Can AI bridge the cybersecurity divide?

That workflow requires more than a model. It requires corporate data, secure infrastructure, feedback loops, security engineers, data scientists, and AI experts who can work together.
Schmidt also pushes back on the idea that implementing AI locally on powerful consumer hardware can replace production-level security infrastructure. “Often the value of the model also depends on its proximity to the data so that the model can access, use, and think about the data,” he says. “As a security guard, I don’t want that on your laptop.”
Laptop testing is helpful, Schmidt says, but it’s not the same as a secure production environment.
“I want the information to be somewhere safe that I can control, that I can see, that I can consult with, not sitting on your laptop,” he said. “Testing there, it’s amazing. That’s great. But it’s not part of the production infrastructure.”
That difference may explain the emerging AI security gap. Many organizations have access to AI tools. Very few can safely integrate them into actual security operations.
A democratic debate
Phil Venables, partner at Ballistic Ventures and former CISO of Google Cloud, has a more optimistic view.
Asked if AI is widening the gap between well-resourced and under-resourced security organizations, Venables tells CSO, “No, I actually think it’s quite the opposite.”
The reason, he says, is that AI combines technology and automation in ways that can be delivered widely. “One of the great things about AI, and we’re already starting to see this [that it’s] “AI incorporates capabilities and the ability to automate at a level beyond what previous waves of technology have done, and makes them available on a large scale to organizations that previously could not afford these things.”
He points to the red junction as an example. Almost every organization would love a world-class red team, but few can afford it.
“Pretty much every organization in the world would love to have a world-class red team to constantly monitor their security to detect and fix things before attackers do,” Venables said. “But very few organizations have ever been able to afford a top-class red team.”
AI agents, he says, can make that kind of power economically available. The same pattern can apply to internal threats; third party risk; software security; governance, risk and compliance; and security operations.
“Therefore, even the smallest and most resourceful organizations can now reach higher powers,” he continued.
Venables sees a danger zone, however: under-resourced security teams within organizations with aggressive AI ambitions. Those teams may struggle to keep up as the rest of the business rapidly adopts AI. But for many small and medium-sized organizations, he believes AI can improve access to security capabilities they never had before.
Fraud over AI – or over-preparation?
In elite organizations, AI is already a power multiplier. Security teams with deep engineering skills, mature data infrastructure, and strong governance can use AI to accelerate assessment, discovery engineering, vulnerability discovery, and risk management.
For smaller organizations, the picture is less clear. AI may eventually turn scarce expertise into affordable services. Open models can reduce dependence on expensive border systems. But organizations below the security poverty line still face the usual hurdles: too few people, too little time, limited technology, unpredictable costs, and weak sales force.
So the divide that emerges may be less about who has access to AI and more about who can turn AI into lasting security effects.
That makes the question facing cybersecurity much more difficult than whether AI will create haves and have-nots. The industry already has them.
The real question is whether AI becomes just another technology that rewards organizations that are already in the best position to use it – or the first security advances in years that help those below the poverty line finally catch up.



