Aug 2nd, 2025 by Apu Pavithran

More with less — this is the clear theme facing both ecosystem hackers and protectors in this age of artificial intelligence. On one side of the cybersecurity equation, hackers are increasingly turning to inexpensive or free generative tools to scale up their attacks. They’re getting smarter about vulnerability discovery and exploitation through AI-enhanced social engineering and ransomware. On the other hand, enterprise admins are trying their best to protect expanding attack vectors from novel and growing threats, all the while dealing with a chronic talent shortage and therefore wearing more hats.

Both sides of the defense-offense paradigm are navigating the implications of automation in this new security landscape. For those protecting increasingly remote and dispersed ecosystems of varied endpoints, the question isn’t whether to embrace automation but how to do so most effectively. Operational complexity now demands intelligent orchestration, forcing a fundamental shift toward AI-powered automation as the most viable path forward. Manual IT management simply can’t compete against always-on, always-probing adversaries operating at machine speed.

Let’s examine the automation imperative facing admins today by focusing on device management — the AI-powered tools and processes that govern how admins provision, update, and monitor the thousands of endpoints connecting to modern networks. By doing so, we’ll explore how they can safely embrace this requirement to protect their organizations in an increasingly hostile digital environment.

Enterprise Device Management Scale Creates Overwhelming Challenges

The numbers are stacked against ecosystem admins. In a nutshell, they’re overseeing more apps and outdated endpoints while bad actors are growing more active and experimental. This scale makes manual device and ecosystem management more challenging than perhaps ever before.

To start, admins are expected to manage many more enterprise apps, including ones they can’t see. The average admin believes only 30 apps are used at their organization. Recent research shows the actual number is closer to 600. This means admins only have insight into roughly 5% of their software footprint, with unknown and undeclared tools causing licensing, security, and access headaches. Manually combating this level of shadow IT just isn’t feasible.

Likewise, there are many more endpoints to oversee, as modern enterprises often count hundreds to thousands of tablets, phones, laptops, and other devices. This attack vector is evident even on a small scale. The typical startup employs 15 to 20 team members, with each using at least two endpoint devices. New research suggests that 50% of mobile devices run outdated operating systems, meaning that half of these devices will not receive security support, automatically install new updates, or remain fully compatible with apps. These are backdoors that hackers can and do exploit. Now, extrapolate this threat to the size of an enterprise, and the potential attack vector comes into view.

Finally, each of these endpoints counts various operating systems. This means admins need to manage different update cycles, security protocols, and management tools. Worse, the same report finds that one in four devices is too old to upgrade its operating system. This is a red flag in and of itself since outdated systems contain known security flaws that hackers exploit with pre-developed attack tools. Last year, Android had 500 documented vulnerabilities, while iOS had more than 300. Each unpatched vulnerability represents a potential entry point for malicious actors.

TRENDING STORIES

1. You're Building AI Apps Backwards: The Model-Product Problem
2. Your AI Chatbot Is Only as Smart as Your Data Architecture
3. SaaS Sales Playbook Is Dead: Why Enterprise Buyers Are Ditching Multiyear Contracts
4. Smarter AI for Critical Operations: Why Data Matters
5. How AI Can Speed up Modernization of Your Legacy IT Systems

The math simply doesn’t work for manual device processes at enterprise scale. But even if admins could somehow manage this volume, they face an even more fundamental problem: the speed at which threats now evolve.

The Velocity and Ferocity of Growing Threats

Unfortunately, this decade isn’t getting any easier for admins. First, they dealt with the fallout of the pandemic, which forced teams to work remotely across a mix of owned and employee endpoints. Then, hackers pounced, upping their attacks at a time of weak supply chains and ecosystem uncertainty. Now, AI is delivering a productivity breakthrough for bad actors.

In a report released last year, 71% of ethical hackers believed that AI has enhanced the value of attacks, up from 21% in 2023. Moreover, 86% stated it has fundamentally altered their approach to hacking. This is evident in the escalating sophistication of threats, including social engineering, password cracking, and zero-day discovery.

