Today, AI sits at the peak of the hype cycle, but AI in network management faces fundamental challenges that the industry seems reluctant to acknowledge. While it's revolutionizing certain fields, network security isn't necessarily one of them—at least not yet.
I've seen technology trends come and go. Some deliver on their promises; others fade as quickly as they appeared. Today, AI sits at the peak of the hype cycle, with vendors promising revolutionary improvements in network management and security through artificial intelligence.
But I'm here to pour some cold water on those claims.
The reality is that AI in network management faces fundamental challenges that the industry seems reluctant to acknowledge. While it is revolutionizing certain fields, network security isn't necessarily one of them—at least not yet.
The big data dilemma: Why AI in network management falls short
AI fundamentally runs on data—massive amounts of it. It uses terabytes of information to build statistical models that can make predictions or identify patterns. This creates the first major obstacle for AI in network security: do we have terabytes of data about your network that we can feed into an AI system? No? That makes it almost impossible to use AI for network security.
Even if your company maintains years of network security logs, are you willing to ship that critical corporate data off to a third-party AI system for analysis? Or do you have the thousands of free CPUs to run your own private AI model which can analyse that data?
After incidents like the CrowdStrike outage that affected millions of systems globally, companies are increasingly (and rightly) hesitant to grant third-party security vendors unfettered access to their networks.
Do you have terabytes of data about your network or network security in general? No, so you can't effectively use AI.
The CrowdStrike outage in July 2024 was a watershed moment that demonstrated how a single configuration update could paralyze global operations. This has made many organizations reconsider how much control and data access they're willing to give to external security vendors, regardless of promised AI capabilities. When companies are locking down access, AI systems don’t have the big data that they need to operate. The result: AI solutions can’t get a toehold in the sector and do not offer significant value-add.
AI accuracy in network security: The problem with "mostly right"
Next, let's look at where AI excels today. It's astonishingly good at generating content, images, and videos that are maybe 99% correct. If you need a graphic artist to create images. AI gets you a "good enough” solution. If you need something better, a human can then clean it up. If you try to get an AI to design a building, it will produce results that look “mostly good”, but portions will be utterly bizarre, like an M.C. Escher drawing.
Are you willing to bet the security of your network on an AI-generated M.C. Escher fever dream?
Network security isn't a domain that tolerates "mostly accurate" solutions. While 99% accuracy might be fantastic for content generation, that 1% error rate is catastrophic when it comes to network security. You can't run a corporate firewall on "mostly pretty good."
The problem of AI hallucination—where systems confidently generate plausible but entirely fictitious information—is particularly troubling in security contexts. An AI can confidently report that a network is secure while missing critical vulnerabilities. Or, an AI can hallucinate security vulnerabilities, leading you on a wild goose chase for something that doesn’t exist. When you use AI in the wrong context, the consequences can be devastating.
Want proof that AI hallucinations are a real security threat? Look no further than the bombshell study from researchers at three US universities identifying “slopsquatting”. Security Week on this new software supply chain threat created by AI hallucinations. When LLMs generate code, they often recommend or reference entirely fictitious software packages. Threat actors can exploit this vulnerability by publishing malicious packages using these hallucinated names.
"As other unsuspecting and trusting LLM users are subsequently recommended the same fictitious package in their generated code, they end up downloading the adversary-created malicious package, resulting in a successful compromise," the academics explain in their research paper.
The study found that out of 16 popular code-generating LLMs tested, none was free of package hallucination. Even the so-called “best” commercial models invented fake packages in at least 5.2% of cases. Open-source models? A staggering 27.1% failure rate.
Think about that for a moment. Even the best AI systems in the world are making up software packages that don't exist in more than 1 out of 20 instances. This perfectly illustrates why 99% accuracy—while impressive in many contexts—remains fundamentally incompatible with network security requirements. When AI confidently recommends non-existent security solutions or misidentifies threats, it creates vulnerabilities rather than eliminating them.
Outside of AI hype: Network security methods that actually work
While the industry chases AI solutions, many organizations have already implemented far more practical approaches to network security that don't require cutting-edge AI. They implement basic security policies and practices that are known to work. Practices like these have decades of success behind them:
- Where possible, keep software up to date.
- Apply security patches as available (but check them first!).
