Automation has become a key driver of efficiency and productivity across cybersecurity. From SIEM to SOAR, security teams are deploying an ever-growing number of automation tools to streamline operations. But despite advances in machine learning and AI, there are still tasks that require human involvement.

Because of this, CISOs are increasingly taking a human-in-the-loop approach to automation. This combines the efficiency and power of machines with necessary human context and expertise. Rather than try to eliminate human involvement in security actions, human-in-the-loop systems build human interaction into the automation process. The result is more empathetic and contextualized security controls.

What is Human-in-the-Loop Automation?

Human-in-the-loop automation occurs when humans play a role in automated processes. Machines or algorithms perform tasks such as analyzing data signals, prioritizing incidents, and triaging alerts, and then automatically engage humans to drive the process forward when needed. 

The feedback and direction from human participants guides the automation’s actions. This is compared to fully autonomous systems, which operate independently of human input. 

Ge Wang, an Associate Professor at Stanford University describes human-in-the-loop automation as a “process that harnesses the efficiency of intelligent automation while remaining amenable to human feedback, all while retaining a greater sense of meaning.”

It requires a shift in mindset. “Instead of thinking of automation as the removal of human involvement from a task,” he urges readers to reframe it as the “selectiveinclusion of human participation.”

Human-in-the-Loop Automation in Cybersecurity

Human-in-the loop systems efficiently execute automated tasks, while enabling and integrating human feedback at key checkpoints. In the world of cybersecurity, one manifestation of this has been agentic tools and security copilots.

“Security copilots offer users a general interface to interact with an AI to answer questions, form detections or queries, summarize reports and several other tasks spread across the security organization,” wrote Brandon Dixon, Partner AI Strategist at Microsoft. “Their primary value proposition is using natural language to stitch together the fragmented security ecosystem.”

When it comes to AI agents, some may assume the more autonomous the better. But that often doesn’t capture the nuance of security processes in the context of a larger business. 

Take endpoint security. We could fully automate patch updates, simply forcing all vulnerable computers to restart. This might solve the security issue, but would also interrupt productivity and frustrate employees whose computers shut off during important work. Alternatively, we could automatically engage with employees using an AI security copilot to provide information, answer questions, and allow them to schedule a resolution time that works for them.

Benefits of Human-in-the Loop Automation

As your security stack grows, some tools might conflict or gradually drift out of configuration, and coverage gaps emerge. Alerts come in from different places and often don’t get proper attention, leaving areas of your organization vulnerable.

Human-in-the-loop solutions can automatically analyze data from across your security stack, prioritize findings, and work with employees to triage alerts appropriately. This has several key benefits for security practitioners:

• Reduces manual work and saves countless hours chasing down employees across multiple platforms to resolve security issues
• Maximizes effectiveness of existing security tools and resolves security issues faster, strengthening security health
• Improves security culture by providing empathy and context, empowering employees to participate in their own security

Ultimately, taking a human-in-the-loop approach enables an organization to “heal itself” — to continuously monitor security systems, detect vulnerabilities, and remediate them in real-time. It facilitates collaboration that leads to independent action and allows employees the opportunity to provide context on a given issue, potentially leading us to adjust our response.

Achieve Self-healing Security with Human-in-the-loop Automation

Without humans in-the-loop, security automation is just another siloed, disruptive process that gets in the way of employees’ productivity. But with human participation, it becomes a tool to harness the power of your workforce and improve your organization’s security health.

This means helping employees to understand the meaning behind security controls, encouraging them to actively contribute information, and empowering them to take action. With human-in-the-loop automation, security practitioners can maximize the potential of AI and automation while incorporating important context that only humans can provide. The result is a great step forward in the realm of self-healing security, where machines and humans work together to optimize their organization’s security posture.