High accuracy, hidden risks: AutoML can’t be trusted blindly in cyber defense

A new empirical study investigates the real-world performance of automated machine learning (AutoML) tools in cybersecurity. The research, titled “AutoML in Cybersecurity: An Empirical Study” and published as a preprint on arXiv, systematically evaluates eight widely used open-source AutoML frameworks on 11 benchmark cybersecurity datasets.

The findings challenge the perception that AutoML can be a one-size-fits-all solution, highlighting the critical role of data properties, tool configuration, and expert oversight.

How the study evaluated AutoML in cybersecurity

The researchers focused on the most common cybersecurity tasks: intrusion detection, malware classification, phishing detection, fraud prevention, and spam filtering. They selected 11 public datasets that represent these real-world threat domains and tested eight leading open-source AutoML frameworks.

Performance was assessed on balanced accuracy, overall accuracy, runtime, and model complexity—key metrics for operational security environments. The study also tracked the best model types chosen by each AutoML tool, revealing patterns in algorithm selection and overfitting tendencies.

The authors stressed that their benchmarking was designed to reveal not just headline accuracy scores but also the practical trade-offs between speed, interpretability, and robustness that influence deployment decisions in production cybersecurity systems.

What the study found about tool performance and risks

The evaluation produced a mixed performance landscape. No single AutoML framework consistently outperformed others across all datasets and threat categories. Instead, the top-performing tool shifted depending on the task and data characteristics.

A key finding was that most AutoML tools tended to favor tree-based models and ensembles, which often delivered high accuracy but raised concerns about interpretability and overfitting. The study noted that these complex models may perform impressively on benchmark datasets but pose challenges in regulatory and high-stakes operational settings where explainability is critical.

Another notable observation was the wide variation in runtime efficiency. Some tools were significantly faster at training models on the same datasets, while others achieved marginally better accuracy at the cost of much longer computation times. This finding underscores that performance in cybersecurity cannot be measured by accuracy alone, as real-world applications often require timely model updates and deployment.

The authors also highlighted how dataset-specific properties, such as class imbalance, data drift, or potential leakage, can distort AutoML-reported metrics. In some cases, near-perfect accuracy scores were linked to quirks in the datasets rather than genuine modeling breakthroughs, emphasizing the need for rigorous data hygiene.

Practical lessons for cybersecurity teams

While AutoML can reduce the workload for building machine learning models, it is not a substitute for domain expertise. They offer several practical lessons for organizations seeking to leverage AutoML in security workflows.

First, teams should test multiple AutoML frameworks on their own data before committing to one. The paper’s evidence shows that tool performance varies widely by dataset, and relying on a single framework risks suboptimal outcomes.

Second, they recommend robust data preprocessing and validation pipelines to guard against overfitting, leakage, and drift. Without careful attention to these factors, automated pipelines can produce misleadingly strong results during development that fail in real-world operation.

Third, decision-makers should weigh trade-offs between model interpretability and raw performance. In regulated sectors or critical infrastructure, slightly less accurate but more transparent models may be preferable for accountability and trust.

Finally, the authors stress the importance of monitoring and retraining. Cyber threats and data patterns evolve over time, and even the best AutoML models require ongoing assessment to remain effective.