There is a big drive right now to get AI into corporate security operations.
It comes from the top. The instruction, in most organisations, is some version of we need to be doing something with AI. And so, security leaders are evaluating tools, sitting through demos, and being told by a growing number of vendors that their platform is now “AI-powered.”
Most of those security leaders have a quieter, more important question that the demos rarely answer:
Is this actually useful?
Because there is a real difference between AI that genuinely changes how a security operation works, and AI that is, when you look closely, a chatbot with a security-focused interface. And the difference is not in the model, it’s in the data.
The question that separates the two
Here is the test. When a vendor shows you AI for security operations, ask one question:
What data is the AI actually working with? Is it your data? Is it the vendor’s data? Or is it just the open web?
The answer tells you almost everything.
If the AI is reasoning over publicly available information – news, general knowledge, what’s on the internet – then however sophisticated it sounds, you are essentially dealing with a chatbot. It can summarise. It can answer general questions. It can sound impressively fluent about the world.
What it cannot do is tell you where your people are right now, which of them is inside the impact zone of an unfolding event, or what your actual exposure is to a crisis that started twenty minutes ago. Because it cannot see any of that. It does not have your data.
Operational AI – the kind that changes how a security team works – reasons over the organisation’s own live operational data. People locations. Travel itineraries. HR records. Asset information. Verified threat feeds. The sources the security team has chosen and trusts. That is a fundamentally different capability, and it is the capability that matters when something is actually happening.
What the recent Middle East escalation exposed
This is not theoretical. The recent escalation in the Middle East tested it in real conditions, across a lot of organisations, at once.
It began the way these things usually do – at the worst possible time. Saturday morning UK time. Late Friday night in the US. Not Monday morning at a desk with a coffee and a clear week ahead, but out of hours, fast-moving, with information arriving faster than anyone could make sense of it.
Many organisations had significant exposure. Regional headquarters in Dubai. Operations across Qatar, Kuwait, Bahrain, Saudi Arabia. Expatriate staff with families and dependents. Travellers in transit. And the uncomfortable truth, for a lot of those organisations, was this: they did not have an accurate grasp of what their exposure actually was.
Not because they didn’t care. Because the information that would have answered the question – who is here, where exactly, how do we reach them – was scattered. Some in a travel system. Some in HR. Some in an access log. Some in someone’s head. The security team often couldn’t see it all in one place, and certainly couldn’t see it fast.
The systems built for exactly this – travel risk management platforms – were in many cases found wanting. Itinerary-based travel tracking tells you who is travelling in the next seven days. It does not tell you about the expatriate family living in the region, the employee working from home, the contractor on a long-term posting. In a regional crisis, that is only a slice of the real exposure.
This is the gap that decides how a response goes. And it is the gap that the right combination of data, software, and AI is built to close.
Software, AI, and human judgement – and why all three matter
The instinct, under board pressure, is to treat AI as the answer. Bolt it on, switch it on, problem solved.
It does not work that way. AI bolted onto a fragmented, unreliable data environment does not fix the fragmentation – it just produces wrong answers built on a shaky foundation. In security operations, a fast answer built on a wrong picture is worse than a slow one.
The model that actually works has three parts, each doing what only it can do.
Software provides precision. When an earthquake hits, you need to know that there are forty-seven people within fifty kilometres – not approximately fifty. Software can correlate where your people are with where the incident happened and give you the exact number. That precision is not a nice-to-have. It is the basis of every decision that follows.
AI provides interpretation. Once the precise picture exists, AI is what makes sense of it at speed. What does this mean for us? What should we prioritise? Draft the communications to those affected. Draft the situation report I can send to my stakeholders. The work that would take one person hours on a crisis weekend – assembling the picture across multiple systems – AI can do in seconds, because the data is already connected.
Humans provide judgement. AI suggests; humans decide. The security leader reviews the assessment, overrides it if their experience says otherwise, and makes the call – because the call carries accountability, and accountability cannot be delegated to a model. The human stays in the loop, always, at the point where judgement matters.
Take any one of these away and the model breaks. The value is in the combination.
What this means for evaluating AI in security operations
If your organisation is under pressure to adopt AI in security operations – and most are – the useful starting point is not choosing a tool. It is understanding your data.
A simple exercise: map the maturity of your data environment. Where does your people data actually live? How current is it? How quickly could your security team see your full exposure to a regional event, right now, without anyone exporting and reconciling spreadsheets first? The honest answers to those questions tell you whether AI will be genuinely useful to you – or merely decorative.
Because AI is only as good as the data it reasons over. An organisation with mature, connected, trusted data can introduce AI that genuinely transforms how it responds. An organisation with fragmented data that introduces AI anyway has simply built a faster way to be uncertain.
The pressure to adopt AI is real, and it is not going away. As the geopolitical landscape keeps shifting – and as environments once considered safe turn out to be exposed overnight – the need to compress the time between recognising a threat and acting on it will only grow.
AI will be central to that. But only the kind that works on your data, alongside your people, with the precision of software underneath it.
The question is no longer if AI belongs in security operations. It is which kind – and whether your data is ready for it.
This blog is created from the live session we ran with our partners Factal – click here to watch the full recording.
rosa is the operational AI built into resilienceOS – reasoning over your own live people, travel, asset, and threat data, alongside your team. See how it works โ click here to book a meeting.