AI needs human oversight to safeguard critical infrastructure

As AI becomes more embedded in cybersecurity, experts warn that its implementation must be balanced with human oversight—especially when protecting critical infrastructure. Patrick Joyce, Global Resident CISO at Proofpoint, emphasized in a recent interview that while AI empowers real-time threat detection and rapid response, it also introduces new risks, particularly when used by malicious actors in state-sponsored cyberattacks. 

AI can enhance cybersecurity defenses by processing large datasets to detect anomalies and prevent breaches. However, it can also be exploited to craft sophisticated phishing attacks and bypass traditional security controls. Joyce points out that the human element remains the most significant vulnerability, with errors like clicking malicious links or mishandling sensitive data posing consistent threats. 

Sectors such as healthcare, utilities, and aviation are particularly at risk. Outdated systems, weak authentication, and inadequate access controls are among the pressing vulnerabilities. Joyce advocates for best practices like multi-factor authentication, regular patching, and ongoing employee education to mitigate human-driven risks. 

Operational technology (OT) systems—which are central to critical infrastructure—present unique challenges. Unlike traditional IT systems, OT environments are siloed, making them more difficult to monitor. AI tools tailored for OT environments can help by detecting anomalies in real time and preventing disruptions. 

Joyce stresses that AI must not operate in a vacuum. Human analysts should always review AI-generated alerts, as AI may overlook subtle cues or misclassify data. If training data or algorithms are compromised, it could lead to manipulated outcomes or compromised systems. 

With increasing regulatory frameworks such as the EU AI Act and the NIST standards in the U.S., Joyce calls for stronger public-private collaboration. Initiatives like ISACs help stakeholders share threat intelligence, reinforcing national and industry-specific resilience. In cybersecurity, AI is a powerful tool—but it must be wielded wisely, with human judgment guiding its deployment. 

Source: 

https://www.itnews.asia/news/ai-needs-human-oversight-to-safeguard-critical-infrastructure-against-new-cyber-threats-615635