Reflections from Josh Ray, CEO of Blackwire Labs

I had the privilege of joining an outstanding group of cybersecurity leaders for Solutions Review's Insight Jam panel on "Fortress AI: Deploying AI Agents for Ironclad Security." The conversation with Michael Morgenstern (DayBlink Consulting), Daniele Catteddu (Cloud Security Alliance), Greg Sullivan (CIOSO Global), Keatron Evans (InfoSec), and Simon Jonker (CSIS Security Group A/S) provided invaluable insights into where AI agents are transforming cybersecurity operations today—and where we're headed tomorrow.

The Human-AI Partnership: Trust Through Governance

One of the most compelling themes that emerged was the critical balance between AI autonomy and human oversight. As Daniele Catteddu noted, "I see [AI agents] as a tool, though, a tool that are going to augment humans. I doubt that will ever replace them or us, in the sense that there are way too complexities in order for them to be ungoverned."

This perspective aligns perfectly with Blackwire Labs' philosophy. We've designed our platform around the principle of human-augmented capability, where AI agents enhance human decision-making rather than replacing it. Our Cybersecurity Community of Excellence (CCOE) of 50+ seasoned professionals sets the foundation of validating and curating the knowledge (to include their wisdom) that powers our AI agents, ensuring that expert human insight remains at the core of every recommendation.

Simon Jonker reinforced this notion, by emphasizing that "fundamentally security boils down to trust. And the best way to build trust is also to do that through relationships... ultimately person to person." 

This is precisely why our TrustWire technology provides blockchain-based verification and complete auditability—because trust in AI systems must be built on transparency and verifiable expertise.

The Reality Check: We're Already Behind

Greg Sullivan delivered a sobering reality check that resonated throughout the discussion: "No cyber attack I've seen in the last few years has been the act of a single team—so we better put ourselves in a position to have at least the tools they're using against them. And AI is in that category today."

This observation underscores why Blackwire Labs exists. Cyber criminals have been "professionalizing" their operations for years now and espionage actors are determined, well resourced and continuously increasing in capability - now layer on the ability to leverage AI tools to scale and accelerate their attacks. Meanwhile, many organizations struggle with basic security fundamentals due to resource constraints and skills gaps. Our vendor-agnostic approach democratizes access to enterprise-grade cybersecurity intelligence, helping organizations of all sizes compete against well-resourced adversaries.

Practical AI Applications: Beyond the Hype

The panel showcased several compelling use cases that demonstrate AI's immediate value in cybersecurity operations:

Vulnerability Management & Threat Mitigation

Michael Morgenstern set the stage perfectly: "The goal seems to be the same: to focus humans on the most critical IQ intensive functions and automate away all the rest." 

Simon Jonker highlighted a critical use case: "The ability to present, aggregate, and somehow collect all of the information, especially in the network segment... funnel it down into an AI agent that can help you strategize and help you target as an analyst, what are the threats that we are detecting here."

This mirrors our approach with Blackwire 2.0's advanced agentic architecture, which intelligently orchestrates multiple data sources and specialized tools to provide contextualized threat intelligence tailored to each organization's specific environment.

Skills Assessment and Training

Keatron Evans shared an innovative approach to validating cybersecurity skills using AI, noting that many professionals claiming extensive experience actually "assess at the level of someone who's been doing it for like six months." 

This highlights the skills gap that Blackwire.ai helps bridge by providing expert-level guidance to practitioners at all skill levels and organizational roles.

A Personal Use Case: Turning Compliance into Competitive Advantage

During the panel, I shared a real-world example that illustrates the transformative potential of AI in cybersecurity. Working with a CISO in a large manufacturing OT environment.  The CISO wanted to create a data driven board presentation to ask for investment to mature portions of his security program. His pragmatic and creative idea was to demonstrate how this investment could not only help drive down organizational risk but demonstrate how this investment would be offset by potentially reduced cyber insurance premiums, however he needed data to support his business case.  We used Blackwire.ai to analyze their CIS Controls, focusing on those controls that had a low maturity score.  The objective was to first provide specific recommendations and implementation steps to increase the maturity of those controls.  Then assuming those controls had improved, we cross-referenced those results with cyber insurance requirements.

