AI Won’t Shrink The Workload… It Will Reshape Who Carries It.
A few days ago, Ross Haleliuk wrote something on LinkedIn that named a pattern a lot of us in this industry have felt without having the language for it. His post pointed to the Jevons Paradox, an economic principle from the 1860s that observes when something becomes more efficient and cheaper to use, people don't use less of it. They use more.
Ross’s examples are familiar to anyone who has watched a tech budget grow over the last decade. Storage got cheaper, so companies stored more data. Compute got cheaper, so companies ran more workloads. Cloud infrastructure got easier to provision, so organizations built bigger, more complex environments. In every case, the efficiency gain didn't get banked as savings. It got reinvested as scale.
His application to security is the part worth sitting with. If AI helps an analyst process twice as many alerts, the organization doesn't decide to process half as many and call it a day. It collects more logs, enables more detections, and opens more investigations. If AI makes vulnerability analysis faster, teams don't scan less. They scan more systems, surface more findings, and chase more leads. As Ross puts it, security is “a never-shrinking amount of work,” and the more of it we automate, the more new work rises to fill the space that opens up.
His conclusion is about headcount: AI makes us more efficient, but it doesn't make us need fewer people. It just means we're capable of doing more work. We agree with every word of that. But at Green Shoe, we'd push the argument one step further, because the question we care about isn't only “how many people does this take.” It's “what is this work doing to the people doing it.”
The Capacity Nobody Is Tracking
Every security organization we've worked with tracks Mean Time to Detect and Mean Time to Recover for its systems. Almost none of them track the equivalent number for their people. And that's the gap the Jevons Paradox quietly exploits. When AI compresses the technical recovery curve, expectations recalibrate around the new machine speed. Nobody resets the human recovery curve to match, because most organizations don't have a number for it in the first place.
This is the core idea behind H-MTTR™, the Human Mean Time to Recovery framework we've built at Green Shoe. Technical systems and the people operating them recover on different clocks. A SOAR platform can return to baseline in minutes. A human nervous system that's been running on sustained vigilance does not. When an organization treats those two recovery curves as interchangeable, the gap between them becomes a structural source of chronic stress, and eventually, burnout. AI doesn't close that gap. Left unmanaged, it widens it.
Three Ways the Paradox Lands on a CISO's Desk
The expanded scope Haleliuk describes doesn't stay abstract. It shows up in specific, felt ways for the people running security programs.
The first is tempo compression. As detection and response speed up, the cadence of decision-making speeds up with it, often faster than a person can metabolize stress and recover between incidents. The second is what we'd call the oversight tax. AI doesn't remove human judgment from security work, it relocates it. Analysts shift from doing detection to verifying, second-guessing, and being held accountable for outputs from a system whose reasoning they didn't fully control, a particular kind of vigilance that's exhausting in ways that don't show up cleanly on a dashboard. The third is a resourcing illusion. If leadership perceives AI as having solved a meaningful chunk of the workload, that perception can justify flat budgets and flat headcount even as the real scope of responsibility keeps expanding underneath it. The people who remain absorb a growing share of an enlarging problem, quietly, until something breaks.
None of this is a reason to slow down AI adoption in security operations. The efficiency gains are real and worth pursuing. But Haleliuk's framing and ours point to the same uncomfortable truth from different angles: efficiency without a deliberate plan for where the gains go doesn't produce relief. It produces more demand.
What Organizations Can Do Differently
The fix isn't complicated, but it is a choice, and most organizations don't make it on purpose. Every time AI creates capacity, leadership has two options: reinvest all of it into more scope, faster expectations, and flat staffing, or bank a portion of it deliberately, as protected recovery time, capped alert volume, or sustainable pacing for the humans still in the loop. The Jevons Paradox tells us which path organizations default to when nobody decides otherwise. It does not tell us which path they're required to take.
This is the conversation we have with every CISO Resilience Council we run. The goal isn't to resist AI adoption or to romanticize the way security work used to feel. It's to make sure that as the technical side of the house gets faster, someone in the room is explicitly responsible for asking what that speed costs the people executing it, and for building recovery into the plan rather than hoping it happens on its own.
Efficiency is not the same as relief. Haleliuk is right that AI will let us do more work with the same number of people. The question Green Shoe exists to answer is whether those people will still be standing when the work arrives.
Green Shoe Consulting is a human performance and recovery company built for the cybersecurity industry. If your organization is scaling AI in security operations and wants to think seriously about the human side of that equation, we'd welcome the conversation.