My AI minions learned to triage security alerts this month. They sort the noise while I sleep, which is wonderful right up until you remember I now trust a model to tell me what is on fire. One step closer to world domination, but first, somebody still has to decide which of last Tuesday’s four thousand alerts was the one that actually mattered.
That last sentence is not really a joke. It is exactly where most security teams are stuck. You have AI security triage somewhere on the roadmap. You believe it works. You have not actually handed it the job. And the gap between believing in AI security triage and running it in production is where the breach walks in.
Proofpoint put a hard number on this in its 2026 report, built on a survey of more than 1,400 security professionals across 12 countries. More than half of the organizations that already had AI security controls in place got hit with an AI-related incident anyway. The controls did not stop it. On top of that, 52 percent were not confident those controls would even detect a compromised AI, and only about a third felt ready to investigate one after it happened.
Strip that down and the honest state of play is brutal. We bought the tools. We are not sure they work. We got breached regardless. We cannot investigate the breach. That is not a product problem you can buy your way out of. It is an operations problem, and AI security triage sits in the center of it.
The strange part is that the belief is nearly universal. A 2026 workforce security study from Zoho found that 91 percent of US respondents think AI will strengthen their security posture, while only 9 percent are ready to deploy it today. Arkose Labs found that 97 percent of leaders expect an AI-agent incident within the next year, while just 6 percent of security budgets actually fund the risk. Everyone sees it coming. Almost no one is staffing for it.
Why AI Security Triage Stalls at Belief
This is rarely a competence problem. It is that believing in AI security triage costs nothing and deploying it costs attention nobody has to spare.
Start with the math your team is already losing. The average enterprise runs dozens of security products from dozens of vendors, and every one of them generates its own alert stream. As Proofpoint describes it, analysts end up triaging thousands of findings with no clear signal about which ones materially increase risk, so they sort by severity score instead of by what attackers are actually doing. Everyone on the team knows AI could cut through that noise. Everyone also knows that standing it up means another integration, another set of permissions, another system to monitor, and another thing to explain to the auditors. So it stays on the roadmap, where it is safe and where it accomplishes nothing.
The second reason is trust, and it is legitimate. If you cannot confirm your existing controls work, why would you hand triage decisions to a model you understand even less? That 52 percent confidence gap is not paranoia. It is an honest read on the fact that most teams have no visibility into what their AI is actually doing day to day. You cannot triage with a tool you cannot audit, and you cannot trust a tool you cannot see. So the belief stays theoretical, because the deployment would demand a level of observability most shops have not built.
The third reason is the one I see in nearly every discovery engagement, and I will say it plainly because I have lived it from both sides of the table. Organizations are not short on security tools. They are short on security tools that anyone has fully set up. I have run discovery on more than a hundred environments, everything from small offices to enterprises, and the same picture keeps coming up: a stack of genuinely capable products running at a fraction of what they were bought to do, with real budget walking out the door for capability sitting on a shelf. AI security triage is just the newest line item to land in that pile.
I am not pointing at this from a safe distance. I have done it to my own team. I have handed staff a powerful piece of software and quietly assumed they would push it to its full potential on top of everything else already on their plates. Sometimes they did not have the hours to put it in play correctly. Sometimes the vendor onboarding was thin enough that nobody ever learned what the tool could actually do. Not every vendor, but enough of them. The tool was rarely the problem. The last mile was. Deploying AI security triage well takes that same unglamorous wiring every other tool needs and never gets, and that work does not demo well to a board, so it does not happen, and the capability you paid for stays theoretical.
So when Proofpoint reports that more than half of organizations with controls still got breached, that number does not surprise me. It matches what I see in the field at every company size. Having the tool and using the tool are two different things, and the survey is quietly measuring the distance between them.
What AI Security Triage Looks Like When You Build It
Here is the shape of the problem in real life. I was reviewing a client tenant a while back where the security tooling was fine on paper. Every box checked, every alert flowing where it was supposed to. The problem was that a genuinely meaningful sign-in anomaly had sat in the same undifferentiated queue as a few thousand low-value notifications for most of a day, because the only sorting on offer was the severity label the tool shipped with. Nobody ignored it out of negligence. They missed it because no human triages four thousand items a day at full attention, and the system gave them no way to float the one that mattered. That is the precise job AI security triage exists to do.
