Risky Business Soap Box: AI has entered the SOC, and it ain't going anywhere
5 snips
Jun 16, 2025 Ed Wu, founder of Dropzone AI and a former leader at ExtraHop Networks, discusses the revolutionary impact of AI in Security Operations Centers (SOCs). The conversation dives into the debate on AI's capabilities and limitations in threat detection. Wu highlights how multi-model AI systems enhance efficiency by automating various tasks and the significant transition from skepticism to acceptance among professionals. He also emphasizes the importance of coachability in AI, showcasing how adaptable models perform better in dynamic cybersecurity environments.
AI Snips
Chapters
Transcript
Episode notes
AI Agents in SOCs Today
- AI agents are already integrated into SOCs, enhancing log processing and alert triage.
- Their adoption mirrors AI coding tools' acceptance, evolving from skepticism to widespread use.
AI as Tier One Analyst
- AI agents function as tier one SOC analysts to filter alerts efficiently.
- Their main value is reducing false positives, simplifying threat detection for human analysts.
Balancing AI Trust and Errors
- Prioritize minimizing false negatives to ensure true threats are not dismissed.
- Accept some hallucination but control it through system design and processes.