Senior cybersecurity leaders explain how blending complementary algorithms – on top of other strategies – keeps you ahead of known threats and new modes of attack
By Kieran Andrieu
As AI-powered attacks become faster, more sophisticated, and harder to detect using traditional methods, CISOs can no longer depend on the old playbook. The solutions to these escalating threats, while varied, have their foundation in algorithmic design.
This discipline – which can be defined as applying mathematical principles to develop clear instructions in order to produce desired outcomes – plays a critical role in developing AI systems that learn, adapt, and respond to threats in real-time.
When done robustly, algorithmic design creates dynamic defenses that evolve with emerging cyber threats – in contrast to more traditional static security rules.
“The opportunities for AI automation in cyber security are vast,” says Leron Zinatullin, CISO of the payments and billing platform Linkly. “Using predictive models to analyse large amounts of data can help identify patterns that a human operator could otherwise miss.”
This matters because AI-powered cyber threats operate at machine speed. Manual detection and response simply can't keep up. Algorithmic design helps to level the playing field by fighting AI with AI.
Here are three steps CISOs can take to better leverage algorithmic cybersecurity:
1. Implement complementary algorithms for comprehensive coverageRelying on just one approach leaves you more exposed, says Philip Mackenzie, Senior Research Specialist at risk technology analyst firm Chartis. He recommends deploying three complementary algorithms:
Deep learning models will help you to detect anomalies in network traffic and endpoint behaviour. These excel at spotting known threat patterns.
Unsupervised learning is useful for zero-day threat detection. These identify unusual activity without needing predefined signatures.
Graph-based machine learning maps relationships between entities. This tracks how threats move through your network and identifies risky connections.
"You want complementary algorithms which can cover different use cases," Mackenzie says. "Deep learning for pre-existing threats, unsupervised for new attack vectors, and graph-based analytics to understand key relationships."
2. Build human-in-the-loop feedback systemsAlgorithms improve through continuous learning. Create structured ways for your security analysts to validate, rate, and reinforce AI decisions.
"The model benefits from human-in-the-loop feedback mechanisms," Zinatullin notes. "A security analyst can validate model decisions, improving defenses in the long term."
Set up regular review sessions where analysts can flag false positives and confirm genuine threats. This feedback directly improves algorithm accuracy over time.
3. Establish cross-functional governanceAlgorithmic design isn't just a technical challenge. CISOs should bring in ethics, privacy, and legal teams early in the process.
“Multiple stakeholders need to be involved,” Zinatullin says. “Ethics, privacy, and legal teams should guide data minimization, governance frameworks, and retention policies.”
The CISO should become a translator – bridging business needs with technical capabilities. This ensures the algorithmic approach aligns with broader organizational goals.
Schedule monthly reviews with legal and privacy teams to assess algorithmic decisions and ensure compliance with data protection regulations.
Fewer false positives and better detection of novel threats
Proper algorithmic design delivers measurable improvements across key security metrics:
Threat detection time: Well-designed algorithms can reduce detection time from hours to minutes. Automated anomaly detection spots threats in real time, rather than waiting for human analysis.
False positive rates: Complementary algorithms significantly reduce false alarms. Deep learning models trained on your specific environment produce fewer irrelevant alerts.
Incident response speed: Automated correlation and prioritization mean analysts spend time on genuine threats rather than noise. This can cut response times by 60-80%, according to a case study published by incident response firm RadarFirst.
Coverage of unknown threats: Unsupervised learning models excel at detecting novel attack vectors. A study published by Data Science and Management journal found, for example, that artificial neural networks (ANNs) attain 92% accuracy for intrusion detection.
The human element is non-negotiable
Even the most sophisticated AI-powered attacks begin with human vulnerabilities.
“A lot of the time in cybersecurity, we have to operate on the understanding that while incidents have become increasingly complicated and technologically sophisticated, their initial attack vectors are typically human and social," Mackenzie says.
If a basic phishing email becomes the entry point for complex network attacks, this means your algorithmic design must account for human behaviour patterns, not just technical indicators.
The goals and motivations of cybercriminals haven't changed, even as their tools have evolved. CISOs are solving old problems with cutting-edge technology – and that requires balancing algorithmic sophistication with human insight.
Getting started
Begin with a pilot programme focusing on a specific use case, such as endpoint anomaly detection – which involves monitoring devices for deviations from expected behaviour – or network traffic analysis. Choose an area where you have good historical data and clear success metrics.
Set a concrete goal during your pilot, such as reducing false positive rates by 20% or improving threat detection time by 50%. This gives you concrete evidence of success to build on.
Build your cross-functional team early. Include representatives from data science, operations, legal, and privacy teams from the beginning.
Remember that algorithmic design is iterative. Start small, measure results, and gradually expand your approach based on what works in your specific environment.
Join one of our upcoming events to network with some of the world's most senior cybersecurity decision-makers:
CISO New York, 9 September 2025
CISO Melbourne, 22-23 July 2025
CISO Singapore, 19-20 August 2025
OT Security Melbourne, 22 July 2025