Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
Security operations centers (SOCs) are under siege by a new wave of automated adversarial attacks. These attacks move at unprecedented speed and are proving difficult to detect, decipher and defend against.
With adversaries achieving breakout times of just two minutes and seven seconds, it’s not a question of if an SOC is going to be attacked, it’s when. And 77% of enterprises have already been victims of adversarial AI attacks.
For an SOC to protect itself and its company infrastructure, speed is crucial.
Enter agentic AI
Agentic AI helps SOCs automate decision-making, adapt to evolving threats, and streamline workflows, including alert triage and incident response. It’s proven effective at improving efficiency and strengthening security by identifying risks while reducing the manual effort needed to track them.
Leading cybersecurity providers offering agentic AI solutions for SOCs include Arcanna.ai, Cato Networks, Cisco Security Cloud, CrowdStrike (Falcon platform with Charlotte AI), Dropzone AI, Google Cloud Security AI Workbench, Microsoft Security Copilot, Nagomi Security, Palo Alto Networks and Zscaler.
“The speed of today’s cyberattacks requires security teams to rapidly analyze massive amounts of data to detect, investigate and respond faster. Adversaries are setting records, with breakout times of just over two minutes, leaving no room for delay,” George Kurtz, president, CEO and cofounder of CrowdStrike, told VentureBeat during a recent interview.
Plan for SOC teams and agentic AI to strengthen each other
For any agentic AI or broader SOC AI implementation to be successful, human-in-the-middle workflows are essential. Gartner’s recent report, “Predict 2025: There Will Never Be an Autonomous SOC,” reinforces VentureBeat’s observation of how SOCs are piloting and adopting agentic AI and broader AI apps and platforms. “Security leaders and senior operational staff need to identify where human-led SOC functions persist and how to transition SOC analysts to roles that require more human-in-the-loop decision-making,” advises Gartner.
The report predicts that by 2026, AI will increase SOC efficiency by 40% compared to 2024 efficiency, beginning a shift in SOC expertise toward AI development, maintenance and protection.
To integrate agentic AI effectively, SOCs need a clear framework that balances technology with human expertise. Gartner’s expanded SOC model below illustrates how roles, capabilities and objectives align to enhance efficiency and adaptability.
SOC challenges are a perfect use case for agentic AI
SOCs need agentic AI that matches the speed and insight of attackers if they’re going to stand a chance of thwarting an intrusion or breach attempt.
Many SOCs are understaffed. Many also find it challenging to make sense of data from legacy security information and event management (SIEM) systems that lack visualization techniques or the ability to use graph databases to map threats.
The need to get beyond thinking in lists, and think more in graphs like attackers do when they plan a breach, is one of several factors driving a strong graph database arms race across the industry.
Struggling to keep up with the torrent of alerts, false positives and ongoing maintenance work, SOC teams face these challenges daily:
Legacy systems leave SOCs exposed to growing AI threats. SOCs remain burdened by outdated SIEM systems, legacy endpoint detection and response (EDR), firewalls, and intrusion detection systems (IDS/IPS) that aren’t equipped to address the speed and complexity of AI-driven threats. Shlomo Kramer, CEO of Cato Networks, told VentureBeat during a recent interview, “The greatest threat to organizations is their security infrastructure complexity. Point products create gaps in their security posture, leaving them prime targets for threat actors.” Kramer added, “Over the next five years, I see cyber threats evolving across three dimensions: tactically, with AI-versus-AI battles; operationally, through infrastructure complexity; and strategically, shaped by geopolitical conflicts. Organizations relying on fragmented legacy tools will struggle to defend against these escalating threats.”
Chronic alert fatigue leads to missed intrusion attempts and high staff turnover. SOC analysts struggle to keep up with the thousands of alerts, false alarms and incompatible reports from multiple legacy SIEM and SOAR systems across their centers. CISOs report seeing up to 10,000 events a day coming across their operations center’s broad base of systems. They question whether it’s the best use of their analysts’ time to find the three or four that are actual threats when AI has already proven itself capable of detecting anomalous events.
Organizations face staffing shortages for key SOC roles. It’s nearly impossible for many entrepreneurs to scale their SOC teams with internal talent only. While hiring from the outside is always an option, SOC teams need to invest in their team’s continual training and career development to retain business expertise while strengthening cyber expertise.
A growing tidal wave of security data risk threatens to overwhelm SOC teams. Kurtz echoed the gravity of the challenge in a recent interview, “One of the main problems in security is a data problem, and it’s one of the reasons why I started CrowdStrike. It’s why I created the architecture that we have, and it’s incredibly difficult for SOC teams to sort through this massive amount of data and volumes to find threats.”
Where agentic AI is making an impact
The most significant payoff from agentic AI will come from augmenting SOC analysts and teams with automation of routine tasks while giving them more cutting-edge intelligence tools to learn with.
VentureBeat is seeing agentic AI impacting the following areas:
Achieving efficiency gains at scale for the most routine, repetitive tasks. Agentic AI pilot and production systems are delivering improved efficiencies by automating routine tasks at scale. Vasu Jakkal, corporate vice president at Microsoft, shared with VentureBeat in a recent interview the results of research her company completed on Security Copilot productivity gains. “The study showed that early career professionals using Security Copilot were 26% faster and 35% more accurate. Seasoned professionals using the tool were 22% faster and 7% more accurate, with 90% expressing a desire to use it again,” Sakkal said.
Threat detection, analytics and intelligence in real time, while also finding anomalies in massive datasets. Agentic AI apps and the platforms supporting them are effective in identifying potential threats and anomalies that humans might miss. And human-in-the-loop design helps keep agentic AI models continually learning and fine-tuning their ability to identify threats.
Helping SOCs accelerate incident response. Core to the design of every agentic AI app, system and platform is the ability to identify and isolate key incident response tasks in real time to remediate threats faster. VentureBeat recently spoke with Torq CTO Eldad Livni about his company’s multi-agent system, which he described as “transforming SOC operations by breaking complex workflows into specialized, interconnected tasks handled by dedicated agents. This approach ensures every alert is triaged, investigated and resolved with precision, reducing human error and enabling SOC teams to scale operations efficiently.”
Continuous Learning. Agentic AI strengthens detection engineering in SOCs, where systems analyze large threat intelligence datasets at scale. LLMs are being trained to help security teams differentiate real threats from false positives, delivering real-time, contextual insights that save SOC analysts valuable time. VentureBeat has learned that these capabilities are driving measurable improvements in threat response.
Agentic’s AI’s success relies entirely on human collaboration
“It’s not about replacing human beings; it’s about augmenting humans,” Elia Zaitsev, CTO of CrowdStrike, told VentureBeat in an earlier interview. “It’s that AI-assisted human, which I think is such a key concept…I think too many people in technology — and I’ll say this as a CTO, I’m supposed to be all about the technology — the focus sometimes goes too far on wanting to replace the humans. I think that’s very misguided, especially in cyber.”
READ SOURCE