AI in cybersecurity isn’t a fad, but a technology that has been evolving for decades. A talk by Július Selecký from Eset showed how the neural networks of the ’90s evolved into layered tools that shorten both detection and incident response times. Despite the progress, the human remains key—AI should ease their workload, not replace them.
Cloud reputation and sandbox: quick insight into an unknown file
Live Grid is a cloud reputation system to which more than 100 million workstations and servers around the world contribute. By sharing file hashes and behaviors, the system can alert to new threats almost in real time—without waiting for routine signature updates. This makes it possible to respond within minutes to an attack that has just appeared, for example, in Asia.
If a completely unknown file appears, Asset Lifeguard Advance steps in, a cloud sandbox physically located in Bratislava. The file is held briefly, "allowed to get infected" in a controlled environment, and passes through four detection layers; after about three minutes, the admin receives a report. When everything is clean, the system lets the file through; if an anomaly is found, a warning and recommendation are displayed.
Transformers, XDR and people: AI as an amplifier for the security pro
Advanced machine learning (Augur) combines neural networks with the "DNA" approach and quickly classifies samples as clean, suspicious, and malicious. Transformers are trained not on human language, but on code: they can search for known malicious fragments and speed up detection. In XDR, Incidentator helps—it visualizes incidents, adds cloud reputation, and describes what the analyst is looking at; the AI advisor is a chatbot that can explain the techniques used and suggest mitigations.
Even so, the human remains decisive, especially in smaller companies that often lack dedicated monitoring. That’s why Eset relies on a combination of technologies and a team in the monitoring center (MDR): it collects events, simplifies the view into a single dashboard, and acts. According to an internal competition analysis, it shortened MTTR from roughly 20 to 6 minutes—it’s not just about detection, but also response: isolation, deletion, restart, or shutdown of the affected device.