Birmingham IT adopts AI threat monitoring after months of anomalous traffic; staff recommend hardware and software refresh

The city's IT director on Saturday briefed commissioners on an infrastructure and cybersecurity program that relies on AI monitoring to detect threats and to reduce noise from false positives.

Eric Grunk said the city processed roughly 1.3 petabytes of traffic through the new monitoring tools and recorded more than 9,000 automated investigations; AI narrowed those to about 240 incidents requiring further review. The system monitors network traffic, endpoint behavior and email, and links with the city's firewall so that observed anomalies can trigger automated firewall actions. IT has also moved email quarantine and reporting to a platform that allows end users and administrators to see held messages and release legitimate mail.

Grunk recommended a phased hardware refresh of aging wireless access points (many more than 10 years old) and evaluated replacing Cisco gear with Ruckus equivalents to reduce support costs. He also noted that the city's current on-prem ERP vendor has announced a cloud-only roadmap; IT will evaluate alternatives and monitor vendor stability before committing to a cloud migration.

Commissioners asked for more detail about threat types and the mitigation chain; IT said privilege-escalation attempts, unusual machine-to-machine traffic and credential-harvesting attempts are among the top flagged categories and that AI and firewall integration have reduced the number of incidents that require manual intervention.

No immediate procurement decisions were made; staff said some upgrades will be included in upcoming budget requests.