Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

For years, the tech industry has faced a persistent, frustrating paradox: security platforms evolve rapidly, but security operations proceed at a bureaucratic pace. We’ve witnessed decade-long innovation with point products — XDR, SASE, and CNAPP — yet the average enterprise still manages between 50 and 80 different security tools.

The result? A “data swamp” of alerts where critical signals get lost in the noise.

In a 2025 ZK Research survey, I asked security teams what percentage of alerts they get to, and the number was shockingly low: 65%. Not because they don’t want to, but it’s because of the increasingly large volume of inbound data. In the AI era, this isn’t just a matter of efficiency; it’s a risk that could end the business.

This week, NWN took a decisive step to address this gap. The company introduced a new AI-powered managed security operations suite, supported by its Experience Management Platform (EMP). While the news highlights partnerships with major security providers — Palo Alto Networks, Cisco, and Arctic Wolf — the main story isn’t about the vendors; it’s more about how NWN is trying to solve the “operational reality” that has troubled CIOs for years.

The truth is, having the best tools doesn’t matter if there isn’t a unified, accountable way to manage them.

The AI era: A double-edged sword for defense

To understand why this launch matters, we need to look at the current state of AI.

We are moving into the era of the “Agentic Enterprise,” where AI agents — not just humans — are managing business tasks. This significantly increases the attack surface. Traditional security models were designed to protect a human at a laptop, but today’s models must defend a large, automated ecosystem of bots, large language models (LLMs), and highly connected cloud workloads.

Bad actors are already using generative AI to carry out phishing attacks and deploy polymorphic malware that evades signature-based detection. To combat this, defenders must fight fire with fire. However, “AI-powered security” has become a marketing buzzword. Every vendor claims it, but few deliver it in a way that genuinely reduces the workload for human analysts.

The NWN approach is interesting because it uses AI not just for detection but also for operationalizing threat defense. By integrating telemetry from vendors such as Cisco (specifically, the Splunk observability roadmap) and Arctic Wolf’s new Aurora Superintelligence platform into a single control plane (EMP), they aim to bridge the “visibility gap.”

The enterprise implications: From tool sprawl to outcome certainty

For enterprises, the main trend of 2026 is shifting from “buying tools” to “buying outcomes.” Here’s why the NWN announcement (to quote Wayne Gretzky) is moving toward where the puck is going to be:

1. The rise of the “operational control plane”: Most enterprises experience “dashboard fatigue.” NWN’s use of its EMP as a centralized cockpit indicates that the value in security is shifting from individual sensors to the platform that can analyze and act on the data. In a world where every minute counts, having a “single, accountable managed service model” is the only way to achieve the sub-hour response times needed to stop a modern breach.
2. Addressing the talent gap: We still face a global shortage of millions of security professionals. Enterprises can no longer rely solely on hiring more staff to solve this issue. AI-enabled managed services allow companies to expand their defenses without adding to their workforce. By using AI to manage “L1” triage and automate ticketing, human experts can focus on high-value tasks such as offensive security and strategic planning — both of which are key parts of NWN’s new offering.
3. Hybrid cloud complexity: As I’ve discussed before, AI workloads are causing major shifts in network traffic. Many organizations realize that their old monitoring tools can’t see inside the AI-driven traffic patterns across AWS and Azure. NWN’s emphasis on integrating Palo Alto’s Prisma Access monitoring specifically for hybrid environments recognizes that the “perimeter’ now exists everywhere.

Must-read security coverage

• UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
• Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
• How GitHub Is Securing the Software Supply Chain
• 8 Best Enterprise Password Managers

Advice for the modern security practitioner

As the industry pivots toward AI-enabled managed operations, security leaders need to rethink their strategy. If you are a CISO or a security architect, here are three things you should be doing right now:

• Audit your “shelfware” and move toward integration: Avoid purchasing best-of-breed point products that don’t communicate with each other. The era of the “Frankenstein SOC” has ended. Focus on platforms that provide robust API integration and can be unified within a single management layer. If a tool doesn’t contribute to a “single pane of glass,” it’s a liability, not an asset.
• Focus on mean time to remediation (MTTR), not just detection: Detection is only 10% of the process. In the AI era, an attacker’s “dwell time” is decreasing. Make sure your managed service providers (MSPs) and internal teams have a clear, automated way to go from “alert” to “remediation.” If your response still depends on manual emails and phone calls, you’re already too late.
• Adopt “offensive” security as an ongoing practice: The NWN launch includes offensive security services for a reason. You can’t rely solely on an annual penetration test to identify your weaknesses. Use AI-driven tools to continuously assess your defenses. In a landscape where threats change daily, security must be an ongoing cycle of testing, strengthening, and monitoring.

The NWN launch is a strong indicator of the future direction of the managed services industry. It reflects a shift from “we’ll watch your network” to “we’ll operationalize your entire security ecosystem.”

In the AI era, the winners won’t be the companies with the most tools; they’ll be the ones that can turn a mountain of data into a single, decisive action. For enterprises looking to modernize, the focus must shift from the technology itself to the platform that enables that technology to operate at scale.

NWN’s expansion of its EMP to include deep security integrations is an important step in that direction.

For more on how policy decisions could reshape cyber defense, read our coverage of President Donald Trump’s proposed CISA budget cuts and the concerns they’re raising across the security industry.