2 min read

Give Your AI a Clean Room

Give Your AI a Clean Room

Last time we talked about who you hire for an AI-era security team: builders, with curiosity as the moat. Now for what you hand them to work with.

And here's where I see teams burn money: they go shopping for the shiniest security tool, when the real lever is the quality of the data they point it at.

AI runs on context. So your platform choices matter more than your model choices.

You already know where this is going if you've read my stuff before. AI is a magnifying glass. Feed it a clean, coherent picture and it produces insight on day one. Feed it a fragmented mess and you get a fragmented, confidently-wrong mess back, just faster.

Context is the product

This is the simple truth that should shape almost every tooling decision: the insight you get out is only ever as good as the signal you put in.

A clean, standardised, well-structured view of your environment is what lets AI actually reason. A pile of disconnected tools, each screaming in its own format, is not a foundation. It's noise with a bigger amplifier attached.

Consolidate onto a coherent platform

This is why I land firmly on consolidation. Pick a genuinely competent platform, Palo Alto, CrowdStrike, whatever actually fits your environment, and the payoff is a standardised way to handle every signal in your estate. A healthy, maintainable dataset you can build on immediately.

The alternative is real, and plenty of teams will choose it: highly customised, resilient pipelines that clean and transform everything before you can produce a single insight. It's absolutely possible with AI now. It also quietly eats the most valuable thing your builders have, which is time, and keeps eating it through maintenance, forever.

The data backs the instinct

I'm not alone on this one. Gartner's research has 75% of organisations now pursuing security vendor consolidation, up from just 29% in 2020. And the tell is in why: the top reason isn't saving money (only about a third cite cost). It's improving the productivity of scarce staff, the efficacy of the stack, and visibility. People are consolidating to get a cleaner signal, not a cheaper bill.

The clincher comes from DORA's 2025 research, drawn from nearly 5,000 technology professionals: where internal platform quality is high, AI's effect on performance turns "strong and positive". Where tooling is fragmented, teams watched AI amplify their existing dysfunction.

There's the magnifying glass again, this time pointed straight at your architecture.

Practical takeaway: treat your signal like it's the asset (because it is)

  1. Consolidate toward a coherent signal, not just a smaller invoice. Fewer consoles, one standardised view.
  2. Treat data quality as a security control. Garbage in really does mean confidently-wrong out, at scale.
  3. Standardise before you automate. Automating on top of a mess just industrialises the mess.
  4. Measure visibility, not licence count. The win is what you can now see and act on, not how many logos you retired.
"Whatever you point AI at grows. Good processes get faster, and legacy mess becomes a louder mess. Give it a clean room to think in."

Next up, Part 3 → "Build for the Wobble", on designing processes for an AI that will, sometimes, be wrong.