#1745148: Humans Are Bottleneck in a Machine-Speed World

Description: Human-in-the-loop math
Security teams building AI into their own defenses are drawing a hard boundary around autonomy. Emily Choi-Greene of Clearly AI explained that as security engineers designing these systems, the job is to determine "when AI systems can make decisions on their own (in low-risk cases) and when a human should be in a loop." She noted that in theory, "if the use case is low enough risk, and there are enough compensating controls, 'almost right' can be good enough," but for now, every one of her team's AI security decisions still keeps a human in the loop, "and we still save the business a ton of time." Bil Harmer, CISSP, CISM, CIPP, CISO at Supabase, pushed on the details behind that tolerance for imperfection. "It would be interesting to know how 'close' it was on the answer," he said. He argued that "almost right" works fine for broad defenses while a threat is being localized, and that as attacks accelerate, security will need "a lot more general broad spectrum defense to slow the attacks long enough to find a solution."

Should machines decide at all
Not everyone agrees AI belongs in the decision seat. "LLMs should not be making security decisions. They're probabilistic, not deterministic. This is a bad use case," was the hard line drawn by Travis G. of Big Brothers Big Sisters of America. He went further, arguing that "any leaders who think otherwise shouldn't be leading in security." Stuart G. of The Armour Group raised a different concern about the infrastructure underneath these decisions. He warned that connecting multiple clouds to a single LLM "turns that cloud LLM into a highly prized target which will eventually succumb to an attack and will harm those connected to it."

From assistant to autonomous
The transition security teams are living through isn't hypothetical anymore. "The shift from AI-assisted to AI-autonomous security is no longer theoretical, it's operational," said Gagan Mathur of Shell. He framed the work ahead as embedding "trust, traceability, and guardrails into machine-speed decisions without slowing them down," adding that the real question isn't just whether AI is secure, but "are we secure with AI in the loop?" Donna R., CISO at Radian, sees a parallel shift in what security teams themselves need to become. Teams have to evolve "from gatekeepers to strategic collaborators, training, guiding, and aligning AI decisions with human values and risk tolerance," she said, warning that otherwise "we risk becoming the very friction point we're supposed to remove." She pointed to agentic AI as the next pressure point: these systems "will act, decide, and communicate without direct oversight," and without the same identity rigor applied to humans, "we'll lose control."

Redefining the security role
Speed and confidence aren't the same as understanding. Rajah Chowbay of Cyera framed the core challenge as one of context: "How do we make sure AI has enough context about risk, environment, and intent to move from 'almost right' to 'right enough to act without causing harm'?" He suggested the shift is less about new technology and more about a new mandate, one where "instead of guarding every door, maybe our job becomes helping others walk through them safely, without slowing everything down." Topaz Hurvitz of Israel Post connected that mandate to the current threat surface, noting that security has moved past "simply securing cloud resources" toward "securing emergent AI workloads in hybrid ecosystems." The "almost right" problem, she said, points to a need for "AI observability and explainability" in the security stack, along with "clear anomaly detection baselines established before autonomous remediation."
More info: https://www.linkedin.com/pulse/humans-bottleneck-machine-speed-world-cisoseries-6qnxc

Date added July 10, 2026, 12:59 a.m.
Source Linkedin
Subjects
  • AI/ML - Artificial Intelligence / Machine Learning / GenAI / Artificial General Intelligence - AGI - Various
  • PodCasts / Webcast / Webinar / eSummit / Virtual Event etc.
  • Security Management/Strategic Security/ROI/ROSI - CISO and Higher Level