Join our daily and weekly newsletters for the latest updates and exclusive content covering cutting-edge AI. Learn more
Security operations centers (SOCs) are under siege by a new wave of automated adversarial attacks. These attacks move at unprecedented speed and prove difficult to detect, decipher and defend against.
With opponents reaching break time of just two minutes and seven secondsthe question is not if a SOC will be attacked, but when. And 77% Companies have already fallen victim to AI adversarial attacks.
For a SOC to protect itself and its business infrastructure, speed is crucial.
Enter Agentic AI
Agentic AI helps SOCs automate decision-making, adapt to evolving threats, and streamline workflows, including alert triage and incident response. It has been proven to improve efficiency and enhance security by identifying risks while reducing the manual effort required to track them.
Leading cybersecurity vendors offering agentic AI solutions for SOCs include Arcanna.ai, Cato Networks, Cisco Security Cloud, CrowdStrike (Falcon platform with Charlotte AI), Dropzone AI, Google Cloud Security AI Workbench, Microsoft Security Copilot, Nagomi Security, Palo Alto Networks and Zscaler.
“The speed of today’s cyberattacks requires security teams to quickly analyze massive amounts of data to detect, investigate and respond more quickly. Adversaries are setting records, with escape times of just over two minutes, leaving no room for delay,” George Kurtz, president, CEO and co-founder of Crowd striketold VentureBeat in a recent interview.
Plan for SOC teams and agentic AI to reinforce each other
For any agentic AI or broader SOC AI implementation to be successful, workflows involving the human in the middle are essential. Gartner’s recent report, “Predicting 2025: there will never be an autonomous SOC”, reinforces VentureBeat’s observation on how SOCs are piloting and adopting agentic AI and broader AI applications and platforms. “Security leaders and operational executives should identify areas where human-led SOC functions persist and how to evolve SOC analysts into roles that require more human decision-making,” advises Gartner.
The report predicts that by 2026, AI will increase SOC efficiency by 40% compared to 2024 efficiency, beginning a shift in SOC expertise toward developing, maintaining, and protecting SOC. ‘AI.
To effectively integrate agentic AI, SOCs need a clear framework that balances technology with human expertise. Gartner’s extended SOC model below illustrates how roles, capabilities, and goals align to improve efficiency and adaptability.
SOC challenges are a perfect use case for agentic AI
SOCs need agentic AI that matches the speed and insight of attackers if they are to have any chance of thwarting an intrusion or breach attempt.
Many SOCs are understaffed. Many also struggle to make sense of data from existing SIEM (security information and event management) systems that lack visualization techniques or the ability to use graphical databases to map threats.
The need to move beyond thinking in lists and thinking more in graphs, as attackers do when planning a breach, is one of many factors. drive a robust arms race with a graphics database across the industry.
Struggling to keep up with the torrent of alerts, false positives, and ongoing maintenance work, SOC teams face these challenges daily:
Existing systems expose SOCs to growing AI threats. SOCs remain weighed down by outdated SIEM systems, endpoint detection and response (EDR) systems, firewalls, and legacy intrusion detection systems (IDS/IPS) that are not equipped to cope to the speed and complexity of AI-based threats. Shlomo Kramer, CEO of Cato Networkstold VentureBeat during a recent interview“The biggest threat to organizations is the complexity of their security infrastructure. Point products create gaps in their security posture, making them prime targets for bad actors. Kramer added: “Over the next five years, I see cyber threats evolving in three dimensions: tactically, with AI-on-AI battles; operationally, due to the complexity of the infrastructure; and strategically, shaped by geopolitical conflicts. Organizations that rely on fragmented tools will struggle to defend against these growing threats.
Chronic alert fatigue leads to failed intrusion attempts and high staff turnover. SOC analysts struggle to keep track of thousands of alerts, false alarms, and incompatible reports coming from multiple existing SIEM and SOAR systems across their centers. CISOs report seeing up to 10,000 events per day across their operations center’s vast base of systems. They wonder if it’s the best use of their analysts’ time to find the three or four that pose real threats when AI has already proven its ability to detect anomalous events.
Organizations are facing a shortage of staff for key SOC roles. It’s almost impossible for many entrepreneurs to scale their SOC teams with internal talent alone. While external recruiting is always an option, SOC teams must invest in the continuing education and career development of their team to maintain their business expertise while strengthening their cyber expertise.
A growing tidal wave of data security risks threatens to overwhelm SOC teams. Kurtz echoed the severity of the challenge in a recent interview: “One of the biggest security issues is data, and that’s one of the reasons I started CrowdStrike. That’s why I created the architecture that we have, and it’s incredibly difficult for SOC teams to sort through this massive amount of data and volume to find threats.
Where agentic AI makes an impact
The biggest gain from agentic AI will come from augmenting analysts and SOC teams through the automation of routine tasks while providing them with cutting-edge intelligence tools with which to learn.
VentureBeat finds that agentic AI is impacting the following areas:
Achieve large-scale efficiency gains for the most routine and repetitive tasks. Agentic AI pilot and production systems improve efficiency by automating routine tasks at scale. Vasu Jakkal, corporate vice president at Microsoft, shared with VentureBeat in a recent interview the results of research carried out by his company on the productivity gains of Security Copilot. “The study showed that early career professionals using Security Copilot were 26% faster and 35% more accurate. Seasoned professionals using the tool were 22% faster and 7% more accurate, with 90% expressing a desire to use it again,” Sakkal said.
Real-time threat detection, analytics and intelligence while finding anomalies in massive data sets. Agentic AI applications and the platforms that support them are effective at identifying potential threats and anomalies that humans might miss. And human-in-the-loop design allows agentic AI models to continually learn and refine their ability to identify threats.
Help SOCs accelerate incident response. At the heart of the design of every agentic AI application, system and platform is the ability to identify and isolate key incident response tasks in real-time to remediate threats more quickly. VentureBeat recently spoke with Couple CTO Eldad Livni on his company’s multi-agent system, which he described as “transforming SOC operations by dividing complex workflows into specialized, interconnected tasks managed by dedicated agents.” This approach ensures that every alert is accurately triaged, investigated and resolved, reducing human error and enabling SOC teams to efficiently scale operations.
Continuous learning. Agentic AI empowers detection engineering in SOCs, where systems analyze large threat intelligence datasets at scale. LLMs are trained to help security teams differentiate real threats from false positives, providing real-time contextual insights that save SOC analysts valuable time. VentureBeat has learned that these capabilities lead to measurable improvements in threat response.
Agentic’s AI success relies entirely on human collaboration
“It’s not about replacing human beings; it’s about augmenting humans,” Elia ZaitsevCTO of CrowdStrike, told VentureBeat in a previous interview. “It’s this AI-assisted human, which I think is such a key concept… I think too many people in technology – and I will say this as a CTO, I’m supposed to just focus on technology – the emphasis is sometimes on I’m too far from wanting to replace humans I think this is very misguided, especially in cyberspace.
