What do you consider to be the biggest success factors for adopting AI-enabled security solutions?

Several success factors stand out for adopting AI in security. Foremost is the security of the AI itself, including supply chain checks, policies for LLM usage, secret redaction, and prompt hardening. These considerations are top of mind for our team when evaluating or moving away from secure AI products. We also assess the lifecycle of these products, including operational ownership, whether there is a product owner within the SOC or VM, or if it is vendor-driven. Data readiness is another critical factor, encompassing data cleanliness, prompt engineering, and the fidelity of telemetry. Identity management and reliability of data sources are also important. Additionally, we monitor quality measurements such as override rates, SLA adherence, and the precision of false positive and true positive rates. These are among the primary factors we consider when evaluating the success of adopting an AI security tool.

The issue extends beyond security to include compliance and regulatory considerations. It is crucial to understand how AI is using data, what level of data is being fed into the system, and whether that data remains within the organization’s ecosystem. Once data leaves the organization, it cannot be retrieved, so it is essential to evaluate the impact on the organization’s data set. Success requires a combination of security and other industry pillars to ensure the right guardrails and protections are in place.

A key success factor is ensuring that the adoption of AI-enabled security solutions is led and supported by the security team itself, rather than being driven by other departments such as HR or marketing. It is important that security has the primary role in evaluating and implementing these tools, rather than having them introduced or partially implemented by other teams before security has had the opportunity to assess them.

Personally, beyond the classic ROI—always a reliable metric—I would evaluate the main success case in terms of the solution’s ability to adapt to future risks. The question I want to answer is: how well can my security system adapt to new threats thanks to AI?

As an energy company adopting AI-enabled security, we succeed when we started with low-risk, high-visibility use cases that build internal trust while improving operational resilience. This typically means using AI for anomaly detection, alert triage or predictive insights rather than immediately delegating decisions to automation.

The organisations that progress fastest deliberately invest in data quality and governance, because AI effectiveness in critical infrastructure depends heavily on clean OT/IT telemetry, asset inventories, and trustworthy pipelines. Also prioritize explainability and accountability, making sure every AI output can be traced, audited, and reviewed – which reduces regulatory friction and ensures operational teams remain confident in the technology.

Operational success also hinges on workforce readiness and cross-functional buy-in. Utilities and energy companies that frame AI as a “force multiplier” rather than a replacement achieve broader adoption and less resistance from engineering, operations, and SOC teams. The most advanced firms embed AI within a strong governance and security architecture, ensuring the AI systems themselves are protected from poisoning, manipulation, and supply-chain vulnerabilities. Across the board, leaders should treat AI as a risk-reduction and reliability enabler, integrating cybersecurity, maintenance, and operational analytics to gain value across departments rather than in isolated tools.

Ultimately, the companies that win with AI in security are those that recognize it’s not just a software deployment but an organizational capability upgrade. They invest in people, governance, data, and cross-team collaboration. That combination — not the algorithm itself — is what drives safer operations, stronger resilience, and measurable efficiency improvements.