How to Build Trust in an AI SOC for Regulated Environments

Nov 18, 2025

Grant Oviatt, Head of Security Operations at Prophet Security and former leader at Mandiant and Red Canary, dives into trust-building in AI-driven SOCs for regulated environments. He discusses the crucial pillars of explainability and traceability, essential for gaining auditor confidence. Transitioning from AI skepticism to advocacy, Grant highlights the impressive speed and accuracy of AI SOCs compared to traditional methods. He shares insights on architecture, the importance of data controls, and real-world success in investigations, demonstrating why AI is a game-changer in security operations.

42:15

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

insights

INSIGHT

Explainability And Traceability Are Core

Trust in an AI SOC rests on two pillars: explainability and traceability.
Explainability answers "is the decision reasonable?" while traceability shows the full data journey to audit decisions.

volunteer_activism

ADVICE

Log Every Query And Data Transformation

Capture every query, response, and data transformation so you can trace inputs to outputs.
Store line-by-line evidence and decision logs to make AI investigations auditable.

volunteer_activism

ADVICE

Minimize Data Movement And Let Customers Control Access

Avoid streaming all logs to the vendor; use point-in-time queries instead.
Let customers control which fields or datasets the AI SOC can access to protect PHI and PII.

Get the Snipd Podcast app to discover more snips from this episode

Explainability and Traceability as Trust Pillars

02:40 • 3min

chevron_right

How AI SOC Changes Traceability Compared to Traditional SOCs

06:00 • 4min

chevron_right

What Converted a Skeptic to an AI Proponent

10:12 • 2min

chevron_right

Regulated Customer Expectations and Data Controls

12:42 • 3min

chevron_right

Single-Tenancy, BYOC, and No Training on Customer Data

16:03 • 2min

chevron_right

Model Portability and Bring-Your-Own-Model Options

17:59 • 1min

chevron_right

Can AI SOC Replace MDRs or Coexist with Them?

19:22 • 2min

chevron_right

Reality of Building an In-House AI SOC

21:40 • 2min

chevron_right

Managing Model Drift, Evaluation, and Operational Oversight

23:20 • 2min

chevron_right

Collector Transparency vs. MCP Limitations

25:01 • 1min

chevron_right

Current AI SOC Capabilities and Future Directions

26:13 • 2min

chevron_right

Do We Still Need Humans in the Loop?

28:31 • 1min

chevron_right

Red Lines: Constraining Remediation Actions

29:40 • 2min

chevron_right

Best Use Cases: Investigation, Detection, and Response

31:30 • 2min

chevron_right

Regulated Limitations and Risk Appetite Considerations

33:05 • 2min

chevron_right

Earning Cultural Trust Through Evaluation and Bake-Offs

35:22 • 3min

chevron_right

Personal Notes: Life Outside Security

37:55 • 3min

chevron_right

How to Connect with Grant and Prophet Security

How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on as a self-proclaimed "AI skeptic". Grant shared that after 15 years of being "scared to death" by high-false-positive AI, modern LLMs have changed the game .

The key to trust lies in two pillars: explainability (is the decision reasonable?) and traceability (can you audit the entire data trail, including all 40-50 queries?) . Grant talks about yje critical architectural components for regulated industries, including single-tenancy , bring-your-own-cloud (BYOC) for data sovereignty , and model portability.

In this episode we will be comparing AI SOC to traditional MDRs and talking about real-world "bake-off" results where an AI SOC had 99.3% agreement with a human team on 12,000 alerts but was 11x faster, with an average investigation time of just four minutes .

Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Grant's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠

(00:00) Introduction(02:00) Who is Grant Oviatt?(02:30) How to Establish Trust in an AI SOC for Regulated Environments(03:45) Explainability vs. Traceability: The Two Pillars of Trust(06:00) The "Hard SOC Life": Pre-AI vs. AI SOC(09:00) From AI Skeptic to AI SOC Founder: What Changed? (10:50) The "Aha!" Moment: Breaking Problems into Bite-Sized Pieces(12:30) What Regulated Bodies Expect from an AI SOC(13:30) Data Management: The Key for Regulated Industries (PII/PHI) (14:40) Why Point-in-Time Queries are Safer than a SIEM (15:10) Bring-Your-Own-Cloud (BYOC) for Financial Services (16:20) Single-Tenant Architecture & No Training on Customer Data (17:40) Bring-Your-Own-Model: The Rise of Model Portability (19:20) AI SOC vs. MDR: Can it Replace Your Provider? (19:50) The 4-Minute Investigation: Speed & Custom Detections (21:20) The Reality of Building Your Own AI SOC (Build vs. Buy)(23:10) Managing Model Drift & Updates(24:30) Why Prophet Avoids MCPs: The Lack of Auditability (26:10) How Far Can AI SOC Go? (Analysis vs. Threat Hunting)(27:40) The Future: From "Human in the Loop" to "Manager in the Loop" (28:20) Do We Still Need a Human in the Loop? (95% Auto-Closed) (29:20) The Red Lines: What AI Shouldn't Automate (Yet) (30:20) The Problem with "Creative" AI Remediation(33:10) What AI SOC is Not Ready For (Risk Appetite)(35:00) Gaining Confidence: The 12,000 Alert Bake-Off (99.3% Agreement) (37:40) Fun Questions: Iron Mans, Texas BBQ & Seafood

Thank you to Prophet Security for sponsoring this episode.

Home Top podcasts Popular guests Top books