Enterprise AI Team

AI and the Art of Cyber Defense

May 7, 2026
Share this blog post

When it comes to cybersecurity, Eric Brohm doesn’t frame AI as mere buzz. He sees it as a force multiplier that fundamentally alters what defenders can see, analyze, and act upon in a world where threat actors move fast and relentlessly. As the Senior Vice President and Chief Information Security Officer at Wyndham Hotels & Resorts, the world’s largest hotel group with nearly 10,000 properties in 95 countries, Brohm brings a pragmatic, operational lens to the question of how AI can both empower defenders and reshape strategic risk management in large, cloud-connected enterprises.

Brohm shared candid reflections on the competitive balance between attackers and defenders, specific use cases where AI delivers real value today, and how security teams must adapt to a future where AI is integrated into every stage of the cyber lifecycle.

Defenders vs. Attackers

One of Brohm’s central insights is that cybercriminals have already embraced AI, often faster than defenders. That’s not because attackers are more sophisticated, but because they don’t have to navigate the operational, political, and ROI challenges that enterprise teams do. “Attackers take up tools quicker than we do. They don’t need to worry about test environments and, politically, selling the tools’ ROI for the business… they just go and they use it.”

This disparity creates a kind of asymmetry in the threat landscape. Attackers can iterate, prototype, and deploy the latest AI-powered techniques at speed, while defenders must balance caution, governance, and alignment with broader business priorities. The result is that defenders are always reacting to what attackers have already tried, making proactive risk mitigation that much harder.

Analytics, Diagnosis, and Investment Decisions

Brohm is clear that AI’s most impactful current use cases in cybersecurity are analytical, not futuristic. He points to how AI can help defenders diagnose risk and accelerate investigation by analyzing data with context, something human teams struggle to do quickly at scale: “AI has context from our logs, from our telemetry, from our business… and pulls all that together… and we can ask it, ‘Here’s what we’re doing… what are the high-risk areas that we’re not covering?’ … helping us diagnose those things quicker.”

That diagnostic role applies equally to threat hunting and risk assessment. Brohm imagines a future where defenders can say “if I were an attacker…” and have AI simulate adversary behavior against their own environment: “I can point AI at my environment and it knows what security controls I have… and says, ‘If I were an attacker, this is probably what I would do.’ So that helps us drive smart investment based on AI helping us with those risks.”

This use case flips AI into a strategic advisor, revealing not just what has happened but where the most valuable future investment in defense should go.

Social Engineering and Deepfakes

Brohm doesn’t limit his vision of AI misuse to bots or automated malware. Instead, he pointed to real, ongoing attacks enabled by generative AI, including sophisticated social engineering that impersonates executives by voice or text, and even deepfake video calls that look “very, very good.”

These attacks are not theoretical; they are happening today and extend beyond traditional leadership targets to include sales teams and other non-C-level personnel, forcing defenders to rethink assumptions about who needs protection and how awareness training must evolve.

Brohm argues that awareness and education remain the most effective first line of defense against social engineering, even in an era of AI-generated voices and messaging, and that defenders must build that awareness rapidly across entire organizations, not just within technical teams.

Integrating Security With Business Strategy

Another compelling part of Brohm’s perspective comes from how Wyndham’s security organization is structured. Rather than operating in isolation, his team is embedded within broader technology and enterprise architecture functions. This alignment ensures that security considerations are part of how Wyndham adopts new technology, including cloud services and SaaS platforms.

Wyndham reorganized so that security and enterprise architecture report together, allowing Brohm to see what the business wants to do and immediately wrap security around it in a usable way.

This approach combats a perennial challenge: security teams trailing business innovation. By embedding security within architecture planning, defenders can anticipate risk earlier, rather than reacting after tools are deployed.

Balancing Usability With Protection

Brohm also highlighted how modern enterprises, especially those in retail and hospitality like Wyndham, must secure diverse and hybrid attack surfaces. Wyndham’s business is both online and physical: customers can book rooms via web or app, walk in and check in, and interact with digital services in person. Each of these pathways introduces unique security considerations around identity, data flows, and user experience.

While multi-factor authentication increases protection, Brohm acknowledges that customers booking hotels don’t want friction during checkout: “We don’t want to make it difficult for someone to come and book through our mobile app or website… but we also need to make sure their data is being kept safe.”

This reflects a broader theme in his thinking: security must be effective without degrading customer experience, and AI can help strike that balance by analyzing signals and adapting controls without imposing uniform friction on all users.

Proof of Value Over Hype

Given the explosion of “AI-enabled” security products on the market, Brohm is cautious about technology for technology’s sake. He urges defenders to ground adoption in proof of concept and proof of value, not vendor marketing claims: “It might even work the way they are saying it’s working, but it might not be a good fit for your business… you can’t just chase the shiny object anymore.”

This disciplined approach forces teams to align AI deployments with real risk reduction, not buzzword fulfillment.

AI Is a Multiplier, Not a Replacement

Throughout the episode, Brohm was clear that AI will not replace human defenders, at least not in the foreseeable future, but instead amplify human capability: “I don’t see a future where it’s just machine versus machine… but I do see a future where SOC analysts can react much more quickly… AI understands the types of logs, the context, and can help point them in the right direction.”

In this vision, analysts still provide judgment and context, but AI accelerates investigation, prioritizes risk, and helps defenders focus on the most critical signals.

Lessons Learned

Across his conversation, Eric offered several strategic lessons for CISOs and security leaders navigating AI’s integration:

  • Attackers are agile. Defenders must be too. AI adoption needs to match attacker pace, not lag behind it.
  • AI is most valuable in analytics and risk diagnosis. Decision support beats automation without context.
  • Security must be embedded in business strategy. Integration with enterprise architecture accelerates protective measures.
  • Proof of concept matters more than hype. Validate tools in real contexts before committing.
  • Humans remain essential, but AI makes them better. AI accelerates tasks, but judgment still matters.

AI as a Force Multiplier

Eric Brohm’s vision isn’t utopian. It isn’t about AI solving every problem at the click of a button, but it is pragmatic and forward-looking. In a world where attackers move fast and innovation never stops, defenders must leverage AI to diagnose risk, accelerate response, and close the gap between offense and defense.

As Brohm notes, the future isn’t about humans versus machines; it’s about humans empowered by machines, using AI not just to react faster, but to think smarter about risk, resilience, and real-world impact.