How AI is changing Detection Engineering & SOC Operations?

AI is revolutionizing many things, but how does it impact detection engineering and SOC teams? In this episode, we sit down withDylan Williams, a cybersecurity practitioner with nearly a decade of experience in blue team operations and detection engineering. We speak about how AI is reshaping threat detection and response, the future role of detection engineers in an AI-driven world, can AI reduce false positives and speed up investigations, the difference between automation vs. agentic AI in security and practical AI tools you can use right now in detection & response

Questions asked:

(00:00) Introduction

(02:01) A bit about Dylan Williams

(04:05) Keeping with up AI advancements

(06:24) Detection with and without AI

(08:11) Would AI reduce the number of false positives?

(10:28) Does AI help identity what is a signal?

(14:18) The maturity of the current detection landscape

(17:01) Agentic AI vs Automation in Detection Engineering

(19:35) How prompt engineering is evolving with newer models?

(25:52) How AI is imapcting Detection Engineering today?

(36:23) LLM Models become the detector

(42:03) What will be the future of detection?

(47:58) What can detection engineers practically do with AI today?

(52:57) Favourite AI Tool and Final thoughts on Detection Engineering

Resources spoken about during the episode:

exa.ai - The search engine for AI

Building effective agents (Athropic’s blog different architecture and design patterns for agents)-https://www.anthropic.com/research/building-effective-agents -

Introducing Ambient Agents (LangChain’s blog on Ambient Agents) -https://blog.langchain.dev/introducing-ambient-agents/ -

Jared Atkinson’s Blog on Capability Abstraction -https://posts.specterops.io/capability-abstraction-fbeaeeb26384

LangGraph Studio -https://studio.langchain.com/

n8n -https://n8n.io/

Flowise -https://flowiseai.com/

CrewAI -https://www.crewai.com/