Defensibility in the Age of Machine-Speed Decisions

For most of the last decade, security leaders have been measured on speed. Mean time to detect. Mean time to respond. Dwell time. The implicit promise of every SOC modernization effort was that faster was better, and that automation would eventually close the gap between attacker and defender.

That promise is finally being kept. AI agents now triage alerts, enrich tickets, isolate hosts, revoke credentials, and quarantine workloads — sometimes in milliseconds, often without a human in the loop. The speed problem, in many environments, is solved.

A new problem has taken its place: defensibility.

When the answer is fast, the question becomes "why?"

When a human analyst contained a host at 3 a.m., we knew how to evaluate the decision. We could read their notes, look at the alerts they pivoted through, and reconstruct their reasoning. The chain of custody was, in a meaningful sense, the analyst.

When an AI system does the same thing, the question shifts. Regulators, auditors, customers, executives, and increasingly plaintiffs' attorneys all want to know the same thing: on what basis was that action taken? Was the data the model relied on accurate? Was it current? Was it complete? Could the same decision be defended in front of a board, a regulator, or a court?

This is not a hypothetical concern.

• The EU AI Act requires high-risk AI systems to support automatic logging of events over the lifetime of the system and to be transparent enough that deployers can interpret outputs and use them appropriately.
• The SEC's cybersecurity disclosure rules require public companies to describe the nature, scope, and material impact of incidents within four business days of a materiality determination. This standard becomes considerably harder to meet when consequential containment decisions were made autonomously and the underlying evidence wasn't preserved.
• NYDFS, in its October 2024 industry letter on cybersecurity risks arising from AI, made clear that covered entities are expected to assess and mitigate AI-related risks under the existing Part 500 framework, with senior governing bodies on the hook for oversight.

Enterprise customers are demanding the same thing in their contracts: explain and back up the automated decisions that matter. "The model said so" is not an answer.

Defensibility, in other words, is becoming the new bar for trust in security operations. And it is a bar that most programs are not yet clearing.

Two kinds of defensibility, both built on context

It helps to separate two ideas that often get conflated.

The first is decision defensibility — the ability to reconstruct, after the fact, exactly what an automated system saw, what it concluded, what it did, and why that conclusion was reasonable given the evidence available at the time. This is the audit-and-accountability dimension. It is what a regulator or general counsel cares about.

The second is operational defensibility — confidence, in the moment, that the automated action is the right one. That the right host is being isolated, that the user being de-provisioned is actually compromised and not just anomalous. That the workload being quarantined is not a critical revenue system being taken offline because of a stale tag in a CMDB.

These two are increasingly the same problem. An action taken on bad context will fail both tests: it will be wrong in the moment and indefensible after-the-fact. An action taken based on good context will usually pass both. The question is no longer whether to automate. The question is whether the ground truth your automation rests on is good enough to bet the business on.

Why most AI security stacks are not yet defensible

The uncomfortable reality is that most of the data feeding security AI today was not designed for this purpose. Logs are configurable, tamperable, and frequently incomplete. Endpoint telemetry stops at the edge of what is instrumented. Cloud audit logs tell you what was configured and what API calls were made — not what actually moved across the network. Identity logs tell you who authenticated, not what they did with that session afterward.

When AI agents reason over this kind of data, they inherit its blind spots. They confidently produce conclusions from data that is missing the very evidence a defender would need to prove, or disprove, the case. The faster these agents act, the more often they act on partial truth. And the more they act on partial truth, the harder defensibility becomes.

Adversaries, including those using AI, understand exactly where defenders are looking — and where they aren't. They subvert the telemetry sources defenders trust most, and they operate in the segments of the environment that aren't instrumented at all. An AI defender that cannot see into those gaps is not just slower to respond, it is structurally easier to fool.

What defensible AI in the SOC actually requires

If defensibility is the new mandate, a few principles follow.

• Ground truth must come from a source that an adversary cannot edit or turn off. If the evidence can be disabled on the host, deleted from a log pipeline, or distorted by a misconfiguration, it is not evidence you can stake a decision on. Defensible decisions need a source of record that sits outside the systems being defended.
• Context must be current at the speed the decision is being made. A model acting in milliseconds cannot be reasoning over telemetry that is minutes or hours old. Stale context produces confident wrong answers, which is the worst possible failure mode for an autonomous system.
• The evidence trail has to be preserved. Not just the action and the alert, but the underlying behavior — what the entity actually did on the network, in what sequence, with whom — captured in a form that a human can inspect later and a regulator can accept.

The CISO's near-term agenda

For security leaders, this reframes the AI conversation. The question is no longer "where can we add an AI agent?" It is "where are we already letting machines make consequential decisions, and can we defend those decisions tomorrow morning if asked?"

That assessment usually surfaces the same gap: the data layer was built for humans reading dashboards, not for machines acting at line speed. Closing that gap is now strategic work, not plumbing.

The organizations that get this right will earn a quiet but significant advantage. They will be able to automate more aggressively, because they trust their context. They will spend less time defending past actions, because the evidence is already there. And they will be able to look a regulator, a board, or a customer in the eye and explain, with receipts, why the machine did what it did.

The network is one of the few places in a modern enterprise where this kind of evidence still exists by default. Traffic cannot be turned off without consequence, cannot be retroactively edited, and reflects what actually happened rather than what a system intended. That is why, at ExtraHop, we believe the network is the foundation for defensible AI in security: real-time context for accurate, defensible decisions at machine speed.

The era of fast is over. The era of fast and defensible is just beginning.

See Post-Compromise Activity in Action

Discover how the ExtraHop RevealX platform helps you detect and respond to threats like living-off-the-land and ransomware, no matter the entry point. Request a demo today