AI is earning a permanent place in enterprise security, and that makes sense. It can help teams review alerts faster, organize data, and speed up technical work that once took far longer. Used well, it’s a serious advantage
As an AI and domain name expert, I’m noticing that some companies use AI as the final decision-maker rather than as a helpful support tool
In reality, security practices are based on careful testing, review, monitoring, verification, and accountability in the documented trail of who handled what, and when
One concrete starting point is to audit every AI-generated security recommendation against actual test evidence: logs, penetration test results, vulnerability scans, code reviews, and documented human sign-off. If the team can’t show who verified the output, what was tested, and what evidence supports the decision, they’re not using AI as a tool; they’re outsourcing judgment
Subscribe to the Daily newsletter.Fast Company’s trending stories delivered to you every day
Privacy Policy
Fast Company Newsletters
While nice scripts can spit out fancy words, they should not be taken as the be-all and end-all, especially in high-stakes, high-risk environments where blind trust comes at a steep price
Fast doesn’t mean correct
Users love AI for its fast responses. It also delivers these answers with confidence, which can give a busy security team an equally false sense of confidence when speed is a monitored metric
Faster isn’t better, and often isn’t as accurate as you might suspect. What’s more, faster almost never equates to greater security
Sure, AI can help, but it also can hallucinate. This is why an experienced human being is always a must
AI can help security teams write rules that flag suspicious activity and create alerts from security monitoring systems (SIEM). It can review code for common vulnerabilities, generate incident response playbooks, draft phishing simulations, and sort and prioritize security weaknesses by urgency
But AI can also hallucinate fixes, miss flaws in the code’s reasoning, misread logs, suggest insecure code, or downplay a real threat because the answer sounds polished
That’s why experienced humans still need to validate the work, test the findings, and make the final call before anything security-critical gets approved
The central role of humans in security testing
Humans are even more important for VPNs (virtual private networks)and cybersecurity tools, which deal with privacy, access, identity, and trust. A VPN can look amazing but still leak critical information, including DNS requests—lookups that translate website names into addresses—which can reveal what sites a user visits—or handle encryption poorly
In my experience, this is where human testing still matters most. A VPN masks a user’s online activity and can pass an automated checklist. Yet that VPN can still fail in the messy, real-world moments that users actually experience, like switching networks, reconnecting after sleep mode, or handling DNS during a dropped connection
AI can help find obvious issues faster, but humans are still needed to ask the uncomfortable questions, test rare, unusual situations the system isn’t built for, and judge whether the product truly protects privacy when conditions aren’t perfect
AI can certainly help build these systems faster, but critical human oversight and adherence to proper standards and practices remain essential for security
As a powerful tool, AI can help teams make more concrete evaluations and better decisions. This doesn’t mean the teams should think less. Human decision-making is essential for foundational security decisions, including:
- Node selection: Choosing which servers (“nodes”) traffic is routed through, and whether they can be trusted.
- Vendor selection: Deciding which third-party tools and providers to rely on.
- Penetration testing and response: Running ethical hack tests to find weaknesses, and deciding how to fix what they uncover.
- Full-scale deployment: The decision to roll a system out across the whole organization.
How AI changes the future of security
Without a doubt, AI is changing the way we work by streamlining workflows, keeping teams proficient, and helping them identify patterns they may have overlooked. But when bad decisions are made, responsibility falls on the shoulders of the human beings making them
AI won’t defend you in court. AI can’t pay a settlement for a million-dollar breach. And AI can’t repair what happens when your email is breached. AI certainly won’t help you send crypto to a ransomware hacker, either. Businesses bear the cost, which is why human decision-making and accountability remain mission-critical
Enterprise security can be AI-assisted, but it can’t be AI-abdicated. This is why the smartest companies just use AI as a supporting tool, while keeping battle-tested human judgment in charge
Michael Gargiulo is the founder and CEO of VPN.com
Join us in New York City this September for the annual Fast Company Innovation Festival. Advanced-rate tickets are available now through Sunday, July 12. Grab your festival passes today

