The rapid adoption of Generative AI (GenAI) and the emergence of Agentic AI has unlocked new opportunities for security teams to stay ahead of attacks better. In security operations centers worldwide, organizations rapidly adopt AI tools to augment human analysts, improve efficiency, and lay the foundation for a more autonomous SOC. Across the industry, the focus has shifted from whether to adopt AI, from behavioral AI and machine learning to generative AI and now agentic AI, to how best to implement AI for maximum impact.
A recent research study, commissioned by SentinelOne and conducted by Informa TechTarget’s Enterprise Strategy Group, sheds light on how organizations are embracing AI, what they expect from AI-powered security tools, and why AI is viewed as the key to achieving a more automated, resilient security posture. Below are the key findings.
Real-World Impact: Where AI Is Making a Difference - The adoption of GenAI, alone, in security operations is accelerating at a remarkable pace. According to the study, 96% of SOC teams believe AI can improve efficiency, and nearly 70% of organizations plan to increase spending on security tools with AI capabilities.
Organizations are already using AI across multiple security use cases. Early adopters report using GenAI-powered solutions for threat intelligence analysis (50%), workflow automation (43%), and threat hunting and query writing (35%), among other tasks. As a result, SOC teams are becoming more efficient and improving their ability to detect, investigate, and respond to threats in real time.
What does the advent of GenAI mean for security teams? Rather than replace human analysts, AI is helping alleviate workload pressures, enabling teams to shift their focus from manual, repetitive tasks to higher-level strategic work. 92% of respondents credited AI with improving their overall security posture, highlighting its potential to transform SOC teams' operations.
- Performance Over Promises: Why AI Adoption Requires More Than Hype - Despite the excitement, security leaders are not jumping on the bandwagon without scrutiny. The study found that 88% of respondents require AI solutions to seamlessly fit into their existing workflows before considering adoption.
Organizations also emphasize performance, usability, and privacy when evaluating AI-powered tools. Across the industry, companies want AI that not only enhances security but does so in a way that aligns with risk management best practices. The top requirements include: - Speed and responsiveness – Analysts need real-time assistance without delays.
- Context-aware recommendations – AI should generate intelligent, actionable insights based on threat intelligence.
- Human-in-the-loop oversight – While AI can accelerate decision-making, security leaders want solutions that keep human analysts in control.
- Data privacy assurances – Organizations demand AI systems that do not train on their sensitive security data.
The data also reveals that “AI washing,” where vendors overpromise AI capabilities by positioning their solutions as being powered by AI, remains challenging. Over half (55%) of security professionals say AI-washing makes it harder to make informed decisions, reinforcing the need for transparent, reliable AI solutions that deliver real value.
The Path to an Autonomous SOC: AI is the Foundation - A significant takeaway from the study is that organizations see AI as the bridge to a more autonomous SOC, where AI-driven automation enhances, rather than replaces, human expertise. While 90% of respondents agree that AI is critical to achieving a more autonomous SOC, full autonomy is still years away. In the near term, security leaders see AI autonomously taking on more operational, labor-intensive responsibilities while analysts focus on strategy, creative problem-solving, and deeper investigations. The most effective AI solutions empower analysts by providing actionable intelligence, reducing alert fatigue, and enhancing decision-making.
This transformation's core is shifting from reactive security to proactive threat management. By automating detection, investigation, and response processes, AI enables SOC teams to anticipate and mitigate cyber risks before they escalate. AI-driven automation is already reshaping security operations, from generating complex queries to accelerating threat investigation. However, security leaders caution that achieving an autonomous SOC is a multi-year journey, with most organizations still in the early or mid-stage of this transition.
Looking Ahead: The AI-Powered SOC Is Taking Shape - The report clarifies that AI is no longer an emerging concept in security; it is already reshaping how SOC teams operate. Organizations rapidly adopt AI to improve efficiency, streamline investigations, and strengthen security postures. However, they also demand AI solutions that meet high standards for usability and reliability.
GenAI and Agentic AI will play a big role in amplifying human expertise, automating routine tasks, and enhancing cybersecurity resilience as the industry moves toward a more autonomous SOC. The future is not about replacing analysts but empowering them with AI to work better than ever before.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments