You can set this up in a non-production environment and realise a lot of the benefits. It would also help you figure out better ways to manage your logs such that you can improve signal-to-noise ratio in monitoring solutions and alarming.

Not convinced "AI" is needed for this sort of around the clock pen testing - a well-defined set of rules that is being actively maintained as the threat landscape changes, and I am pretty sure there are a bunch of businesses that offer this already - but I think constant attacking is the only way to really improve security posture.

To quote one of my favourite lines in Neal Stephenson's Anathem: "The only way to preserve the integrity of the defenses is to subject them to unceasing assault".