I would expect it to sift through the SIEM, discard bot noise, discard skiddies and find the targeted attacks with a priority on successful attacks. I would expect it to follow whatever incident responses process is in place but in milliseconds, route the attacker to a dummy environment and keep them busy whilst simultaneously building a legal case against them and chatting with a courtroom ChatGPT system, get court order and warrants. Well at least the first part for now.<p>Bonus if it can de-anonymize the criminals, take control of their C&C nodes and seize their mule bank accounts and send live video streams of the criminals.