Here is the part that finally clicked for me. You do not need an enterprise AI security platform to close most of this gap. You need a triage layer sitting between your noisiest alert source and the human who is currently reading every line of it.
The architecture is deliberately boring. An alert lands. Before it reaches a person, an AI step reads it against context the model already holds: which assets are critical, which accounts are service accounts, which findings have been dismissed as benign a hundred times before. It assigns a real priority based on that context rather than the vendor’s stock severity score, and it writes one line explaining why. Then it routes. Urgent items page a human. Probably-benign items get tagged and logged for review. Known-noise items get suppressed, with a record of why, so the suppression itself is auditable.
That last point is what makes this deployable instead of merely clever. Every triage decision leaves a trail. When the auditor asks why the model dismissed an alert, the answer is on file. This is the human-in-the-loop principle the serious AI security frameworks keep emphasizing, and it is what turns AI security triage from a trust problem into a tool you can actually defend. You are not asking the model to be right every time. You are asking it to do the first-pass sort and to show its work, which is exactly the job a junior analyst would do, except it does not sleep and it does not get alert fatigue at two in the morning.
The stack matters less than the discipline. I run my own version on Airtable as the system of record with a workflow layer moving alerts through it. For client production systems the data layer is Microsoft SQL Server, because that is the standard those environments are held to. The point is that none of this requires a greenfield platform purchase. It requires you to pick your single worst alert stream and put one intelligent, accountable step in front of it.
This is not magic, and it is worth being honest about where it strains. The model is only as good as the context you feed it, so a triage layer pointed at an environment you have not mapped will confidently mis-sort things. If the asset inventory and the known-good baselines do not exist, build those first, because triage on top of bad context just gives you faster wrong answers. The shadow-mode period is not optional either. Run the model alongside your humans long enough to trust the routing before you let it suppress anything on its own. Skip that and you have automated your blind spots.
Start Here If Your Triage Is Still Fully Manual
If security triage in your shop still means a person reading every alert in order, the path forward is narrower than the vendors want you to believe. You do not boil the ocean. You pick the one queue burning the most analyst hours and you go after that.
- Find your noisiest source. Whichever alert stream produces the most findings that turn out to be nothing is your starting point. That is where AI triage pays off fastest, because the noise-to-signal ratio is highest there.
- Write down what “actionable” means in your environment. Not in the abstract. In your tenant, with your assets and your known-good behavior. The model can only triage against criteria you can articulate, and articulating them is half the work whether or not AI ever touches it.
- Put one AI step in front of that queue. Have it score priority against your context, write a one-line rationale, and route. Start with it suggesting, not deciding. Run it in shadow mode against decisions a human is still making, and compare the two.
- Make every decision auditable. Log what the model did and why, including the suppressions. This is the difference between a tool you can defend in an audit and a black box you have to apologize for.
- Measure the hours back. Track how much analyst time the layer returns. That number is your case for expanding to the next queue, and it is the number that actually moves a board.
This stays incremental on purpose, because incremental is what survives contact with a real environment. The organizations getting breached are not the ones without AI. They are the ones who bought it, believed in it, and never operationalized it. The fix is not more belief. It is one deployed, auditable, narrowly scoped triage layer that earns the right to handle the next one.
The distance between 91 percent believing and 9 percent deploying is not a technology gap. It is an attention gap, and attention is the one resource you actually control. Pick the queue. Put the step in front of it. Make it show its work. Then do it again.
And if your honest read on all of this is that your team does not have the hours, take that seriously instead of pretending otherwise. The last mile is real work, and not every team should own it alone. Bringing in a partner whose actual job is to stand the thing up and keep it running is not an admission of failure. It is the same call you already make any time you would rather an expert own the part that has to be right. The only version that does not work is the one most organizations are living in right now, where the tool is bought, the box is checked, and nobody ever made it earn its keep.
I am building out more of this triage and routing logic across my own environments right now, and I will share the working pieces as they stabilize. If you have stood up AI security triage in production, or tried to and hit a wall, I want to hear where it broke. The wall is usually the most useful part of the story.