For example, SMS-based phishing now accounts for two-thirds of mobile attacks, exploiting the speed gap between automated message generation and manual user education. By the time security teams identify and warn against new attack patterns, variations are already in circulation. This is why more than 80% of ethical hackers acknowledge that the threat landscape is changing too rapidly for traditional defenses to keep pace.

The Critical Talent Shortage in Cybersecurity Teams

To make matters worse, all of this is happening amidst a critical tech talent shortage. According to CyberSeek, which tracks cybersecurity jobs nationwide, there are only 72 qualified workers for every 100 cybersecurity jobs in demand. Compounding this vacancy challenge, cybersecurity leaders and workers are grappling with increasing career complexities and job dissatisfaction, leaving those who are employed to help cover understaffed and overworked teams. More with less.

It’s no wonder that burnout has become a critical issue, with half of cybersecurity professionals likely to experience emotional, mental, and physical exhaustion. Meanwhile, 47% of managed service providers report being overwhelmed by the volume of security data. Clearly, admins are reaching capacity with insufficiently skilled professionals to fill available positions, existing teams are struggling with information overload, and the complexity of required skills continues to expand. Automation, again, is critical in this context, helping to take some of this load and allowing admins to redirect their dwindling time and energy toward actual, significant security efforts.

AI-Enhanced Threat Detection and Response Systems

In this rapidly advancing age of AI, admins and enterprises alike realize they need to fight fire with fire. This means eliminating some of the grunt work, reducing manual processes, and safely embracing device automation. For example, this can begin with provisioning and management automation that oversees entire device lifecycles. Dynamic grouping sorts devices based on compliance status, location, or department, eliminating the need to assign and reassign devices as conditions change. This is particularly useful in tandem with cross-platform enrollment, which enables new devices to be configured and secured before they reach end-users. Additionally, automated discovery tools can continuously scan networks to identify unauthorized applications and blacklist them, bringing shadow IT under control.

With these foundations, admins can then explore new operations and maintenance methods. For example, AI-powered script generation can create custom automation scripts using natural language prompts, thereby democratizing technical capabilities that previously required extensive coding knowledge. Instead of spending hours writing scripts on PowerShell or Bash, admins can describe what they need and let AI generate the code.

Likewise, automated patch management can continuously monitor for security updates and deploy them during off-hours, with compliance monitoring automatically triggering and enforcing policies when devices drift from approved configurations.

Behavioral analysis tools can also detect zero-day exploits by identifying unusual device activity patterns, and centralized device management platforms can automatically filter SMS phishing attempts and push real-time security alerts to employees.

Geofencing and location-based policies that adjust device permissions and access rights based on location can also provide much-needed relief. As a result, admins don’t need to work overtime whenever employees are traveling or working away from the office.

Similarly, auto-generated and scheduled reports can quickly deliver compliance summaries, eliminating the manual data collection and formatting that traditionally consumes many hours. Collectively, these automated approaches represent a fundamental shift from reactive, manual oversight to proactive, smart management of devices across an enterprise, wherever they may reside.

Why Automation Is Essential for Business Survival

The automation imperative is equal parts tech trend and business survival. With the global average cost of a data breach reaching about $5M in 2024 — a 10% increase over the previous year and the highest total ever — it’s evident that manual security approaches are becoming business-threatening liabilities. IT teams and businesses need to stay in step with not only new attack vectors but also efficiency enablers. Automation done right achieves both of these ends, making life easier for admins who are constantly battling against time, resources, and threats.

The good news? Man and machine can work together to nip emerging device threats in the bud. Only about 20% of ethical hackers believe AI outperforms humans, and even fewer think it matches human creativity. This means admins — enhanced by AI to cover the basics — can stop firefighting and instead strategically think, act, and defend. Backed by intelligent automation that can handle tasks such as patch management and compliance monitoring, as well as monitor zero-day vulnerabilities and provide real-time threat detection, admins can more wisely reinvest their endpoint efforts.

Automation isn’t about having machines do everything, but rather about returning admin agency to get a better handle on their ecosystem. It’s past time that we bring device management into the modern era with predictive analytics and automated threat response. This way, admins can do more with less and best respond to growing threats.

Apu Pavithran is the founder and CEO of Hexnode. Recognized in the IT management community as a consultant, speaker, and thought leader, Apu has been a strong advocate for IT governance and information security management.