The Three Legs of AI: Why Effective AI Requires More Than Just LLMs

By MixMode Threat Research / Jun 10, 2026
MixMode Threat Research

MixMode Threat Research is a dedicated contributor to MixMode.ai’s blog, offering insights into the latest advancements and trends in cybersecurity. Their posts analyze emerging threats and deliver actionable intelligence for proactive digital defense.

Artificial intelligence has quickly become one of the most discussed technologies in cybersecurity, business, and technology at large. As organizations rush to adopt AI-powered solutions, many are gravitating toward Large Language Models (LLMs) and generative AI tools as the answer to nearly every challenge.

In his recent Forbes article, The Three Legs of AI: A Framework for Building Successful AI Systems, MixMode Chief Strategy Officer Matt Shea argues that this approach overlooks a fundamental reality: no single AI technology is the right solution for every problem.

Drawing on DARPA's Three Waves of AI framework, Shea explains that successful AI systems rely on three distinct forms of intelligence working together:

Deterministic AI: Handwritten Logic

The first wave of AI consists of deterministic systems, often known as expert systems. These technologies operate on predefined rules and logic, producing the same output every time they receive the same input.

Examples include tax preparation software, workflow automation, and traditional cybersecurity tools that rely on signatures, rules, and thresholds to identify known threats.

Deterministic systems excel at solving clearly defined problems, but they struggle when complexity increases beyond what humans can manually encode.

Statistical AI: Learning from Data

The second wave introduced machine learning and neural networks, enabling systems to learn patterns from large datasets rather than relying solely on handcrafted rules.

This statistical approach powers many of today's most recognizable AI technologies, including LLMs such as ChatGPT and Claude. These systems predict likely outcomes based on patterns observed during training, making them highly effective for language generation, content creation, and a wide range of analytical tasks.

While powerful, statistical AI also has limitations. It can be expensive to operate, prone to inaccuracies or hallucinations, and may not perform well in environments that require precise, real-time understanding of highly dynamic systems.

Contextual AI: Understanding the Environment

The third wave of AI, which DARPA describes as contextual adaptation, focuses on understanding how systems evolve over time and how behavior changes based on specific circumstances.

Rather than asking what is statistically likely, contextual AI asks what is expected in a particular environment at a particular moment.

This approach is especially valuable when analyzing complex, dynamic systems where context matters. Factors such as time, relationships between entities, evolving behaviors, and environmental conditions all influence what should be considered normal or abnormal.

According to Shea, contextual AI represents a critical capability for organizations looking to solve real-world operational challenges where static rules and generalized machine learning models fall short.

Why This Matters for Cybersecurity

Cybersecurity environments are constantly changing. Networks, users, applications, devices, and attackers all evolve continuously. Threats that have never been seen before often do not match existing signatures or historical attack patterns.

This is where relying exclusively on first-wave or second-wave AI can create blind spots.

Traditional rules-based tools can only identify known threats. Machine learning systems often depend on historical training data that may not reflect the latest attack techniques. As attackers increasingly leverage AI themselves, defenders need technologies that can adapt just as quickly.

How MixMode Applies Third Wave AI

MixMode was built around the principles of Third Wave AI long before generative AI became a mainstream topic.

Unlike conventional cybersecurity platforms that rely on rules, signatures, thresholds, or extensive training periods, MixMode uses patented, self-supervised AI powered by dynamical systems theory to understand the unique behavior of each environment in real time.

MixMode's contextual AI continuously learns and adapts without requiring historical training data, human tuning, or predefined models. By establishing a dynamic understanding of normal behavior, the platform can identify subtle deviations that may indicate known threats, novel attacks, zero-day exploits, or emerging AI-driven attack techniques.

The result is a truly autonomous threat detection capability that delivers:

  • Real-time detection of known and unknown threats
  • Context-aware analysis tailored to each organization's environment
  • Rapid deployment without lengthy training periods
  • Significant reduction in false positives and alert fatigue
  • Improved SOC efficiency and faster response times

As Matt Shea explains in his Forbes article, the future of AI is not about relying on a single technology. It's about applying the right combination of deterministic, statistical, and contextual intelligence to the right problem.

For cybersecurity, where environments are dynamic and threats evolve continuously, contextual AI provides a critical advantage.

Read the Full Forbes Article

For a deeper look at DARPA's Three Waves of AI framework and why organizations need all three approaches to build effective AI systems, read Matt Shea's full Forbes article: The Three Legs of AI: A Framework for Building Successful AI Systems.

Signup for the MixMode Wave Newsletter
Your Monthly Resource for the Latest News, Events and Resources