I have been working with (read monitoring) active and passive IDSs for about five years now. I have tested various blends of string/rule based, anomaly based, behaviour based and have been in various lengthy discussions on AI and nerual net IDS.

The biggest drawback with any system that will "learn" is that if a particular pattern of activity is seen often enough by the AI it will "learn" that it is valid activity. With a monitored system of any basis you will have the human (a.k.a. button-pushing monkey) sitting on the other end of a connection who can apply far more interpretation than any AI or nerual net I have seen demo'd so far. A human monitor can recall a past event and find similarities (so long as they are paying attention) and begin to see patterns where the neural net and AI systems will look back to see that the previous similar event was considered "safe" and had been normalized.

That is the biggest draw-back that I am aware of. The automated systems have the bad habit of accepting consistent events as normal given enough time. I am not saying AI and neural nets will not eventually work well - I hope they do - but I don't think the human monitor should ever be taken completely out of the loop.