Blog
February 7, 2025
AI offers a world of promise for security teams, including potential for advanced threat detection, automated response capabilities, and enhanced data analysis for cybersecurity. But the same technology that supports cybersecurity teams can also be weaponized by threat actors — a true “Good vs. Evil", or “Jekyll and Hyde” scenario.
The real story lies in the potential of AI to bolster security and prepare for the other side of the double-edged sword. It's not just about detecting threats faster. It's about fundamentally changing how we approach incident response, security patching, and vulnerability management. AI, coupled with robust automation, empowers us to move beyond reactive firefighting and towards a proactive, resilient security posture.
Tapping the Potential of AI for Proactive Security
In the horror novella by Robert Louis Stevenson, Dr. Henry Jekyll is a well-respected scientist and physician driven by his curiosity and desire for self-discovery — not unlike the developers working to advance AI technology today. During his experiments, he creates a potion that allows humans to separate into dual identities. This goes awry when he tests his own potion and temporarily transforms into the villainous “Mr. Hyde.” Ultimately, Dr. Jekyll needs to defeat this version of himself to prevent him taking over permanently, even at the risk of his own death.
(This story also includes one of the best lines in literature: “’If he be Mr. Hyde,’ he had thought, ’I shall be Mr. Seek.’”)
But if Dr. Jekyll stopped at just identifying who and what Mr. Hyde is, it wouldn’t have prepared him for what was to come. In the same way, AI must not only be about anticipating the benefits but also preparing for the fight.
Back to topAI Use Cases in Infrastructure Security: Dr. Jekyll
Here's how ‘good’ AI is beginning to revolutionize key security functions:
- Incident Response: What if you could eliminate having to scramble security response teams and perform manual containment? AI excels at analyzing large volumes of data in real-time, perhaps triggering automated workflows that can isolate affected systems, block malicious traffic, and initiate analysis. AI could even go a step beyond incident response: Imagine detecting a compromised server and then patching exploitable vulnerabilities in the same workflow.
- Patching: Patching is both non-negotiable and a huge time commitment for security teams. Automatically deploying patches across your infrastructure based on vulnerability severity, exploitability, and potential impact cuts back on manual effort, reduces human error, and ensures consistent and timely patching while significantly reducing your attack surface and reducing risk. AI has the potential to predict which patches are most likely to cause issues, allowing you to stage deployments and minimize disruption.
- Vulnerability Management: Beyond just scanning, AI can correlate vulnerability data with threat intelligence and predict potential attack vectors. This information could then be used to prioritize remediation efforts and trigger automated configuration workflows. This means AI would not just be identifying a vulnerability, but also automatically adjusting firewall rules and other access controls to mitigate risk.
- Threat Hunting: AI can sift through massive datasets to identify subtle indicators of compromise that would be unrealistic to expect humans to detect manually. These insights can be used to proactively hunt for threats within your environment and then automation used to remediate any issues found.
Tackling the AI-Driven Threat Landscape: Mr. Hyde
In the novella, Dr. Jekyll grapples with darker impulses that reside inside him. His alter-ego Edward Hyde embodies the unrestrained aspects of Dr. Jekyll with no moral compass. Like Mr. Hyde, AI can also operate without empathy or rules. While governments scramble to implement legislative guardrails, criminals continue to work in fringe areas and abuse AI through the power of unguarded chatbots like GhostGPT.
AI-powered attacks are more sophisticated, more targeted, and more difficult to detect. However, pairing AI with automation can provide a defensive advantage:
- Combating AI with AI: The best defense against AI-powered attacks will be to establish an AI-powered defense. We need to begin planning AI deployments to detect anomalous behavior, especially when those anomalies are generated by sophisticated AI-driven attacks. This requires continuous learning and adaptation, on both the offensive and defensive sides.
- Automation as a Shield: Automation can help mitigate the impact of AI-driven attacks by continuously correcting accidental or malicious configuration drift, shrinking the window of vulnerability, and reducing mean time to recovery (MTTR). Even if an AI-powered attack slips through the defenses, automated response mechanisms triggered by AI can prevent it from causing widespread damage while also enabling forensics to be performed more quickly.
A Path Forward with AI-Driven Automation
As organizations continue to integrate AI into their cybersecurity frameworks, they will need to balance the benefits of AI with its potential dangers to create a secure and trustworthy digital future.
It's not just about fighting the "Hyde" within AI — it's also about mastering its power for the greater good.
At Puppet, we're committed to helping organizations navigate the good and the bad sides of AI as it continues to evolve with ever-increasing speed. Our automation platform, combined with your own strategic use of AI, provides the foundation for building a truly secure and resilient infrastructure in the age of AI-driven threats. Puppet can automate response to threats detected by AI threat detection systems, automatically reverting unauthorized changes and remediating drift that can leave attack surfaces open to AI-enabled bad actors.
If you want to read more about maintaining security in the age of AI, check out a few of our other content resources on the topic: