Can AI Replace Cybersecurity Experts?
Can AI Replace Cybersecurity Experts?
A recent study conducted by researchers at Stanford University revealed that an AI-powered security agent is capable of competing with professional hackers — and even outperforming them in some scenarios — despite their extensive experience in the field of cybersecurity.
During the study, researchers tested an AI agent known as ARTEMIS in a direct head-to-head competition against ten carefully selected cybersecurity professionals. The agent achieved a notable result by finishing in second place, and it also succeeded in discovering security vulnerabilities that some of the human participants overlooked, particularly when handling multiple complex tasks simultaneously.
According to a report published by Business Insider, ARTEMIS spent approximately 16 hours scanning the public and private networks belonging to Stanford University's computer science department, analyzing thousands of devices for security weaknesses. By the end of the experiment, its performance surpassed that of most human testers, while also achieving this at a significantly lower operating cost.
The operating cost of ARTEMIS is approximately $18 per hour, compared to an average annual cost of $125,000 to employ a professional penetration tester. Even when compared to the most advanced AI agents, which cost around $59 per hour to operate, the cost remains lower than relying on a senior human expert.
Study Details
The study was led by a research team from Stanford University comprising Justin Lin, Eliot Jones, and Donovan Jasper, who are the developers of the ARTEMIS agent. The development of this system came after they observed that existing AI tools struggled to handle long and complex security tasks requiring sustained focus and in-depth analysis.
During the test, the AI agent was granted access to Stanford University's network, which comprises approximately 8,000 devices including servers, computers, and various smart systems. The human testers were asked to work for a minimum of ten hours, while ARTEMIS operated for up to 16 hours spread over two days. To ensure a fair comparison, the researchers based their analysis on only the first ten hours of the agent's performance against that of the human participants.
During this period, ARTEMIS managed to discover nine real security vulnerabilities, achieving an accuracy rate of 82% in the reports it submitted, outperforming nine out of ten human participants. Its discoveries also included vulnerabilities that some of the experts had failed to detect.
However, the performance was not without shortcomings. The Wall Street Journal noted that approximately 18% of the alerts issued by the agent were false positives. ARTEMIS also failed to detect an obvious vulnerability on one of the web pages — a flaw that most of the human testers were able to identify quickly.
The Dark Side of AI Advancement
On the other hand, the accelerating pace of AI development is raising growing concerns in the realm of cybersecurity. Tools built on this technology have lowered the technical barriers to carrying out cyberattacks and spreading disinformation, enabling criminals with limited expertise to conduct large-scale operations with unprecedented efficiency. With AI agents now steerable using simple natural language commands, causing significant harm has become accessible to a far broader range of users.
In this context, a report published by Anthropic revealed that entities linked to North Korea used the AI model Claude to obtain fake remote work positions inside major American technology companies, gaining access to sensitive internal systems. The report also indicated that another group from China exploited the same model to support cyberattacks targeting the telecommunications and agriculture sectors, as well as government entities in Vietnam.
In response to these threats, major AI companies have begun strengthening their protective measures. Microsoft has developed advanced tools to detect suspicious commands and unusual activity, while OpenAI employs warning mechanisms that alert users when AI agents attempt to access sensitive websites or systems, halting execution unless directly supervised.
Amid these developments, a number of cybersecurity experts are calling for stricter controls on the use of AI agents, including requiring prior human approval before executing high-risk actions — such as extracting sensitive data or accessing bank accounts — in order to curb misuse and reduce potential risks.
Between Opportunity and Threat: Where Does the Human Stand?
These developments show that AI is no longer merely a supporting tool in the field of cybersecurity — it has become a principal actor reshaping the balance of power between attackers and defenders. While it grants organizations unprecedented capabilities in monitoring, analysis, and rapid response, it simultaneously amplifies the danger of attacks when it falls into the wrong hands.
Yet practical experiments, such as the ARTEMIS case, clearly indicate that AI does not operate at peak efficiency in isolation — it achieves its best results when integrated with human expertise. Contextual judgment, risk assessment, and ethical decision-making remain elements that cannot be fully automated, regardless of how precise and computationally powerful the models become.
From this standpoint, the future of cybersecurity appears closer to a partnership model than a replacement one — where AI handles the labor-intensive and repetitive tasks, such as network scanning, log analysis, and pattern detection, while humans remain responsible for directing strategy, making final decisions, and understanding the broader dimensions and impact of an attack.
The Bottom Line
AI will not eliminate cybersecurity experts, but it will fundamentally transform the nature of their role. The specialist who fails to master working with these tools will find their relevance diminishing, while the expert who can leverage AI with awareness and deep understanding will become more valuable and impactful than ever before.
The battle is no longer between humans and machines — it is between those who know how to use AI intelligently… and those who do not.
