During a major security incident, responders face an overwhelming challenge: thousands of logs, hundreds of findings, and executives demanding answers within minutes. Meanwhile, threat actors appear to be using AI to accelerate their attacks, creating an arms race where defenders must evolve or fall behind.This was our reality responding to customer incidents. Through trial and error, we learned where AI genuinely helps, where traditional automation suffices, and where human expertise remains irreplaceable.

This session shares our journey building AI and automation into incident response. I'll discuss which tasks suited traditional automation versus where AI added real value, and importantly, what failed under real incident pressure.

You'll learn how we built these capabilities incrementally and integrated them without disrupting responders.