Skip to content
Perspectives

TIPS #26: AI Hyperautomation- Force Multiplier or Missed Opportunity?

Shane Shook

March 11, 2025

  • Blog Post
  • TIPS

Issue: Companies misunderstand, mistrust, and misevaluate AI hyperautomations.  

Historically, Security Operations Centers (SOCs), incident response teams, red teams, and other cybersecurity functions have relied upon a combination of manual analysis, deep subject matter expertise, and iterative hands-on processes to identify, analyze, and respond to threats. Even as supported by modern analytics tools, these processes are time-consuming, resource-intensive, costly, and limited in scalability. Today, this approach falls short given constant technological changes and evolving cyber threats. 

 Automation in Security 

Unsurprisingly, business process automations (BPAs)– software that automates repetitive business tasks- and robotic process automations (RPA)– a type of BPA that uses configurable scripts (bots) to automate tasks- have become a staple for modern organizations. Those capabilities have been adopted in some security processes, and many security processes have thus been reengineered to create incremental time and cost improvements. For example:   

  • Scripts that collate vulnerabilities scan details and patch/change requirements 
  • Alert detection scripts that leverage new attack matrix details 
  • Security Information and Event Management (SIEM) solutions that automate event log collection, normalization, correlation, and apply patterns to create alerts for action 
  • Security Orchestration, Automation and Response (SOAR) tools that help security teams automate and manage SOC operations  

Process automations can be combined with AI techniques including machine learning (ML) and neural networks (a subset of ML) for enhanced outcomes. For example:   

  • Intelligent SOC workflow discovery and automation 
  • Alert prioritization, advanced threat detection, and actionable insights 
  • Controlled access and authorized use of resources  

Hyperautomation 

Hyperautomation goes one step further by automating complex processes across systems, by leveraging AI to orchestrate workflows and support intelligent decisions. For example:  

  • AI identity and access management that automates onboarding, identity validation, rights management, and access controls to resources across disparate systems 
  • AI SOCs that hyperautomate operational aspects of a security program including extemporaneous threat detection, incident response, and retrospective querying of retained data as new threat intelligence is gained – from operations, or the community, to create a continuous threat awareness and response program 
  • AI copilots that enable automated code reviews, continuous AppSec testing, and other complex DevSecOps functions in the software development life cycle (SDLC), enhancing developer productivity and quickly delivering resilient applications to market 

While AI hyperautomations have serious potential, many companies aren’t effectively capitalizing on the opportunity – due to fear, uncertainty, and doubts (FUD) about its reliability and TCO vs ROI.  

One source of fear is FOMO- fear of missing out on GenAI, rather than focusing on their needs and capabilities with existing AI solutions available to hyperautomate their work processes – that might lead to efficient GenAI outcomes. Many organizations get caught up in the hype around the latest and greatest AI innovations without stepping back to consider what the best use of AI is for their specific use case. For example, while many GenAI security innovations- including LLM-based tools- are innovative and promising, they can be prohibitively expensive at scale due to high GPU costs and other resource demands. This is particularly true for mid-market and middle management buyers with limited budgets.  

The truth is that ML, neural networks, and other proven decades-old AI technologies are often much more practical for hyperautomation in security. They tend to deliver market-proven outcomes, benefit from economies of scale, offer a cheaper price point, and can be more trustworthy, transparent, and explainable.  

 Unfortunately, many people assume that the shortcomings of GenAI apply to AI more generally. While GenAI lacks widespread trust due to documented hallucinations, opaque explainability, and concerns around security vulnerabilities, more established AI solutions are usually highly observable and developed around a defined set of tasks. Unfounded mistrust in proven and transparent AI-powered solutions causes many security teams to pursue the wrong kinds of AI, avoid beneficial AI implementations, or mistrust trustworthy AI technologies. 

