.svg)
This article is based on our CEO Ismo Paananen's keynote delivered at the Cyber Executive + CIO Nordic event on March 2026 titled: Human-in-the-loop.
The most important decision about AI in cybersecurity is the level at which the work is divided between humans and AI.
Cybersecurity has always been a complex and demanding area, but now AI is starting to reshape not just how we do the work, but also who does what.
So the key question becomes:
Where should humans focus, as AI takes on more responsibility?
Different levels of AI-human collaboration
Level 1: Human as the Builder
Traditionally, cybersecurity has been fully built by us humans.
We build the defenses, we build the plans, we implement everything related to cybersecurity.
Professionals design defenses, create policies, and implement systems. It’s a demanding role that requires deep expertise, especially because cybersecurity is not just the technical details, but the holistic system.
At this first level, humans do everything.
Level 2: Human as the Editor (AI as an Assistant)
Many organizations are now moving into this next level.
In a level 2 setup, AI generates drafts and suggestions, how things could be done. The human role shifts to refine, approve and improve what AI produces.
This makes the work more accessible and scalable. New team members can contribute more easily, supported by AI-generated ideas. But still, at this level, the human is doing most of the work. AI is helping, but it's not leading.
Level 3: Human as the Approver (AI as Primary Doer)
Then we can take things one step further.
In the third level, AI is actually handling most of the initial work. It takes over analysis, structuring, and proposing solutions. The human role becomes focused on oversight and validation rather than execution.
This shift is already happening and raising important questions.
The critical question: Is this too much power for AI?
At this point, a natural question comes up: Is this already too much? Are we moving toward a situation where AI “knows better” than humans?
There are two main concerns:
- Over-reliance on AI
- Losing human expertise over time
And this is where we need to be careful, as AI is powerful at processing and generating information, but it does not understand context in the same way humans do.
Why human expertise still matters
Cybersecurity is never just technical but is always tied to a specific organization. Every company works differently, with its own requirements, culture, and way of doing things. Some of this can be explained to AI, but not all of it. There are always small details and real-world nuances that come from experience. These are often what determine whether something actually works in practice.
That’s why human expertise still plays a key role. The job is to make sure things actually fit so the output isn’t just correct on paper, but that it works in practice too.
The ideal future: Human and AI working together
The goal is to use the strengths of both the humans and the AI.
That means shifting the human role away from building and doing everything manually, and more toward thinking, validating, and making decisions. AI handles execution with speed and efficiency. Humans bring context, judgment, and a real understanding of how the company works.
That matters because cybersecurity decisions do not happen in a vacuum. They depend on business priorities, internal dynamics, risk appetite, and countless details that AI cannot fully understand on its own.
AI can help do the work faster. Humans decide what actually makes sense.
