Inside the New SEC573: AI-Powered Python for Security Automation
In February 2026, the SANS Institute has rewritten its core Python-for-security course as a 100% AI-powered program, signaling that manual scripting alone can no longer keep pace with adversaries wielding agentic AI tools.
Key takeaways
- •The March 2026 update to SEC573 represents the largest rewrite in the course's history, shifting entirely to AI agents, LLMs, and MCP to accelerate custom tool creation for defenders and red teams alike.
- •AI now powers faster, more sophisticated attacks—including automated phishing, exploit discovery, and polymorphic malware—driving up breach costs and response times across enterprises and critical infrastructure.
- •While AI augments human analysts by handling volume and pattern detection, overreliance risks new blind spots and loss of control, creating tension between speed of automation and the need for verifiable, secure outputs.
AI Reshapes Security Automation
The SANS SEC573 course, long a staple for learning Python-based automation in information security, underwent its most extensive revision ever in early 2026. Previously focused on script-driven workflows, the updated version integrates large language models, autonomous AI agents, and the Model Context Protocol (MCP)—a mechanism for managing context in AI interactions—as foundational elements. This change reflects a broader industry reality: AI adoption has moved beyond experimentation to become essential for handling the volume and velocity of modern threats.
Cybersecurity teams face mounting pressure from AI-enhanced attacks. Adversaries use generative AI to craft convincing phishing at scale, rapidly develop exploits for disclosed vulnerabilities, and deploy polymorphic malware that evades traditional detection. Forecasts for 2026 indicate these AI-powered threats will intensify the overall risk landscape, particularly targeting critical infrastructure and high-value enterprise systems. Organizations already contend with rising breach costs—frequently in the tens of millions—and longer dwell times as manual analysis struggles to match automated offensive capabilities.
The stakes extend beyond immediate incidents. Regulatory scrutiny is sharpening: the U.S. Securities and Exchange Commission has placed AI-related disclosures and controls high on its fiscal year 2026 examination priorities, reviewing representations of AI capabilities for accuracy and probing governance around new risks like AI-driven attacks. Failure to adapt can lead to compliance gaps, investor scrutiny, or operational disruptions when legacy automation proves inadequate against agile opponents.
Less discussed are the trade-offs inherent in this shift. AI accelerates tool-building and threat hunting, allowing defenders to query data in natural language or build agents that act semi-autonomously. Yet integrating these tools demands careful design to avoid hallucinations, data leakage, or unintended actions—challenges that MCP and agent frameworks aim to address but do not eliminate. The tension lies in balancing AI's speed against the retention of human oversight, especially in high-consequence environments where false positives or unchecked automation could amplify rather than mitigate harm. Industry surveys show growing recognition that AI augments but does not replace skilled practitioners, even as workforce shortages push greater reliance on intelligent automation.
Sources
- https://www.sans.org/webcasts/
- https://www.sans.org/cyber-security-courses/ai-powered-security-automation
- https://www.sans.org/blog/automating-security-ai-whats-new-sec573
- https://www.youtube.com/watch?v=yAZuebWQi6I
- https://www.linkedin.com/posts/jameslyne_sec573-ai-powered-security-automation-building-activity-7427126644638777345-63Wk
- https://www.cyberdefensemagazine.com/2026-cybersecurity-forecast-ai-powered-threats-to-significantly-intensify-the-threat-landscape
- https://www.isaca.org/resources/news-and-trends/industry-news/2026/the-6-cybersecurity-trends-that-will-shape-2026
- https://www.sec.gov/files/2026-exam-priorities.pdf
- https://www.sec.gov/featured-topics/cybersecurity
You might also like
- Feb 24SANS Surge 2026: Featured Keynote - Securing Your AI Transformation
- Feb 25Digital4Security Taster Workshops - Workshop 2: ML and DL for cybersecurity: overview of methods and applications
- Feb 27IMB Spotlight: Next-Gen Security Monitoring Webinar
- Mar 11Proofpoint Certified AI Agent Security Specialist 2026 - Session 2
- Mar 12[Product Demo] Delivering Real Learning Impact With AI