Security practitioners have been using "AI" for over a decade. License plate recognition, facial matching, behavior-rule alerts, exception-based reporting in retail. This AI has been genuinely useful. It is also fundamentally different from what's available now, and confusing the two is causing organizations to either over-invest in the wrong things or dismiss capabilities that would meaningfully change what they can do.
The distinction that matters: rule-based AI is pre-programmed. It finds what it was told to look for. LLM-based AI is queryable. You can ask it things its designers never anticipated.
What rule-based AI does
Traditional video analytics work by encoding rules: if a person spends more than X seconds in zone Y, trigger an alert. If an object appears and disappears in under Z minutes, flag for review. If vehicle type matches license plate pattern, log the event.
This is powerful for the use cases it was designed for. It's also completely static. If the security team didn't think to create a rule for a specific threat pattern, the system doesn't find it. Sophisticated theft rings specifically adapt to avoid the patterns that rule-based systems are trained to catch.
The limitation shows up most clearly in organized retail crime. ORC operations study security systems, understand the alert thresholds, and stay below them. A single event below the loss-prevention threshold generates no alert. A hundred events spread across locations over three months, each individually below threshold, generates nothing — unless someone specifically designed a cross-location pattern detection rule, which requires knowing the pattern exists before you've seen it.
What generative AI changes
The capability that LLM-based video analysis introduces is natural language querying. Instead of writing a detection rule in advance, you ask a question in ordinary language after the fact: "Are there any security guards talking on a cell phone in this footage?" "Are there empty clothing racks in the women's section over the last 72 hours?" "Show me every instance of a person entering through the back exit between midnight and 4am."
These questions can be asked by anyone in ordinary language. They don't require pre-programming. And critically, they can be asked about historical footage — you can run a query against months of video that was never flagged by any rule.
The investigative implication is significant. Traditional investigation starts from a known event and searches for evidence. LLM-based video analysis lets you start from a hypothesis and search for patterns. "I think this group has been here before" becomes a query you can run, not a manual review of hundreds of hours of footage.
I've seen this in practice: ask a system whether any vehicle matching a specific description appeared in parking lot footage across multiple store locations in a 60-day period. In minutes, you have an answer that would have taken a team of analysts weeks of manual review. The same query approach works in most languages, across multiple camera systems simultaneously, for questions the original system designers never anticipated.
What hasn't changed
The limitations of AI in security haven't disappeared because the underlying technology changed.
False positives still require human judgment. The system that flags 200 instances of cell phone use still needs an analyst to determine which of those are worth investigating. AI narrows the field. It doesn't replace the judgment about what matters.
Garbage in, garbage out still applies. Poor camera placement, inadequate lighting, low-resolution footage, and inconsistent naming conventions in historical data all limit what AI can find. The technology is only as good as the underlying evidence it has access to.
Connection to action still requires process. The most powerful video AI finding is useless if the organization doesn't have a workflow to act on it. Pattern detection that identifies a suspected ring requires case documentation, sharing protocols, and coordination with law enforcement. The AI helps you see it. The humans have to decide what to do about it.
Data ownership and IT constraints are real. Many organizations can't easily deploy new systems on their existing video infrastructure. IT policies about cloud data storage, vendor agreements, and network architecture determine what's actually deployable — regardless of what the technology is capable of.
The education gap
The security industry is significantly behind on understanding what current AI can do. At conferences on retail crime and enterprise security, the typical conversation among practitioners is about whether AI is overhyped or whether it actually works. That conversation is five years behind the technology.
The useful conversation is more specific: which AI capability addresses which security problem? Rule-based detection is the right tool for high-volume, well-defined threat patterns. LLM-based querying is the right tool for investigation, pattern discovery, and finding things you didn't know to look for. These are different tools for different jobs, and treating them as interchangeable produces poor decisions in both directions.
The practitioners who get this right have usually moved past the "AI vs. no AI" debate and are asking more specific questions: what data do we own, what questions do we want to ask of it, and what tools answer those questions accurately? That's a different conversation, and it produces better outcomes.
PurviewX builds intelligence platforms that start from operational data and the questions that matter. Start a conversation.