- Use firewalls and VPNs to control access to networks.
- Follow “minimum privilege” practices. People and systems should have the minimum privileges necessary to get their job done.
- Perform regular system audits and analysis.
In short, manage and maintain your network. Don’t take it for granted that it works.
For example, going back 15–20 years, major companies have increased network security by using VPNs, even on their internal network! You want to log into a server? VPN into it. In turn, the servers are configured to block all traffic that doesn’t come across the VPN. This approach ensures that all network traffic is private and authenticated, even for protocols that don’t have privacy or authentication built in.
This approach also creates a natural segmentation that doesn’t require complex AI systems to separate “good” network traffic from “bad” network traffic. When all of your servers have the firewalling built in—which is basically "they only accept connections over the VPN"—who cares what's happening in the background on the rest of the network.
This doesn't mean you ignore everything else. You still have intrusion detection systems (IDS) looking for known bad traffic, but it means that you're not relying on an AI to make security decisions that could affect your entire business.
Limited applications: Where AI network monitoring shows promise
Despite my scepticism, I do see some areas where AI in network management could provide value:
1. Pattern recognition in limited contexts
For specific, well-defined tasks with clear parameters, AI can excel at pattern recognition. If you're looking to identify unusual traffic patterns among regular, predictable network flows, machine learning algorithms might help filter the signal from the noise.
For example, AI systems could analyse login patterns to see suspicious login times or locations. This kind of AI system is much simpler than modern “natural language” models. It doesn’t require access to terabytes of data, and it can be run in your local system without incurring huge costs.
2. Performance optimization
AI may be useful for optimizing network resource allocation based on historical usage patterns. Unlike security, performance optimization can tolerate some degree of imprecision, making it better suited for AI analysis.
3. Anomaly detection with human oversight
With proper human oversight and a focus on minimizing false positives, AI can serve as a first-pass filter for potential anomalies. The key here is not relying on AI to make final determinations but using it to direct human attention more efficiently.
But for each of these potential benefits, we must ask: Is AI truly delivering value beyond what traditional tools can provide? Or are we just adding complexity and opacity to our network management processes?
(For additional perspective, SANS has done some survey work on AI and its role in cybersecurity.)
Network authentication and AI
At InkBridge Networks, we focus on securing networks by ensuring all users and devices are authenticated and tracked. We see this practice as an absolute requirement for any modern network. We believe that if your network is wide open, then you don’t need AI to analyse network security: we know that your network is insecure.
In the context of network security, AI becomes useful only after all other security measures have been taken. Once you have secured logins, VPN access, and audit logs, you can analyse that data with AI to detect patterns that would be hard for a human to spot.
Evaluating AI network management solutions: Ask these hard questions
The next time a vendor pitches an AI-powered network management solution, ask these questions:
- Where is the data coming from? How much data is needed to make this work effectively? Remember, their solution is built on your data! Are you the customer, or are you the product?
- How does the system handle uncertainty and novel situations?
- What happens when the AI makes a mistake? Make sure you pay attention to both positive mistakes (AI does the wrong thing) and negative mistakes (AI fails to do the right thing).
- Is this truly solving a problem that couldn't be addressed with simpler, more reliable approaches? (The NIST Cybersecurity Framework is a good resource for established security practices that work.)
Sometimes the most innovative approach isn't adopting the latest buzzword technology—it's applying time-tested principles with discipline and precision.
I'm not anti-AI. I'm anti-nonsense. Show me an AI solution that actually solves real network security problems better than current approaches, with data you can actually collect legally and ethically, and I'll be first in line to implement it. Until then, I'll stick with what works and use AI in limited situations only.
Need more help?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.
Related Articles
Big Tech Concentration Made CrowdStrike Update a Catastrophe
As we dissect the CrowdStrike outage, we’ll find the human error was multiplied by the concentration in Big Tech, says network security expert Alan DeKok of InkBridge Networks.
Don't "Set it and Forget it"
So you decided that whatever you were using for network security wasn’t getting the job done… Either it didn’t scale with the growth in your user base, devices, or network design, or it was hindering your organization’s productivity. Or maybe you suffered a security breach. Whatever the case, you decided to make the jump to RADIUS authentication, and you’ve implemented a RADIUS server.