
The Truth About Agentic AI in the SOC: Reality vs. Hype
Cloud Security Podcast
The Future of SOC Roles in an AI-Driven Landscape
This chapter explores the significance of transparency in AI systems utilized in security operations centers. The speakers emphasize the need for users to question AI vendors about their capabilities and predict the future transformation of level one SOC roles due to AI integration.
What does the integration of AI into a Security Operations Center (SOC) practically look like? This episode explores the concept of the "Agentic SOC," moving beyond marketing terms to discuss its real-world applications and limitations.
Ashish Rajan is joined by Edward Wu, CEO of Dropzone AI, for an in-depth discussion on the current state of artificial intelligence in cybersecurity. Edward, who holds numerous patents in the field, shares his perspective on how AI is changing security operations. The conversation details how AI agents can function as a tool to support human analysts rather than replace them, and why the idea of a fully autonomous SOC is not yet a reality.
- The "Agentic SOC" model: A framework where AI agents assist human security engineers.
- AI's role in alert investigation: How AI can autonomously investigate alerts by making over a hundred large language model invocations for a single alert.
- Practical limitations of AI: A discussion on challenges like AI hallucinations and the need for organizational context.
- Building vs. buying AI tools: An overview of the complexities involved in creating in-house AI agents for security.
- The impact on SOC metrics: How AI can influence Mean Time To Resolution (MTTR) by investigating alerts in parallel within minutes.
- The future for security professionals: How the role of a Level 1 SOC analyst is expected to evolve as AI handles more repetitive tasks.
Guest Socials - Edward's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast
Questions asked:
(00:00) Introduction: Why Agentic AI in the SOC Matters Now(03:03) Meet Edward Wu: 30 Patents and a Mission to Fix Alert Fatigue(04:03) What is an "Agentic SOC"? (AI Foot Soldiers & Human Generals)(06:27) Why SOAR & Playbooks Are Not Enough for Modern Threats(08:18) Reality vs. Hype: Can AI Create a Fully Autonomous SOC?(11:55) The New SOC Workflow: How AI Changes Daily Operations(14:10) Can You Build Your Own AI Agent? The Hidden Complexities(19:06) From Skepticism to Demand: The Evolution of AI in Security(22:00) Slashing MTTR: How AI Transforms Key SOC Metrics(28:42) Are AI-Powered Cyber Attacks Really on the Rise?(31:01) How Smart SOC Teams Use ChatGPT & Co-Pilots Today(32:38) The 4 Maturity Levels of Adopting AI in Your SOC(37:04) How to Build Trust in Your AI's Security Decisions(41:28) Beyond the SOC: Which Cybersecurity Jobs Will AI Disrupt Next?(46:44) What is the Future for Level 1 SOC Analysts?(49:11) Getting to Know Edward: Sim Racing & StarCraft Champion
Resources spoken about during the episode:
Take a self-guided demo of Dropzone.ai
Download a Copy of the Gartner Hype Cycle for Security Operations 2025
Thank you to our episode sponsor Dropzone.ai