Why I'm not Sold on Machine Learning in Autonomous Security: Some Hard Realities on the Limitations of Machine Learning in Autonomous netsec - Security Boulevard

The above pitch confused detecting an attack with detecting an intrusion. An attack may not be successful; an intrusion is. Suppose you detected five new attacks, but only one was a real intrusion. Wouldn't you want to focus on the one successful intrusion, not the four failed attacks? ML-enabled security may not be robust, meaning that it works well on one data set (more often than not, the vendor's), but not on another (your real network).