.svg)
Today's cybersecurity professionals face a stark paradox: advanced threats are multiplying, yet many of the most damaging breaches still exploit basic security oversights—like unpatched systems and weak credential management. The persistence of these basic vulnerabilities makes automating foundational security tasks not just relevant, but urgent.
It's a reality Garrett Capaccioli, Director of Security and Compliance at WVS International/Thangs 3D, knows well from his work building security programs from the ground up, notably at 3D AI innovator Physna. He believes in the power of AI in helping companies finally master these fundamentals.
Back to basics: "AI's biggest opportunity is helping us master security fundamentals," Capaccioli states. "What I really see as the big trend is actually going back to the basics and leveraging AI tools in places where historically, organizations have failed to follow those basic principles.”
Tackling the unglamorous: Capaccioli is most enthusiastic about AI’s capacity to handle the unglamorous, yet foundational, cybersecurity tasks. "Everyone is really excited about this new AI technology," he concludes. "And where I'm really excited is how we can apply AI, this new technology to these core basics that we all have known for the last 15, 20 years—leveraging AI to effectively do the non-sexy work that typically leads to compromises."
The digital apprentice: AI is now often seen as an "indispensable apprentice," taking on the tedious but vital work of vulnerability scanning and patch management. Capaccioli puts it plainly: "Take patching. It’s a repetitive task that still plagues companies today. If you can automate even the most basic patching using AI, that alone would solve a lot of problems," he explains. Such automation can also unlock real cost savings for businesses.
The AI auditor arrives: A cornerstone of Capaccioli’s outlook is the "AI auditor," a concept fast becoming reality. Smart AI tools now sift through mountains of user data, spotting subtle anomalies and behavioral patterns that might signal insider threats. "It really comes down to automating Tier 1 security operations," he explains, noting that AI can make this historically labor intensive problem "substantially easier with the newer tools that are coming out."
Automated vigilance: Platforms like Darktrace already create behavioral baselines and autonomously flag deviations, acting much like the automated internal watchdogs Capaccioli describes. "Insider threats really succeed because there is a lack of monitoring and visibility, and a lack of proper separation of duties," he says. "But now I think that AI will serve as a third party watchdog, ensuring that both access controls and user activity are in line. I call them AI auditors."
A new security chapter: While AI in this role still needs human partnership and faces hurdles like false positives, Capaccioli views AI as writing a new chapter for security. "We're really experiencing a paradigm shift similar to that of the arrival of the Internet," he observes. "All of the assumptions and all of the tools and techniques that you used before are going to become obsolete in the sense that you need to completely reevaluate how you address these new threat landscapes."
