I still see the advantage for the home user using an AI based AV like Cylance or others that are also used in corporate environments. Corporate environments are where most of the real bad malware is found first and mitigated. As such logic would suggest that these apps will will have learned how to deal with them well before home signature based AVs .
Default-allow is built upon the premise that users don't know how and won't put forth the effort to find out how to do.
The fallacy that the industry perpetuates is that by installing a security soft, all your security problems are solved.
"Install our Next-Gen Ai\ML soft and you are protected."
Nope. It's a lie. (At it's most basic level without any considerations of the gray-scale. What they really mean is that you are protected figuratively and not absolutely.)
And the greater lie being shilled over the past few years is that Ai\ML can and will do everything better.
"Let the Ai\ML do everything for you. It will do it better for you than you could ever do for yourself."
Nope. That's a lie too. (See previous note, above. When it comes to IT security, people have got to somehow come to understand that there are things that only they can do for themselves.)
The sad fact is that most people believe the lies (or half-truths or whatever one wishes to call them.)
It's all fine when talking within the context of gray-scale, but use absolutes (black and white) as the standard, then everything falls apart.