Compass' Ryan Glynn on Why LLMs Shouldn't Make Security Decisions — But Should Power Them

Описание: Ryan Glynn, Staff Security Engineer at Compass, discusses practical AI implementation in security operations, sharing how his team achieved 95% reduction in phishing triage burden by processing 400 emails daily through custom machine learning models. Ryan explains why he tunes detection rules directly rather than prompt-engineering agentic platforms, and advocates starting with business-critical detections that prevent bankruptcy or public damage rather than chasing risk signals.

Chapters:
0:00 Introduction
0:32 AI strengths in documentation and language processing
2:20 Using LLMs for feature engineering in ML models
3:22 Challenges with agentic SOC platforms
5:40 SOAR versus AI agents debate
7:22 Email phishing automation use cases
9:01 Intent classification and context understanding
10:14 Model portability and speed improvements
11:05 Business context integration challenges
14:41 Evolution of phishing attack techniques
17:09 Alleviating SOC burnout with ML automation
20:42 Company-specific versus general models
23:22 Detection philosophy and risk prioritization
26:36 Alert tagging and feedback loops
32:03 Context gathering costs and efficiency
33:44 Query language challenges across platforms