The rise of the AI-SOC
In 2026, we’re shifting past AI copilots towards autonomous brokers performing conventional security operations heart (SOC) actions akin to triaging alerts, investigating malicious exercise, isolating hosts, and patching software program on our behalf. The pattern is predicted to reshape operations within the SOC even when the early realities haven’t but totally aligned with agentic expectations.
Nonetheless, there’s plenty of innovation occurring from established distributors (e.g., Cisco/Splunk, CrowdStrike, Google, Microsoft, and so forth.) and startups (e.g., Andesite, Crogl, Prophet Safety, and so forth.) alike. Whereas AI-SOCs have potential, security professionals stay leery about AI hallucinations and “black field” instruments, and brokers will succeed or fail based mostly on a basis of correct and well timed knowledge entry — risk intelligence, log recordsdata, instruments integration, and so forth.
For RSA attendees, I like to recommend cautious optimism. A technique or one other the AI-SOC is coming — and prior to you assume. However CISOs ought to come ready with necessities, a lot of questions, and a willingness to forged a large internet somewhat than merely defaulting to present instruments distributors.
