How to Leverage AI as a Security Engineer Without Becoming Illiterate
Cybersec Café #65 - 04/29/25
As a society, we’re walking a fine line between increasing our output with AI and becoming completely dependent on it.
Nowadays, we lean on our favorite language models to think critically, help make decisions, and handle the grunt work for us. And while AI is an extremely powerful tool, it’s also quietly making us a little… illiterate.
From an engineering perspective, integrating AI into our IDEs has been a game changer for powering through problems and blockers. But I've seen a trend where more and more engineers are letting the models do all of the thinking - the code, the debugging, even the design decisions.
I mean, who else doesn’t read error messages anymore? Yeah, I’m guilty too.
Truth is, as humans, we’re wired to take the path of least resistance. After all, that’s what tech is supposed to do, right? Make life easier?
While AI absolutely boosts productivity and accelerates our workflows, it can also quietly erode our skills if we’re not careful.
So, what should we do? As engineers, we need to establish some guidelines - rules that help us leverage the positives of AI while suppressing the negatives.
Rule 1: Use AI to Augment, Not Replace Your Thinking
The goal of integrating AI into our workflows as engineers isn’t to become a brain-dead, button pushing monkey acting as a middle man between a language model and our jira tickets.
It’s to become better at what we do.
Don’t default to prompting at the first sign of friction. Instead, treat AI like a sidecar - there to guide, support, and enhance your thinking, not to do it for you.
Use it to clarify topics you’re fuzzy on. Use it to jog your memory. Use it as a smarter alternative to Google - after all, it’s becoming the de facto replacement to Stack Overflow.
But draw a line. Don’t hand off entire tasks. Don’t let it make decisions for you. That’s how you stop learning.
AI is a brilliant task-oriented assistance. It’s like an extremely technical junior engineer - quick, helpful, but lacking in deep context and critical thinking.
Let it assist, but don’t let it lead.
Rule 2: If You’re a Current or Aspiring Junior Engineer, Stay Away
If you’re just starting out in your career, using AI the wrong way can seriously stunt your growth.
Sure, AI can be a great tutor. It can help you plan your study path, break down tough concepts, or get unstuck when you hit a wall. But be real with yourself - is that actually how you’re using it?
Probably not. I don’t blame you either. Like I said earlier, we’re wired as humans to take the path of least resistance. If you’re stuck on a lab or cramming for a certification, it makes perfect sense to call in your AI lifeline.
But here’s the danger: when you rely on AI too much, you rob yourself of the hard earned lessons that only struggle can teach.
Those painful error messages? That one-liner that took an hour to get right? That query that finally worked after 20 tries?
That’s the stuff that makes you sharp.
So if you’re early in your career, I’d recommend keeping AI at a distance. Learn how to code the old fashioned way. Challenge yourself to learn that new query language by failing to write queries.
Fight the friction and fail forward.
Rule 3: Don’t Copy Pasta
If you're not familiar with the lingo, “Copy Pasta” is tech slang for mindlessly copy-pasting code without understanding it.
In regards to leveraging AI, this means taking the output it gives you and dropping it directly into your code or tooling without a second thought.
That’s dangerous.
AI struggles with context - especially when introducing complexities we find in security, where solutions often can depend on a mix of technical nuance and business logic. Trusting output blindly is just as bad as implicitly trusting input! (If you don’t get it… just read here).
I see this a lot with debugging. Error pops up? Just copy the message into ChatGPT, grab the fix, and move on.
But again, you’re skipping the part where the growth happens - the struggle. Learning doesn’t happen when AI hands you the answer, it happens when you dig into the error, understand what your code is doing, and problem-solve your way to a fix.
Whether it’s code, queries, runbooks, detection rules, configs - pause and think. Ask yourself why the response makes sense, or why it doesn’t.
Don’t become a victim of the brainless Copy Pasta. It might save time now, but it’ll cost you big later.
- Today’s Sponsor -
Selecty is a database-agnostic, sidecar query assistant - built to boost your workflow without dulling your edge. Generate smart, contextual queries, optimize them to your use case, break them down into plain English, and debug faster than ever - all in one sleek interface.
It’s not here to replace your brain. It’s here to power it. Check it out.
Rule 4: Summarize, but Act Yourself
Cybersecurity is a fast paced environment. There is tons of noise - data flowing every direction, alerts firing off, tickets piling up. And most of the time, you’re required to be fast on your feet to come to conclusions.
It’s easy to get buried.
AI can help cut through that. It’s great for summarizing data and surfacing key points from mountains of threat intel.
But here’s the thing: you still have to do the thinking on how to make that data actionable.
Take alerting for example. You might see hundreds of alerts a day, but how many actually matter? I’ll answer that for you - not very many.
False Positives are part of the job, and while AI is a great tool to give you the gist of what it’s seeing, you should always ask it to include a confidence rating. You’d be surprised how often it gives you low confidence.
You need to take that summary and analyze it through your own lens. Does it make sense in your environment? Is this normal behavior in this system? Does this take into account the full picture?
AI can’t replace your intuition, your context, or your experience.
You’re the analyst. You’re the engineer. You make the final call.
Rule 5: Detox Regularly
We’ve all heard of social media detoxes. Dopamine detoxes. And now, I introduce AI Detoxes.
If you’re constantly relying on AI for writing code, troubleshooting issues, drafting runbooks, you name it - it’s easy to let your brain go on autopilot.
Your brain is just like any other muscle. Use it or lose it.
Take breaks from your favorite language model. Force yourself to solve problems the old-fashioned way.
Make mistakes. Struggle a little.
Yes, AI can boost productivity, but don’t mistake output for ability. If you always let AI think for you, you might eventually forget how to think for yourself.
So schedule some regular detox time. It could be as simple as a day a week. Or carve out your mornings to be AI free.
Give your brain the workout it needs to stay sharp.
- What Do You Think? -
💬 How do you use AI in your workflow? Do you feel like it’s making you illiterate? Let me know below.
I’m Begging You, Don’t Become AI Illiterate
AI is an incredible augmentation tool - it can truly boost workflows when used with intention.
But it struggles with complex, contextual thinking. And that’s exactly why I don’t believe it will ever replace incredible engineers.
The best engineers don’t use AI to shortcut the process, they use it to enhance their workflow.
Be like those engineers. Don’t let AI hinder your growth, use it as a guiding tool to help you grow.
Let it make you better, but don’t let it make you dumber in the process.
Securely Yours,
Ryan G. Cox
Just a heads up, The Cybersec Cafe's got a pretty cool weekly cadence.
Every week, expect to dive into the hacker’s mindset in our Methodology Walkthroughs or explore Deep Dive articles on various cybersecurity topics.
. . .
Oh, and if you want even more content and updates, hop over to Ryan G. Cox on Twitter/X or my Website. Can't wait to keep sharing and learning together!
Great post! This is all true. Learning the concepts first and being able to spot the garbage AI can generate is important. I will say, as a working cybersecurity professional with ADHD, AI has been an incredible tool. To note, I worked my entire cybersecurity degree pre AI. So for those struggling through the cybersec program at uni, keep working through without AI, you will thank yourself later!