“AI-powered.” It’s on every security datasheet now. Which is roughly the problem.
Gartner even has a name for part of it, agent washing: taking an existing product, some automation, a chatbot, and relabelling it AI. By their count, of the thousands of vendors claiming agentic AI, around 130 are the real thing.
That’s not a reason to dismiss it. Used well, AI does genuine work in security: triage at scale, cutting alert noise, spotting patterns across volumes no human team can read. The value is real.
But “AI-powered” on a slide tells you nothing by itself. It’s a label, and labels are cheap. The market can’t even agree what counts. The forecasts swing by a hundred billion dollars depending on whether you count every ML model or only generative AI.
So the questions worth asking aren’t about the badge. What does the model actually do. What data does it need. How does it behave when it’s wrong — because it will be. And what still needs a human, given most alerts end up on someone’s desk regardless.
AI in security isn’t magic and isn’t a fraud. It’s a tool. Ask what it does, not what it’s called.