Defining AI
AI refers to the development of computer systems, using system-defined instead of hardcoded rules, to perform tasks that have typically relied upon human intelligence. Such tasks include speech and visual perception, language understanding, decision-making and the ability to learn from experience. AI is a broad discipline, encompassing many domains and subsets, some of which can be seen in Figure 1.
Computing devices have long since demonstrated an ability to carry out very complex tasks with proficiency, such as beating chess grandmasters. However, the jury is still very much out on whether “intelligence” is a fair label for what should probably be considered nothing more than machine learning systems that analyse data, learn from it and make informed decisions or predictions.1 Some AI programs have, however, attained the performance levels of human experts. This presents several challenges and opportunities to security practitioners as AI is can be leveraged for both offensive and defensive purposes.
While there is some debate as to what exactly should be classified as AI – a discipline that encompasses many domains and subsets, including machine learning, natural language processing, computer vision, expert systems, robotics and more – and how it should be defined (see the European Parliament’s view)2 this series of insight papers will refer to all such technology as AI, in line with the tendencies of many cyber security professionals, the public and the media.
FIGURE 1: A small selection of AI domains and subsets
“Would you want an AI chess champion driving your car?”
- ISF Member
Information Security Forum
Better Cybersecurity
© 2025 Information Security Forum Limited