Automating Security with AI: What's New in SEC573

Artificial intelligence is already part of day-to-day security work. Analysts use it to summarize alerts, engineers rely on it to generate scripts, and teams experiment with it to accelerate investigations. The question is no longer whether AI belongs in security operations; it’s whether teams know how to use it safely, effectively, and with confidence.

Across the industry, AI adoption has outpaced training. Tools are being introduced faster than guardrails, and automation is often bolted onto workflows without a clear understanding of how outputs are generated, validated, or secured. The result is speed without certainty, and in security, uncertainty is a risk.

AI is Accelerating Security Work, But Not Always Safely

Security teams face constant pressure to move faster. Alert volumes continue to grow, environments are more complex, and attackers adapt quickly. AI offers relief by automating repetitive tasks, summarizing large datasets, and assisting with analysis that would otherwise take hours.

But AI-generated output isn’t the same as verified output.

Without a clear understanding of how AI systems work, and where they fail, teams risk trusting results they can’t explain, validate, or reproduce. Hallucinated responses, oversized context windows, exposed internal data, and prompt injection attacks are operational realities.

The real challenge is operationalizing AI responsibly in security workflows where mistakes have consequences.

Programming Fundamentals Matter Even More

One of the biggest misconceptions about AI-assisted security automation is that foundational skills no longer matter. In practice, the opposite is true.

AI-powered security automation still depends on structured data, validated logic, secure access controls, and clear workflows. Python remains central to all of this. Without understanding the code that surrounds AI integrations, practitioners are left supervising systems they can't fully control.

When AI produces an incorrect result, someone still needs to diagnose why. When automation breaks, someone still needs to fix it. When security controls must be implemented around AI systems, someone needs to understand both the AI and the underlying infrastructure.

AI doesn’t replace programming fundamentals; it raises the bar for our mastery of them.

SEC573 Addresses the Challenges

The reality of responsible and effective AI implementation is what drove the evolution of SANS SEC573.

The updated course shifts from purely script-driven automation to AI-powered security engineering, showing students how to integrate AI into workflows without surrendering control. It combines foundational Python programming with modern AI agent integration, giving practitioners the skills to automate faster without sacrificing accuracy or security.

Students now learn how to:

• Build AI-assisted security tools on top of Python fundamentals
• Use AI agents to accelerate analysis without blindly trusting outputs
• Control what data AI systems can access and what actions they can perform
• Design automation workflows that account for AI limitations and failure modes
• Implement security controls for prompt injection, data leakage, and hallucinations

Rather than treating AI as a black box, the course treats it as a component that must be understood, supervised, and secured.

Teaching Control

A defining feature of the SEC573 update is its emphasis on control and practical application.

Students learn how to manage AI responsibly. That includes understanding how prompt injection attacks work, how guardrails can be implemented and bypassed, where AI struggles with large datasets or unstructured inputs, and how to validate AI-generated code and analysis.

By working directly with AI agents, Message Context Protocol (MCP), and modern automation frameworks, students see both the strengths and weaknesses of AI-assisted workflows. Labs cover real security use cases including log analysis, threat hunting, artifact examination, and incident response automation.

This hands-on exposure builds essential judgment on top of technical skill.

Practical Skills for Every Security Role

The updated SEC573 makes security practitioners effective users of AI for security automation, regardless of role.

By the end of the course, students can:

• Build AI-assisted tools for log analysis, data reduction, and investigation
• Develop automation that integrates safely with internal systems and APIs
• Supervise AI-generated code and correct it when needed
• Apply AI responsibly across defensive, forensic, and offensive scenarios

These are practical skills that translate directly into day-to-day work, whether someone is responding to incidents, hunting threats, analyzing artifacts, or building internal tooling.

What Hasn’t Changed

While the course has evolved to address AI-powered automation, several core elements remain intentionally consistent:

• Hands-on, lab-driven curriculum, with extensive exercises and a Capture-the-Flag capstone
• Lessons built on Python fundamentals, starting from the basics and scaling up
• Training designed for practitioners, not theoretical audiences
• Skills aligned with the GIAC Python Coder (GPYC) certification

The update is a valuable extension of a methodology that works.

Preparing Security Teams for What’s Already Here

AI-powered automation is the present state of security. The question is now whether security teams are using it deliberately or impulsively.

Security automation built without oversight can fail quietly, introduce blind spots, expose sensitive data, or create false confidence at exactly the wrong moment. The organizations that benefit most from AI-powered automation will be those whose teams know how to apply it with care, context, and control.

By evolving SEC573 to focus on AI-powered security automation built on strong fundamentals, SANS is helping practitioners meet that reality head-on. For security teams looking to automate smarter, not just faster, this evolution reflects where the work is headed and what it takes to do it well.

Learn More About SEC573

Ready to master AI-powered security automation? Explore the updated SEC573 course and upcoming training dates here.