Dimensions
This framework assesses ten dimensions of AI/LLM use in detection engineering, grouped into Foundations (people, process, and technology) and Detection Lifecycle (tactical operations).
Foundations
Section titled “Foundations”These dimensions aren’t unique to detection engineering. They apply to any team adopting AI. But they have specific weight here because detection engineering operates on sensitive telemetry, ships code that runs against production data, and lives or dies on signal quality.
- Strategy & Governance
- People & Skills
- Tooling & Infrastructure
- Data & Knowledge
- Evaluation & QA
- Security, Privacy & Safety
Detection Lifecycle
Section titled “Detection Lifecycle”These dimensions describe AI use at each stage of the detection lifecycle, from detection opportunity ideation to authoring, testing, tuning, and continuous improvement. They’re the dimensions where AI directly touches detection content and outcomes.
- Detection Opportunity Ideation
- Detection Authoring
- Detection Testing & Validation
- Tuning, Coverage & Continuous Improvement
How to read a dimension page
Section titled “How to read a dimension page”Each dimension page contains four sections:
- What it covers. The scope of the dimension.
- Why it matters for AI in Detection Engineering. The specific risks and opportunities that make this dimension worth assessing.
- Level descriptors. The four maturity levels for this dimension, verbatim from the matrix.
- Anti-patterns. Common failure modes I’ve seen worth watching for.