AI Cybersecurity Pipelines: Understanding Throughput, Bottlenecks, and Human Authority

      Informal discussions about Artificial Intelligence (AI) in cybersecurity often revolve around broad statements: AI accelerates both attackers and defenders, human judgment remains irreplaceable, and more alerts inevitably lead to more noise. While these assertions influence policy and investment, their underlying conditions—when they hold true or false—often lack formal grounding. A recent academic paper by Surasak Phetmanee, titled "Constraint Migration: A Formal Theory of Throughput in AI Cybersecurity Pipelines" (Source: arXiv:2603.26733), offers a robust mathematical framework to analyze these dynamics, providing clarity for enterprises navigating AI integration.

      This paper models cybersecurity operations as a "pipeline"—a sequence of discrete stages, each with a specific processing capacity. The overall speed, or throughput, of this system is determined by its slowest stage, known as the bottleneck. AI's role is formalized as a "multiplier" that can enhance a stage's processing capacity. By establishing clear definitions and mathematical proofs, the research clarifies how AI truly impacts operational efficiency, human involvement, and the critical challenge of false positives.

Understanding the Cybersecurity Pipeline and AI's Role

      A cybersecurity pipeline can be envisioned as any serial process where data, alerts, or tasks flow through successive stages. For example, a security operation might involve stages such as initial threat detection, log analysis, alert correlation, incident investigation, and response deployment. Each stage possesses a finite processing capacity—the amount of work it can handle per unit of time. The overall throughput of the entire pipeline is constrained by the stage with the lowest capacity; this is the bottleneck. Improving any stage that isn't the bottleneck will not, by itself, increase the system's overall speed.

      AI is introduced into this model as an "admissible multiplier." This means that AI tools can increase the capacity of specific stages by a factor greater than or equal to one. For instance, AI-powered threat detection might process more network traffic per second, or an AI-driven analysis tool might process more alerts per minute. This formalization allows for a precise analysis of how AI interventions ripple through the entire operational flow. For organizations deploying AI for critical functions like real-time surveillance and threat identification, ARSA provides solutions like AI Video Analytics, designed to significantly enhance the processing capacity of initial detection and analysis stages.

The Bottleneck Paradox: When AI Boosts Don't Boost Throughput

      A central finding of the formal theory relates to how AI improvements interact with bottlenecks. The research proves that if an enterprise invests in AI to accelerate a cybersecurity stage that is not currently a bottleneck, the overall system throughput will remain unchanged. This is the "bottleneck paradox" in action: efforts focused on non-limiting stages are effectively wasted in terms of overall system speed.

      Conversely, for the system's throughput to strictly increase, every existing bottleneck stage must be improved by AI. If even one original bottleneck retains its initial capacity (i.e., its AI multiplier is 1), the system's overall speed will not improve beyond that bottleneck's capacity. This highlights the critical importance of accurate bottleneck identification and strategic AI deployment. Solutions like ARSA's AI Box Series can offer pre-configured edge AI systems for rapid deployment at identified bottleneck stages, ensuring that improvements are precisely targeted for maximum impact.

The Human Element: AI's Limits in Critical Decision-Making

      A common argument is that AI cannot fully replace human judgment in cybersecurity. The formal theory addresses this by introducing a "human authority constraint." This constraint models stages where human intervention is mandatory, and their capacity cannot be accelerated by AI (i.e., their AI multiplier remains 1).

      The theory proves that if a non-empty subset of pipeline stages is constrained by human authority, the overall system throughput cannot exceed the smallest capacity among those human-constrained stages. This upper bound is tight, meaning that even with unlimited AI acceleration on all other stages, the human-governed bottleneck will ultimately dictate the system's maximum speed. This emphasizes that while AI can significantly augment human capabilities, strategic investment must also consider enhancing human performance, providing them with better tools, training, or support to process critical information more efficiently. This perspective underscores ARSA Technology's commitment to building human-centered AI systems, as reflected in our company values.

The AI Arms Race: Attacker vs. Defender Throughput Dynamics

      In the adversarial landscape of cybersecurity, both attackers and defenders are increasingly leveraging AI. The question then becomes: who benefits more from this technological arms race? The formal theory provides an algebraic equivalence: the attacker-defender throughput ratio worsens for the defender if and only if the attacker's relative throughput gain (the proportional increase in their operational speed due to AI) exceeds that of the defender.

      This means that simply adopting AI is not enough for defenders; they must ensure their AI implementations provide a superior relative advantage over the attackers' AI capabilities. This insight pushes beyond a simplistic "AI vs. AI" view, focusing instead on the differential impact of AI adoption on each side's operational efficiency. For enterprises, this means not just deploying AI, but continuously optimizing and updating AI systems to maintain a lead in the dynamic threat landscape.

Beyond Alert Fatigue: The Nuance of False Positives

      The informal argument "more alerts means more noise" points to the problem of alert fatigue, where an increased volume of alerts, many being false positives, overwhelms human analysts and reduces overall effectiveness. The formal theory examines this with a "fixed false positive fraction model," where a constant percentage of alerts are assumed to be false.

      Surprisingly, the paper proves that under this fixed false positive fraction model, "useful throughput" (the rate of genuine threats identified) remains constant or even plateaus above a certain investigation capacity, rather than declining. This establishes that the commonly asserted paradoxical decline is impossible under this specific model. However, the theory also repairs this finding: if the precision (the fraction of true positives) is a strictly decreasing function of the alert rate, then the predicted decline in useful throughput can indeed be recovered. This highlights the critical need for AI systems that not only detect threats but do so with high and consistent precision, avoiding the generation of overwhelming false alerts that cripple human response capabilities. ARSA's solutions are built with an emphasis on accuracy and reliability, offering up to 99.7% accuracy in AI Video Analytics software, directly addressing the precision challenge.

Strategic Implications for Enterprise AI Cybersecurity

      The formal theory developed in this paper provides vital guidance for enterprises investing in AI for cybersecurity. It moves beyond abstract claims to offer concrete conditions under which AI will deliver tangible improvements. Key takeaways for strategic deployment include:

• Targeted Investment: Identify and prioritize AI solutions for actual bottleneck stages to maximize throughput gains. Improving non-bottlenecks is futile for overall speed.
• Human-AI Synergy: Acknowledge and plan for the inherent limits imposed by human-constrained stages. AI should augment, not merely automate, human roles, and investment should also focus on empowering human analysts.
• Adversarial Awareness: Ensure AI deployments offer a relative advantage against evolving threats, not just an absolute increase in capacity.
• Precision Over Volume: Prioritize AI systems that maintain high precision even at increased detection rates to avoid alert fatigue and ensure useful throughput truly benefits operations.

      By understanding these formal principles, organizations can make more informed decisions about where and how to deploy AI, transforming their cybersecurity operations with measurable impact. This deepens the strategic understanding necessary for robust and effective AI integration in critical infrastructure and enterprise environments, where ARSA Technology has been experienced since 2018 in providing production-ready systems.

      To explore how ARSA Technology's AI and IoT solutions can help optimize your enterprise's cybersecurity pipelines, we invite you to contact ARSA for a free consultation.

      Source: Phetmanee, Surasak. "Constraint Migration: A Formal Theory of Throughput in AI Cybersecurity Pipelines." arXiv preprint arXiv:2603.26733 (2026).