Defensive AI · The real differentiator at OCIRIA
How we use AI to defend, not to ship reports faster. Difference with offensive AI and practical use cases in European SMBs.
Defensive AI
AI is changing attack as much as defence. We talk about how we apply it, without magical promises.
---
What we mean by defensive AI
Defensive AI is the use of AI models to improve three concrete tasks in security: detecting weak signals a human team would overlook, correlating events across heterogeneous sources within reasonable time, and prioritising response based on business context, not on automatic CVSS scoring.
It is not a product you buy. It is a layer that integrates into the analysis process, always supervised by a senior engineer. The model suggests, the person decides.
---
Offensive AI vs defensive AI
The asymmetry is real. Attackers are automating reconnaissance, phishing email drafting, malware variant generation and credential discovery using AI techniques. The barrier to entry for attack drops every quarter.
Defence has a different advantage: context. The attacker knows generically what they are looking for. The defender knows specifically which assets are critical, which usage patterns are normal and which deviations matter. Well-applied defensive AI amplifies that context, it does not replace it.
What an attacker can automate with AI:
- Massive collection of public information about targets.
- Generation of personalised social engineering messages.
- Testing of payload variants to evade detection.
- Discovery of misconfigured infrastructure at scale.
What a defender can automate with AI:
- Event correlation across identity, network and endpoint logs.
- Detection of anomalous access or exfiltration patterns.
- Generation of investigation hypotheses for the analyst.
- Executive incident summaries in plain language.
The key difference: the attacker wants volume, the defender wants precision.
---
How we apply it in each service
In vCISO. We summarise operational noise (alerts, tickets, logs) into a monthly dashboard the leadership committee can read in fifteen minutes. AI prepares the draft, the senior engineer validates and signs it.
In ISO/IEC 42001. We use the standard itself to govern our own internal AI usage. We practise what we preach: every model we use has its system card, risk assessment and documented human oversight.
In OSINT Audit. AI accelerates collection and correlation. When a search returns ten thousand results, a well-oriented model reduces them to two hundred relevant items. Analysis and conclusions are always done by a human.
---
What we do NOT do with AI
- We don't use AI to make unsupervised security decisions.
- We don't use AI to write executive reports without a line-by-line engineer review.
- We don't deliver AI-generated reports signed as if written by a human.
- We don't feed your confidential data into public services without a data processing agreement.
AI is a tool, not a vendor.
---
A note on transparency
If a report of ours contains sections drafted with AI assistance, we say so. If a free tool of ours uses AI to analyse what you submit, we tell you before you click "Analyse". This is consistent with ISO/IEC 42001 and the EU AI Act.
---
Want to see a concrete case?
Book a thirty-minute session. We'll walk you through a real (anonymised) dashboard and explain what AI does, what the human does, and where the line is.