Our $18K AI security tool did nothing for a year
Last fall, a manufacturing client in Grand Rapids paid $18,000 for an AI-driven threat detection dashboard. Eleven months later, we discovered it was basically an expensive screensaver—feeding stale data from a firewall nobody had patched since 2021.
After three decades running cable, swapping PBXs for VoIP, and dragging clients into the cloud, I’ve seen this pattern before. New decade, same delusion. The belief that a shiny box will paper over rot in the foundation. If your firewall firmware predates the Biden administration, what exactly do you think the AI is going to learn? Right now, that shiny box has “AI” printed on the side.
Sandra McLeod is CISO at Zoom, and she recently told Dark Reading that AI should act as an enabler rather than a replacement for human analysts. She reports that her security teams use automation to handle repetitive SOC tasks while people focus on complex threats. She’s not wrong. But her context isn’t yours. Zoom runs a global platform with armies of engineers and a security operations center that actually exists. Most businesses I work with in the Midwest have a part-time IT manager and a SonicWall they bought in 2019.
According to McLeod, Zoom operates on a philosophy of “secure by default.” That’s a beautiful goal. The catch? Secure by default only works when your entire stack was engineered together. It doesn’t mean much when you’re running Active Directory from 2012, a hodgepodge of Ubiquiti and Netgear switches, and a VoIP VLAN that bleeds into your guest Wi-Fi because someone mislabeled a trunk port in 2018. AI can’t see context we don’t give it. And our infrastructure is usually too messy to give it any.
Here’s what nobody is talking about. The ransomware crews aren’t impressed by your new AI dashboard. They’re scanning for open RDP on port 3389, unpatched Exchange servers, and local admin passwords that still read Spring2024. These attacks aren’t sophisticated. Most of them look like a bored script kiddie with an automated scanner. I watched this exact scenario play out for a logistics firm in Wyoming last year. They had SentinelOne deployed, their endpoints were clean, their logs were pristine. The attacker didn’t touch any of it. He walked in through an old TeamViewer account with a reused password and built a persistent admin account in twenty minutes. The AI dashboard didn’t chirp once. It wasn’t trained to think about abandoned remote-access software. It was trained to find malware signatures.
McLeod reports that she shifted into product security after starting in software development and later performed penetration testing at Cisco. That cross-domain expertise is what makes her effective. But when vendors sell you AI security tools for business, they assume you already have clean asset inventories, disciplined patch cycles, and segmented networks. Most mid-market companies don’t. So the AI sits there, burning budget, while the real holes stay open.
Anyway, the point is plumbing.
We’ve used AI at CTS, but not how the brochure suggests. We deploy Azure AD conditional access rules with risk-based policies. We script LLM chatbots to handle Level 1 password resets so our engineers aren’t burning hours on lockouts. Those are narrow, specific jobs with measurable outcomes. We don’t evaluate AI security tools for business based on a twelve-minute webinar.
Before you buy AI security tools for business, do these four things first:
- Patch your edge. Get your firewall, your VPN concentrator, and your mail gateway firmware updated within the next 90 days. If it’s EOL, replace it.
- Audit privileged access. Disable every admin account not used in 30 days. Force FIDO2 or at least TOTP on everything that touches your domain.
- Segment your traffic. Put your VoIP, your guest Wi-Fi, and your production systems on separate VLANs with strict ACLs. AI can’t secure a flat network.
- Buy a password manager and conditional access before you buy a threat-intelligence dashboard. Microsoft 365 E3 with P2 licenses costs less than your monthly coffee budget and stops 80% of identity-based attacks.
After thirty years, I can tell you the tool almost never fails. The prep work does. Get your house in order. Then call me about the AI.
