A human manager isn't likely to count the number of emails you send from your work account every day – in this privacy-aware day and age they'd be asking for a lawsuit if they did.
But a machine learning algorithm can build up a profile on user behaviour and be ready when a given activity doesn't fit. In one example a user sent 2,000 emails in a day when the normal level for his job function was 15. The system – which had built up a fair idea of how many emails certain employees normally send – notified managers after deciding something was up all by itself.
When they realised the employee had sent so many emails on his last day with the company, it was cause to investigate further in case he'd been transmitting confidential data or restricted CRM records to give him a leg-up in his next job.
Machine learning algorithms are very good at all the minute details about what time you log in to your work intranet, what database you usually access to perform your job, numbers you usually call, etc.
AI algorithms are also really good at a process called 'at scale feature extraction'.
Scanning every line of code in a program consumes processing resources and takes time. Some malware can be released in hundreds of thousands of variants – too many for your internet security application to scan and quarantine when time is of the essence.
It's much more efficient to let a program reveal features of what it does like opening documents, copying itself, accessing kernel files (the critical information that runs your computer), etc.
AI is great at abstracting software behaviour into features like the above because it can teach itself about how code in other programs performs similar actions and get a much clearer (and faster) picture about what the program does, which in turn gives it a much more accurate clue about its intentions.