as Wikibon

AI-Native Security Needs Enterprise Context

Walk through the expo floor at Black Hat this year and every security vendor will present an AI story. Some vendors are positioning agentic AI as a new SOC operating layer that can investigate alerts, hunt threats, prioritize risk, and execute response across the security stack. Others are emphasizing autonomous defense, controlled autonomy, natural-language security operations, or AI-driven exposure management. The message is consistent: security teams need to make decisions and act at machine speed without scaling headcount at the same rate.

This is true. But simply adding AI to an existing security product doesn’t make it AI native any more than adding cloud connectivity turned every on-premises application into SaaS. AI may change the interface, but it doesn’t necessarily change the operating model. The critical question is whether it changes how decisions are made across the security environment, because security’s biggest challenge is no longer generating intelligence. It’s creating the shared enterprise context that enables intelligence to be turned into action.

AI is only as good as the context it receives

Security tools already generate enormous volumes of information. Endpoint platforms collect telemetry. Identity systems evaluate authentication risk. Network products observe traffic patterns. Vulnerability scanners identify exposures. Threat intelligence platforms contribute external indicators. None of those systems lacks data. What they lack is shared context.

An endpoint alert rarely knows whether the affected device supports a critical business process. An identity platform may flag privileged access without understanding the sensitivity of the underlying application. A vulnerability scanner can assign a severity score without knowing whether compensating controls already exist. Security analysts spend much of their day answering those questions because the technology stack can’t.

That’s why simply applying a large language model to existing products produces limited results. AI can summarize alerts or recommend actions, but those recommendations stay constrained by whatever context the system has access to, and model quality is not limiting factor. Enterprise context is.

The next competitive advantage is shared understanding

For years, security vendors competed by collecting more telemetry and improving detection accuracy. Those capabilities remain essential, but they’re not enough to differentiate an AI-native platform.

Security decisions rarely depend on a single source of information. Isolating a server depends on the business service it supports. Revoking credentials depends on operational impact. Delaying remediation may depend on production schedules, regulatory obligations, or customer commitments. Every one of those decisions requires context that extends beyond any individual security product.

Today, analysts assemble that context by moving across consoles, correlating information, and applying business knowledge. As AI becomes part of the operating model, that same context needs to become available to the system itself.

This is the architectural challenge emerging across the enterprise. AI systems cannot remain confined to individual applications or products. They need access to identities, data, business processes, infrastructure, policies, and operational priorities so they can reason consistently across the organization.

Why this matters for cyber resilience

The connection to resilience matters here too. Where security has traditionally measured success by preventing attacks, resilience measures how fast an organization restores trusted operations once prevention inevitably fails, and that depends on understanding far more than infrastructure.

Organizations need confidence in identities, data, business services, policies, and automated decisions before operations can safely resume. These aren’t narrow security questions. They sit at the enterprise level, and the organizations that recover fastest will be the ones that maintain shared context across the entire operating environment, not just the technical one.

Looking ahead to Black Hat

As Black Hat continues, pay close attention to how vendors describe AI. The interesting question is where the system gets its understanding of the enterprise: whether it can connect identities to business processes, whether it understands operational dependencies, whether it can reason across products instead of within a single one, and whether it actually reduces the coordination work analysts perform every day. Those questions will be revealing about the future of AI-native security.

Next week, we’ll examine the architectural consequence of this shift. If enterprise context becomes the foundation for AI-native security, what actually provides that context? That missing layer will be one of the defining architectural decisions of the next decade.

Article Categories

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
"Your vote of support is important to us and it helps us keep the content FREE. One click below supports our mission to provide free, deep, and relevant content. "
John Furrier
Co-Founder of theCUBE Research's parent company, SiliconANGLE Media

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well”

Book A Briefing

Fill out the form , and our team will be in touch shortly.
Skip to content