Comment by alephnerd

I agree. Foundational models suck at the high value security work that is needed.

That said, the easiest proof-of-value for foundation models in security today is automating the SOC function by auto-generating playbooks, stitching context from various signal sources, and being able to auto-summary an attack.

This reduces the need for hiring a junior SOC Analyst, and is a workflow that has already been adopted (or is in the process of being adopted) by plenty of F500s.

At the end of the day, foundational models cannot reason yet, and that kind of capability is still far away.