Security operations centers (SOCs) are under siege by a new wave of enemy automated attacks. These attacks are moving at an unprecedented speed and are difficult to identify, decipher and protect against.

With the enemies that have reached breakout times of just two minutes and seven secondsit’s not a question of if a SOC will be attacked, it’s when. and 77% of businesses have been victims of attacks by hostile AI.

For a SOC to protect itself and the company’s infrastructure, speed is of the essence.

Enter the AI ​​agent

Agentic AI helps SOCs automate decision-making, adapt to evolving threats, and streamline workflows, including alert triage and incident response. It has proven to be effective in improving efficiency and strengthening security by identifying risks while reducing the manual effort required to track them.

Leading cybersecurity providers offering agent AI solutions for SOCs include Arcanna.ai, Cato Networks, Cisco Security Cloud, CrowdStrike (Falcon platform with Charlotte AI), Dropzone AI, Google Cloud Security AI Workbench, Microsoft Security Copilot , Nagomi Security, Palo Alto Networks and Zscaler.

“The speed of today’s cyberattacks requires security teams to rapidly analyze large amounts of data to detect, investigate and respond faster. Adversaries are setting records, with breakout times of more than two minutes, leaving no room for delay,” said George Kurtz, president, CEO and co-founder of CrowdStriketold VentureBeat during a recent interview.

Planning for SOC teams and agent AI to reinforce each other

For any agent AI or broader SOC AI implementation to be successful, human-in-the-middle workflows are essential. Gartner’s recent report, “Prediction 2025: No more Autonomous SOC,” reinforces VentureBeat’s observation of how SOCs are piloting and adopting agent AI and broader AI apps and platforms. “Security leaders and senior operations staff need to know where human-led SOC functions continue and how to transition SOC analysts into roles that require more decision-making of the person,” advises Gartner.

The report predicts that by 2026, AI will increase SOC efficiency by 40% compared to the efficiency of 2024, starting a shift in SOC expertise towards AI development, maintenance and protection.

To effectively integrate agent AI, SOCs need a clear framework that balances technology with human expertise. Gartner’s expanded SOC model below describes how to align roles, capabilities and objectives to improve efficiency and adaptability.

SOC challenges are a perfect use case for agent AI

SOCs need agent AI to match the speed and insight of attackers if they are to stand a chance of preventing an intrusion or breach attempt.

Many SOCs are understaffed. Many also find it challenging to understand data from legacy security information and event management (SIEM) systems that lack visualization techniques or the ability to use graph databases to map threats.

The need to go beyond thinking in lists, and think more in graphs as attackers do when they plan a breach, is one of the many reasons driving a strong graph database arms race across the industry.

Struggling to keep up with the flood of alerts, false positives and ongoing maintenance, SOC teams face these challenges every day:

Legacy systems leave SOCs exposed to growing AI threats. SOCs remain burdened by outdated SIEM systems, legacy endpoint detection and response (EDR), firewalls, and intrusion detection systems (IDS/IPS) that are not equipped to address the speed and complexity of threats being driven. in AI. Shlomo Kramer, CEO of Cato Networkstold VentureBeat during a recent interview“The biggest threat to organizations is their complex security infrastructure. Point products create gaps in their security posture, leaving them prime targets for threat actors. Kramer added, “Over the next five years, I see cyber threats evolving in three dimensions: tactically, with AI-versus-AI wars; operationally, by the complexity of infrastructure; and strategically, shaped by geopolitical conflicts. Organizations that rely on broken legacy tools will struggle to defend against growing threats.

Constant alert fatigue leads to ineffective penetration attempts and high staff turnover. SOC analysts struggle to keep track of thousands of alerts, false alarms and inconsistent reports from multiple legacy SIEM and SOAR systems in their centers. CISOs report seeing up to 10,000 events per day reaching their operations center’s broad base of systems. They question whether it is the best use of their analysts’ time to find three or four actual threats when AI has already proven itself capable of detecting anomalous events. .

Organizations are facing staff shortages for key SOC roles. It is nearly impossible for many entrepreneurs to scale their SOC teams with internal talent alone. While hiring from the outside is always an option, SOC teams must invest in ongoing training and career development of their team to maintain business expertise while strengthening cyber expertise.

The growing tidal wave of data security risk threatens to overwhelm SOC teams. Kurtz echoed the gravity of the challenge in a recent interview, “One of the main security problems is the data problem, and it’s one of the reasons why I started CrowdStrike. That’s why I created the architecture we have, and it’s very difficult for SOC teams to sort through these huge data and volumes to find threats.

That’s where agent AI has an impact

The most significant payoff from agent AI will come from supplementing SOC analysts and teams with automation of routine tasks while giving them more intelligence tools to learn from.

VentureBeat sees agent AI impacting the following areas:

Achieve efficiency gains at scale for the most routine, repetitive tasks. Agent AI pilot and production systems deliver improved efficiency by automating routine tasks at scale. Vasu Jakkal, corporate vice president of Microsoft, shared with VentureBeat in a recent interview the results of research completed by his company on Security Copilot productivity gains. “The study showed that early career professionals using Security Copilot were 26% faster and 35% more accurate. Seasoned professionals using the tool were 22% faster and 7% more accurate. precisely, with 90% expressing a desire to use it again,” said Sakkal.

Threat detection, analytics and real-time intelligence, while also detecting anomalies in large amounts of data. Agent AI apps and the platforms that support them are effective at identifying potential threats and anomalies that people might miss. And human-in-the-loop design helps keep AI agent models constantly learning and improving their ability to detect threats.

Help SOCs facilitate incident response. At the core of the design of every agent AI app, system and platform is the ability to identify and isolate critical incident response tasks in real time to resolve threats faster. VentureBeat recently spoke Torque CTO Eldad Livni about his company’s multi-agent system, which he describes as “transforming SOC operations by breaking down complex workflows into specialized, connected tasks managed by dedicated agents.This approach ensures that each alert is tested, investigated and resolved with accuracy, reducing human error and enabling SOC teams to scale operations efficiently.

Continuous Learning. Agentic AI strengthens detection engineering in SOCs, where systems analyze large amounts of threat intelligence data at scale. LLMs are trained to help security teams differentiate real threats from false positives, delivering real-time, contextual insights that save SOC analysts valuable time. VentureBeat has learned that these capabilities are driving measurable improvements in threat response.

The success of Agentic’s AI is completely dependent on human collaboration

“It’s not about replacing people; it’s about adding people,” Elia ZaitsevCTO of CrowdStrike, told VentureBeat in a early interview. “This person assisted by AI, which I think is an important concept…I think a lot of people in technology – and I say this as a CTO, I need everything about technology – the focus sometimes goes too far very much to want to replace people. I think that is very wrong, especially in cyber.