The result? Within minutes we created an intersection of the specific CIS controls that would simultaneously improve their security posture and (once improved), would significantly reduce their insurance premiums. This targeted and data-driven approach on what to focus on, why and how to achieve it, saved the organization an estimated $160,000-$200,000 in consulting fees, provided a compelling business case for the board, and a prescriptive roadmap to success.

As I noted in the discussion, "That's an interesting use case that was maybe not something that I actually thought of initially, but in working with our client actually drove a really positive outcome."  This exemplifies how AI agents can surface unexpected value by connecting disparate data points in ways that humans might miss or more likely not have the time or money to implement.

The Accountability Challenge

Keatron Evans raised a crucial point about AI accountability: "When they adopt AI into their security workflows... that accountability and that responsibility matrix is mapped out... the ownership of a decision that was made is somewhere buried into some AI algorithm somewhere and nobody knows how it got made."

This is exactly why we took a human-and-technology approach to address this accountability challenge. We've invested significant time and resources in creating rigorous source evaluation criteria grounded in intelligence analytical tradecraft. Our Cybersecurity Community of Excellence provides the curated expert knowledge base that forms the foundation of every recommendation. All outputs are completely referenceable, with sources secured via Trustwire technology so you know the source is authentic and hasn't been altered. Organizations can trace every recommendation back to its expert-validated sources and demonstrate the integrity of that information to auditors, boards, and regulators.

Looking Ahead: The Evolution of Fortress AI

The panel reinforced my conviction that we're at an inflection point in cybersecurity. As Keatron Evans wisely advised: "Focus on the problem that you want to solve and then find a way to use AI to solve it—versus just focusing on putting AI into something."

This problem-first approach is driving our development of Blackwire 2.0, coming out later this year. We're not adding AI features for the sake of having AI—we're solving real client problems:

• Workflow automation that eliminates complexity - No need to be an expert prompt engineer or wondering what to ask. The platform adapts to your security processes with intelligent onboarding that captures your organization's context and configures custom AI personas for each role based on your technology ecosystem and business priorities

• Streamlined intelligence operations - Transform threat reports into automated analysis and strategic deliverables within hours, while turning time-intensive compliance processes into efficient analyses across HIPAA, CMMC, ISO, and NIST frameworks

• Precision-targeted security management - Custom dashboards and daily briefings correlate global threat intelligence with your specific organizational vulnerabilities and business drivers, while automated tabletop exercise workflows generate comprehensive, realistic threat scenarios in hours rather than weeks, dramatically reducing costs while maintaining enterprise-level quality and regulatory compliance requirements

The Path Forward: Measured Adoption with Bold Vision

Daniele Catteddu provided perhaps the most balanced perspective on AI adoption: "I would certainly encourage all of you and everyone in the audience to... go for that. So perhaps if I can make kind of a call for action I would certainly encourage all of you... to help us in developing those best practices, those frameworks that are going to be able to help us in better governing a technology that... is absolutely fantastic."

The cybersecurity community must work together to establish governance frameworks for AI adoption. At Blackwire Labs, we're committed to this collaborative approach and expanding our partnerships with organizations like the Cloud Security Alliance.

Conclusion: Building Trust in an AI-Driven Future

As we deploy AI agents across our security operations, we must remember that the goal isn't to eliminate human judgment—it's to augment human capability at scale. The most successful organizations will be those that can harness AI's speed and precision while maintaining human oversight and accountability.

That's the vision we're building toward at Blackwire Labs, and it's the conversation we must continue having as an industry.

The full Insight Jam panel discussion is available on Solutions Review's YouTube channel. I encourage everyone to watch the complete conversation to hear all the valuable insights from our distinguished panel of experts.