“The number of potential GenAI-based automation use cases is so high that it’s quite natural to get attracted to every opportunity that comes through the door. But adopting GenAI isn’t just about tactical efficiency gains, as the cost to operate can be far higher in the long term without downstream transformations of a GenAI ready workforce. Consider the total cost of ownership throughout the lifecycle: one time and recurring GPU costs, model training, data lakes, energy consumption costs, cloud service providers, FTE impacts, risk and control impacts, fail-over infrastructure and resource costs, and AI security controls- and most importantly, continuous skilling and re-skilling as a part of strategic workforce planning.

Before committing to a high-cost GenAI project, take a step back to explore all options for more established, efficient, and cost-effective AI hyperautomations within your current IT ecosystem.”

Sandip Wadje Managing Director- Global Head of Emerging Technology Operational Risks & Intelligence, BNP Paribas

Impact: High opportunity costs, limited ROI, and extended attacker dwell time.   

When security decision-makers implement the wrong types of AI or overlook easy wins with AI hyperautomation, they face significant impacts: 

  • Hundreds of hours lost to expensive manual processes which could be fully or partially automated 
  • AI implementations that are misaligned with security posture create gaps which attackers exploit 
  • Security teams second-guess tooling they don’t fully trust, negating efficiency gains 
  • Extended dwell time 

Attackers ultimately have more time to move laterally, exfiltrate data, compromise critical systems, and cause greater disruptions and downtime. 

Action: Develop an AI hyperautomation strategy that prioritizes trust through transparency, employee training, and posture-aligned tooling.  

There are significant efficiency gains to be made by prioritizing AI transparency, providing adequate training on AI tools, and promoting proven and cost-effective AI hyperautomations.  

Start by developing a strategy based upon the security tools, policies, and procedures (posture) protecting your company and customers. Any AI hyperautomations you introduce should utilize proven technologies, deliver explainable and transparent outcomes, and provide a measurable ROI. Prioritize education and training so your team is equipped with the knowledge and skills to understand, utilize, and master AI-powered tooling.   

AI hyperautomations can be applied horizontally across your security program or vertically to meet industry-specific needs.  

“The traditional linear model of adding staff as threats and data grow is no longer sustainable. Today, we must empower our security analysts with the best AI-powered tools to hyperautomate what previously took hundreds of hours of manual work. This allows them to defend against current and emerging threats and significantly increases their efficiency- the holy grail of security operations.”

Scott McCrady CEO, SolCyber

Here are a few examples of how Forgepoint’s portfolio companies are using AI-powered hyperautomations to drive efficiencies and deliver improved outcomes.  

1. Proactive Pen Testing and Red Teaming 

Bishop Fox uses a combination of hyperautomation and human expertise to deliver pen testing and red teaming services, helping you identify vulnerabilities and ensure secure application deployments.  

2. Malware Analysis 

ReversingLabs employs AI-based binary analysis technology to automate aspects of malware analysis, helping you streamline workflows and upskill your SOC team. 

3. Kubernetes Security 

RAD Security offers AI-enabled auto-remediation to address Kubernetes vulnerabilities and misconfigurations in your cloud-native environment. 

4. Fraud Prevention and Payment Security 

Lynx’s Daily Adaptive Models automatically update each day to maintain highly accurate fraud and money mule detection even as payment technologies, customer behaviors, and fraudster attacks evolve.  

Verituity utilizes AI and ML-powered intelligent automation to enhance and streamline Strong Customer Authentication (SCA) and Identity Verification (IDV), delivering faster and safer verified payouts. 

5. Managed Detection and Response 

Huntress combines expert human-led threat hunting with powerful workflow automations to give SMBs enterprise-level managed detection, investigation, and response for endpoints, identities, and more.  

  1. Network Detection 

Lumu’s Autopilot is an automated SOC solution that mitigates network dwell time through autonomous network incident management, adaptive learning, and AI-powered playbooks. 

6. Ransomware and Incident Response 

Surefire Cyber pairs workflow automations with hands-on incident response expertise to accelerate ransomware response times and promote business resilience.  

7. Posture Management and Comprehensive Managed SOC Services 

SolCyber’s SOC solution is led by Level 2+ analysts who leverage AI automations to efficiently handle routine tasks while analyzing complex threats to your systems.