traditional security tools are determinstic whereas this “new-gen” ai tools are probabilistic.
What I mean that is, lets take WAF as an example. If you write a rule to block a request, the WAF will always block it.
But in the case if AI, if you ask your model to not do something. There are ways to make it do without even tampering the code or backend logic. Because AI’s output is generated based on probability, on a high level !