EP242 The AI SOC: Is This The Automation We've Been Waiting For?

Guest:

• Augusto Barros, Principal Product Manager, Prophet Security, ex-Gartner analyst

Topics:

• What is your definition of “AI SOC”?
• What will AI change in a SOC? What will the post-AI SOC look like? 
• What are the primary mechanisms by which AI SOC tools reduce attacker dwell time, and what challenges do they face in maintaining signal fidelity?
• Why would this wave of SOC automation (namely, AI SOC)  work now, if it did not fully succeed before (SOAR)?
• How do we measure progress towards AI SOC? What gets better at what time? How would we know? What SOC metrics will show improvement?
• What common misconceptions or challenges have organizations encountered during the initial stages of AI SOC adoption, and how can they be overcome?
• Do you have a timeline for SOC AI adoption? Sure, everybody wants AI alerts triage? What’s next? What's after that?

Resources:

• “State of AI in Security Operations 2025” report
• LinkedIn SOAR vs AI SOC argument post 
• Are AI SOC Solutions the Real Deal or Just Hype?
• EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI
• EP238 Google Lessons for Using AI Agents for Securing Our Enterprise
• EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025
• RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check
• “Noise: A flaw in human judgement” book
• “Security Chaos Engineering” book (and Kelly episode)
• A Brief Guide for Dealing with ‘Humanless SOC’ Idiots