CSIRO has released findings from a 10-month trial showing how AI can support cybersecurity analysts in their daily work. The trial used large language models, including ChatGPT-4, to help teams detect and respond to cyberthreats.
The study took place at eSentire’s Security Operations Centres (SOCs) in Ireland and Canada. Analysts investigated real cyberattacks while AI tools assisted with routine tasks. Forty-five analysts asked ChatGPT-4 over 3,000 questions during the trial. The questions mostly involved interpreting technical data, editing reports, and analysing malware code.
Dr Mohan Baruwal Chhetri from CSIRO’s Data61 said AI was used to support analysts rather than replace them. ChatGPT-4 helped interpret alerts, polish reports, and analyse code. Analysts kept final decisions.
The study found that only four per cent of analyst requests asked for a direct answer about whether a threat was malicious. Most requests focused on receiving context and evidence to guide decisions. This approach improved efficiency and reduced fatigue while keeping human judgement central.
SOC teams face high volumes of alerts, many of them false positives. This can lead to missed threats and burnout. Human-AI collaboration can reduce these pressures and help analysts focus on critical tasks.
Dr Martin Lochner said the trial is the first long-term industrial study showing AI’s role in live cybersecurity operations. The results provide insights for designing future AI tools that enhance decision-making and workflow.
The next phase of research will use two years of data to track how analysts interact with AI over time. The study will combine quantitative logs and qualitative feedback to improve AI tools for SOC teams and other high-pressure environments, including healthcare and emergency response.