Sep 9, 2025

"AI SOC agents" serve as digital security analysts, running around the clock to triage alerts, investigate threats and take action even before human staff have time to check the logs. For managers of security operations centers, the prospect of handling repetitive work to a tireless machine is hard to resist. SOCs face thousands of alerts each day, most of them false positives. Analysts burn out quickly. Attrition is high. What if an automated assistant could filter the alerts, pull in data from the logs, investigate patterns and presents conclusions in plain language? What if it could even remediate low-level threats on its own? For the CISO at Carvana, the fastest-growing used automotive retailer in U.S., implementing Torq's AI SOC Analyst to triage Tier-1 and Tier-2 alerts "seemed to me like a no-brainer." "There's a very strong use case to use AI for your traditional security operations to start. Then, you can grow from there," Carvana CISO Dina Mathers said. In fact, Gartner recently found that 42% of cybersecurity leaders say they are piloting or currently using AI agents for threat detection and response. But beneath the optimism and executive buy-in, many security practitioners see risks. They warn that most autonomous AI solutions are still immature, prone to false answers and lack the guardrails needed to keep them from running amok. Consider the disconnect within security organizations themselves. Seventy-one percent of cybersecurity leaders believe AI has significantly improved productivity across their security teams, according to an Exabeam survey , but only 22% of analysts - those actually working with the tools - agree with productivity claims. Only 10% say they'd trust an agent to operate autonomously. Not Ready for Prime Time? One of the biggest problems is accuracy: AI agents generate wrong answers with total confidence. In practice, that could mean shutting down systems that are functioning normally - or worse - letting a real intrusion slip through with a made-up explanation. "They couldn't be further away from being ready for prime time," said Jeff Pollard, vice president and analyst at Forrester (see: Why AI Agents Need New Rules of Engagement Controlled tests show error rates of more than 60%. The real danger, Pollard said, is "when errors are entered into the picture - in agentic and AI agent architectures - they don't fail, they propagate and then that cascades throughout the entire system, which is something that we're kind of ignoring when we look at the hype of these technologies." That cascading effect makes mistakes far costlier than they would be with human staff. An AI agent's mistake can echo across other connected tools, contaminating every result downstream. "That's a nightmare factory," Pollard said. Unlike with people, it is often impossible to trace exactly where the error entered the system. The telemetry and tooling required to pinpoint mistakes simply aren't available, he said. The ability of these agents to act on their own makes them more dangerous, said Taylor Margot, partner at Lytical Ventures. A poorly scoped instruction might prompt an agent to take steps no one expected. Margot pictures scenarios in which a system might even start making business decisions such as reallocating budgets, cancelling marketing campaigns or changing access rights without approval. "Each one of those is a permissioning problem," she said. Placing too much trust in AI agents exposes a larger problem facing many organizations these days: Enthusiasm in the boardroom isn't reflected on the SOC floor. This cultural mismatch leaves security operations caught in the middle with analysts actually facing heavier burdens using AI tools, Pollard warned. Instead of investigating alerts directly, they must now audit the work of several systems at once, deciding whether to trust conclusions without having seen the evidence. "We're actually increasing the cognitive burden on the person making this decision. We're not really reducing it because we're reducing clicks," he said. "We're making it more difficult because if you make that call wrong, then it's devastating for the organization." Bridging the Trust Gap If hallucinations and the trust gap are visible challenges, governance is the hidden one. Current identity and access controls were built for humans, not automated systems that act across multiple platforms. Without new frameworks, organizations cannot assign or revoke identities, track actions or limit permissions. Forrester team recently proposed the AEGIS framework, which builds on zero trust framework but adds what he calls "least agency." "Least privilege is no longer going to be sufficient. Governance of agents is where the real difference is going to be," he said. But governance gaps are not just about identity. Pollard pointed out that AI agents have an "untapped set of skills and infinite willpower." If blocked from one data source, they don't stop. They search for another. And this instinctive improvisation could create unpredictable risks. "In the traditional world of software, if something like that happened, it would crash, or it just wouldn't work. It would give us an error of some sort," he said. "In this world, that agent is going to explore alternate pathways to get to that data, and it could lead to that agent interacting with data you didn't want it to use." Third-party dependence adds another blind spot. Many organizations rely on external vendors to supply fleets of AI agents, outsourcing trust. "Vendors will be the predominant supplier of your agentic playbook or tooling, and at that point now, you've entered basically an unknown web of third-party risk that is allowing unprecedented levels of access throughout your organization," Margot warned (see: Third-Party Risk Set to Reshape AI Security Pollard calls it a "protocol war," in which AI agents from different vendors operate across cloud, SaaS and OT environments. Attackers are watching closely. Nick Biasini, head of outreach at Cisco Talos, said agentic AI could become the next identity targets. "The attention on identity is not going anywhere; if anything, it's just going to get worse from here," he said. 'Wouldn't It Be Nice?' Despite the risks, adoption of agentic AI in SOC is accelerating as organizations look to pick the low-hanging fruit of repetitive tasks such as processing alert tickets. AI agents have the capacity to summarize months of data, identify critical cases and draft responses for each incident. "Wouldn't it be nice if I could just train the AI model - the agentic model - on that process flow as a skill and then have it just iterate through all of my P1 service tickets?" said Michael Leland, vice president and field CTO at Island. Vendors are pushing even further for AI autonomy. Ofer Smadari, CEO of Torq, said his company's AI security solution for autonomous security operations can run "full investigation from the ground up," resolving issues according to runbooks in plain English. Global banks and Fortune 500 companies are already using Torq's AI solution in production (see: How Torq Is Rewiring SOCs With Autonomous Cyber Agents "We are learning from our customers every day. So, it's like a life cycle - we are learning from our customers, getting into things for the product, and we keep innovating according to the pace of need," Smadari said. Seattle startup Dropzone AI recently raised $37 million in Series B funding to expand its AI "personas" beyond a SOC analyst to areas such as threat hunting, vulnerability management and compliance management. Founder and CEO Edward Wu said the company's AI SOC analyst already mimics the reasoning of expert human analysts to investigate 80% to 90% of alerts, up from roughly 30% with traditional approaches (see: Dropzone AI Gets $37M to Build Out Cyber AI Agent Ecosystem Wu envisions a future in which security teams will operate with a team of AI-powered digital workers specializing in different cybersecurity functions. But with every major cybersecurity platform vendor creating its own AI agents, interoperability and vendor neutrality will be crucial for security operations, he said. "As an AI agent or digital worker, you don't want to go in there and say, 'Hey, I'm an AI SOC analyst, but I only work with CrowdStrike and nothing else,'" Wu said. "That's not going to be very effective at the end of the day." But the timeline for building guardrails for AI agents is much shorter than with past technologies. "We're not going to have a 15-year head start," Forrester's Pollard said. "We're going to have maybe a one-year head start - if that." Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.