Today's cyberdefense tools are mostly watchers. They are not active doers. To be sure, watching is a demanding affair also. These tools monitor traffic and events; detect malicious signatures, patterns, and anomalies; may classify and characterize what they observe; and issue alerts. They might even learn while doing all this. But they don't act. They do little to plan and execute responses to attacks, and they do not plan and execute recovery activities. Response and recovery-core elements of cyber resilience1-are left to human cyberanalysts, incident responders, and system administrators. A recent report2 reviews the implications of artificial intelligence for cybersecurity and offers no examples of its applications to response and recovery.

中文翻译：

---

实干家，而不是观察者：智能自治代理是网络弹性的途径


今天的网络防御工具主要是观察者。他们不是积极的实干家。诚然，观看也是一件要求很高的事情。这些工具监控流量和事件；检测恶意签名、模式和异常；可以对他们观察到的内容进行分类和表征；并发出警报。他们甚至可能在做这一切的同时学习。但他们不行动。他们很少计划和执行对攻击的响应，也不计划和执行恢复活动。响应和恢复——网络弹性的核心要素1——由人类网络分析师、事件响应者和系统管理员负责。最近的一份报告2回顾了人工智能对网络安全的影响，但没有提供其在响应和恢复方面的应用示例。