Cloud Security Podcast

chevron_right

AI Agents for SOC: Hype Curve vs. Measurable ROI

whatshot 16 snips

Oct 28, 2025

Guest

Edward Wu

In this discussion, Edward Wu, the Founder and CEO of Dropzone AI, explores the transformative potential of AI in security operations centers. He reveals findings from a benchmark report showing AI can accelerate investigations by 45-60% and enhance efficiency. Edward contrasts traditional SOAR playbooks with the adaptability of agentic AI, emphasizing its role in automating Tier 1 tasks and allowing analysts to focus on strategic roles. He warns that AI won't fully replace humans but will revolutionize SOC workflows, particularly benefiting in-house teams and MSSPs.

36:21

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

insights

INSIGHT

Surprising First-Time Impact

AI augmentation made first-time users significantly faster and more complete in investigations than expected.
Dropzone's study with 148 analysts showed larger-than-anticipated productivity gains for novices.

insights

INSIGHT

Playbooks Are Too Robotic

Traditional playbook automation is robotic and under-delivered on SOC needs.
Agentic AI can autonomously investigate alerts end-to-end without pre-written playbooks.

volunteer_activism

ADVICE

Pivot Instead Of Pre-Aggregate

Use LLMs to generate queries dynamically instead of building query templates for every case.
Let agentic systems pivot across disparate sources rather than pre-aggregating into a data lake.

Get the Snipd Podcast app to discover more snips from this episode

Dropzone AI and AI SOC Analyst Overview

02:32 • 1min

chevron_right

Evolution Since ChatGPT: Agentic AI Adoption

03:37 • 58sec

chevron_right

CSA Benchmark Study: First-Time User Impact

04:36 • 1min

chevron_right

Study Scope: Participants and Test Cases

06:01 • 56sec

chevron_right

Why Traditional Playbook Automation Falls Short

06:58 • 3min

chevron_right

Agentic AI vs Playbooks: Pre-trained, No Code Needed

09:33 • 46sec

chevron_right

LLMs Enable Dynamic Query Generation

10:19 • 2min

chevron_right

Agentic Systems Reduce Need for Data Lakes

11:53 • 1min

chevron_right

Measured ROI: Efficiency, Accuracy, and Latency

13:10 • 2min

chevron_right

Scaling Coverage: Reviewing More Alerts at Lower Cost

15:18 • 2min

chevron_right

Even Skill Distribution Across Technologies

16:50 • 2min

chevron_right

Balancing Latency and Depth with AI

18:21 • 2min

chevron_right

Scope: Detection, Investigation, and Response Limits

20:07 • 2min

chevron_right

Building Trust and Managing Expectations

21:45 • 3min

chevron_right

The Future Role of Tier One Analysts

24:25 • 3min

chevron_right

Who Benefits Most from AI SOC Agents

27:54 • 2min

chevron_right

Build vs Buy: Complexity of Productionizing AI Agents

29:37 • 2min

chevron_right

Technical Challenge: Guardrails and Determinism

31:34 • 2min

chevron_right

Training Priorities for SOC Teams

33:26 • 1min

chevron_right

Where to Try Dropzone AI

Is the AI SOC analyst just hype, or is there measurable ROI? We spoke to Edward Wu, founder of Dropzone AI about this and he shared insights from a recent Cloud Security Alliance (CSA) benchmark report that quantified the impact of AI augmentation on SOC teams. The study revealed significant improvements in speed (45-60% faster investigations) and completeness, even for analysts using the tech for the first time.

Edward spoke about the "robotic" limitations of traditional SOAR playbooks with the adaptive capabilities of agentic AI systems, which can autonomously investigate alerts end-to-end without pre-defined scripts . He shared that while AI won't entirely replace human analysts ("That's not going to happen"), it will automate much of the manual Tier 1 toil, freeing up humans for higher-value roles like security architecture, transformation, and detection engineering .

Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠Edward's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠

Questions asked:

(00:00) Introduction(02:40) Who is Edward Wu?(03:30) The Evolution of AI Agents Since ChatGPT(04:35) Surprising Findings from the CSA AI SOC Benchmark Report(06:40) Why Has Traditional Security Automation (SOAR) Underdelivered?(09:30) How AI SOC Analysts Differ from SOAR Playbooks(11:30) Does Agentic AI Reduce the Need for Security Data Lakes?(13:20) The Evolving ROI for SOC in the AI Era(14:50) ROI Use Case 1: Reducing Alert Investigation Latency(15:15) ROI Use Case 2: Increasing Alert Coverage (Mediums & Lows)(16:20) ROI Use Case 3: Depth of Coverage & Skill Uniformity(18:15) Achieving Both Speed and Thoroughness with AI(19:40) How Far Can AI Go? Detection vs. Investigation vs. Response(21:35) AI SOC Hype vs. Reality: Receptiveness and Trust(24:20) The Future Role of Tier 1 SOC Analysts(27:40) What Scale Benefits Most from AI SOC Analysts? (Enterprise & MSPs)(29:00) The Build vs. Buy Dilemma for AI SOC Technology ($20M R&D Reality)(33:10) Training Budgets: What Skills Should Future SOC Teams Learn?

Resources spoken about during the episode:

Beyond the Hype: AI Agents in the SOC Benchmark Study

Request a Demo here

Home Top podcasts Popular guests Top books