Enterprise AI Team

Using AI to Elevate Cyber Defense

March 26, 2026
Share this blog post

Jeremy Smith sees AI as a strategic imperative in modern cybersecurity. For the Vice President and Information Security Officer at Avery Dennison, artificial intelligence isn’t just a promising tool; it’s essential to shifting how defenders observe, detect, and outpace increasingly sophisticated attackers.

Smith shared how Avery Dennison has adapted its security strategy in response to evolving threats, why AI’s ability to analyze massive data sets will redefine defense, and how defenders must prepare for a future where attackers will use the same technologies they’re building to protect their environments.

From Traditional Security to Future-Focused Defense

Avery Dennison is a global materials science company with over 34,000 employees and more than $8 billion in annual revenue: a complex, distributed business operating in both manufacturing and digital environments.

Jeremy reflects on how cybersecurity has evolved since his early days in the field. Initially, security was often treated as a compliance checkbox, firewalls, endpoint protections, and perimeter controls that served as necessities but weren’t central to business priorities. At Avery Dennison, that mindset began shifting over a decade ago as threat actors broadened their targets and attackers increasingly sought monetizable opportunities in any business with valuable data or access.

“When that monetization was there for threat actors… it really changed our need to defend… and really kind of create more of an ecosystem of cybersecurity rather than just point products protecting the perimeter.” This evolution  from reactive security to a proactive, risk-oriented defense posture  set the stage for AI to become a central component of Avery Dennison’s security approach.

Threat Landscape and the Growing Role of AI

Smith identifies two major forces reshaping cybersecurity: the expansion of the attack surface due to cloud and SaaS adoption, and the rapid acceleration of attacker capabilities enabled by AI. As applications and data move outside traditional network boundaries, companies face unprecedented visibility challenges and increased third-party risk.

Where defenders once relied on static signatures and manual monitoring, AI brings two complementary powers:

  • Scale: Analyzing massive quantities of network, authentication, and application behavior data to identify patterns that would be invisible to human inspection.
  • Pattern recognition: Detecting deviations from normal behavior, essentially separating the needle from the haystack at speeds and volumes only possible with machine intelligence.

Smith highlighted what he sees as the core strength of AI for defenders: “Being able to analyze large quantities of data at scale… and give us insights we’ve never had before.” This ability is foundational to identifying subtle anomalies, compound indicators of compromise, and emerging attack techniques before they become full-blown incidents.

AI as Both Threat and Defense

Smith emphasizes the duality of AI in cybersecurity: the same technologies that empower defenders also empower attackers. He gave a vivid example of how threat actors can leverage AI for reconnaissance: “You can do an investigation of a whole C-suite in seconds with an AI chatbot… where before you’d have to go to a website and crawl it and search.”

In the past, attackers relied on manual processes to profile targets, explore attack surfaces, and enumerate vulnerabilities. With generative models and automated scraping, reconnaissance happens in seconds, lowering the barrier to entry for highly tailored phishing, social engineering, or targeted exploitation.

Smith doesn’t dismiss this evolution: he acknowledges that attackers will “do more of it and quicker and at more scale,” but he also insists defenders must use AI similarly to stay competitive. “There’s going to be ones that leverage AI and then there’s going to be companies that are out of business.” This stark framing of survival vs. obsolescence underscores why adoption isn’t optional.

Zero Trust, Identity, and AI-Driven Visibility

Security architecture at Avery Dennison has also embraced zero trust principles as foundational to AI-augmented defense. Moving away from network perimeter thinking, Smith describes efforts to enforce granular controls around identity and device posture, even challenging assumptions about legacy networks themselves.

“We’re looking at… how we can… take our devices off the network altogether and just leverage Zero Trust access… connecting to an application.” This architectural shift aligns with where AI adds value most: analyzing contextual signals (identity, device, access patterns) rather than simplistic network traffic alone. By treating applications as the core trust boundary, defenders gain richer behavioral context, a necessity when attackers increasingly blend in with legitimate traffic.

AI’s Impact on the Cyber Workforce

While some industries fear AI will replace human roles, Smith views it as augmenting and reshaping how cybersecurity teams operate: “I really don’t see any cybersecurity jobs going away anytime soon… the problem keeps getting bigger."

AI, he explains, won't eliminate analysts but will free them up from grunt work, routine alert triage, manual log reviews, and repetitive investigation steps, allowing them to focus on deeper analysis, hypothesis testing, and strategy. 

He cites examples such as using AI to automate presentation generation, build frameworks, and synthesize complex topics, mundane but time-consuming tasks that traditionally drain team energy. This perspective reframes AI from a threat to labor into a productivity amplifier, enabling teams to do more with less and to pursue more impactful work.

Defending Against AI-Powered Attacks

Smith doesn’t underestimate the risks of AI misuse. As attackers automate phishing, social engineering, and deepfake capabilities, defenders must respond with tools that distinguish authentic behavior from fake signals.

He notes that traditional markers, slight anomalies in email phrasing, unusual headers, or awkward language, may disappear as generative models produce near-perfect mimicry. Thus, defenders need AI tools that analyze multi-dimensional patterns: identity, behavior, history, and cross-signal correlations to separate benign from malicious activity.

He stresses that organizations also need guardrails around how AI is used internally, ensuring that tools intended for productivity aren’t inadvertently exposing sensitive data or enabling misuse.

Pragmatic Advice for Security Leaders

Smith offered candid advice for security leaders stepping into the CISO role or facing rapid AI evolution:

  • Learn before acting: Understand the environment and culture before implementing major changes.
  • Partner with vendors: Work closely with security partners to understand their AI roadmaps and how they plan to leverage AI to enhance detection and response.
  • Engage peers: Participate in roundtables and communities to stay abreast of emerging threats and defensive tactics.

This blend of internal learning, vendor collaboration, and external knowledge exchange illustrates a strategic approach to navigating security transformation in the AI era.

Looking Ahead

Smith’s vision for AI in cybersecurity is clear: it’s not a magic bullet, but the most powerful analytical engine defenders have ever had: one capable of processing massive data sets, spotting subtle anomalies, and providing insights that were previously impossible to derive at scale.

“That is really where… technology… is going to be able to help us.” For Avery Dennison and other enterprises facing rapidly evolving threats, AI isn’t just another tool; it’s the foundation of a next-generation defensive strategy that blends context, scale, and human judgment.

Lessons Learned

Across his conversation, Jeremy Smith shared several strategic lessons for CISOs and security leaders facing the AI era:

  • AI is a defender’s necessity, not a trend. Security teams must adopt AI to match attacker speed and scale.
  • Data scale and pattern recognition are where AI shines. The ability to analyze huge data sets is the core advantage of AI in defense.
  • Identity and behavior context are the future of detection. Zero trust and AI combine to give richer signals.
  • AI augments, not replaces, the cybersecurity workforce. Teams will need new skills, not fewer roles.
  • Collaboration matters. Partnership with vendors and peers accelerates learning and equips teams for the unknown.

In Smith’s own words, the defender’s job hasn’t become easier. It’s expanded, but the right tools, mindset, and strategic application of AI can transform how enterprises stay resilient in the face of accelerating threats.