The Truth About Agentic AI in the SOC: Reality vs. Hype

Aug 7, 2025

Edward Wu, the innovative founder and CEO of Dropzone AI, shares insights on the practical integration of AI in Security Operations Centers (SOCs). He discusses how AI acts as a supportive tool for analysts rather than a replacement, debunking myths of full automation. The conversation covers AI's role in swiftly investigating alerts, the importance of transparency, and the challenges of AI hallucinations. Wu also predicts an evolution in SOC roles as AI takes on repetitive tasks, encouraging a balanced approach to technology in cybersecurity.

52:39

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

insights

INSIGHT

AI Agents Support, Not Replace

AI agents in SOC act as foot soldiers supporting human analysts, not replacing them.
Fully autonomous SOCs are not yet feasible due to complexity and need for human oversight.

insights

INSIGHT

Complexity of AI Alert Investigation

Alert investigation by AI requires over 100 distinct large language model calls per alert.
Managing this complexity and integrating organizational context is a major challenge for DIY SOC AI.

insights

INSIGHT

AI Improves SOC Efficiency and Coverage

AI agents drastically reduce Mean Time To Resolution (MTTR) by investigating alerts in parallel.
This increase in efficiency and coverage allows SOC teams to handle more alerts effectively.

Get the Snipd Podcast app to discover more snips from this episode

Integrating AI in Security Operations

04:04 • 25min

chevron_right

Navigating AI in Cybersecurity Alerts

28:43 • 15min

chevron_right

Navigating AI Model Training and Data Privacy

43:19 • 3min

chevron_right

The Future of SOC Roles in an AI-Driven Landscape

46:04 • 3min

chevron_right

Personal Insights Beyond Agentic AI

48:50 • 2min

chevron_right

Navigating Transparency in Agentic AI and Resources for Learning

50:40 • 2min

chevron_right

What does the integration of AI into a Security Operations Center (SOC) practically look like? This episode explores the concept of the "Agentic SOC," moving beyond marketing terms to discuss its real-world applications and limitations.

Ashish Rajan is joined by Edward Wu, CEO of Dropzone AI, for an in-depth discussion on the current state of artificial intelligence in cybersecurity. Edward, who holds numerous patents in the field, shares his perspective on how AI is changing security operations. The conversation details how AI agents can function as a tool to support human analysts rather than replace them, and why the idea of a fully autonomous SOC is not yet a reality.

The "Agentic SOC" model: A framework where AI agents assist human security engineers.
AI's role in alert investigation: How AI can autonomously investigate alerts by making over a hundred large language model invocations for a single alert.
Practical limitations of AI: A discussion on challenges like AI hallucinations and the need for organizational context.
Building vs. buying AI tools: An overview of the complexities involved in creating in-house AI agents for security.
The impact on SOC metrics: How AI can influence Mean Time To Resolution (MTTR) by investigating alerts in parallel within minutes.
The future for security professionals: How the role of a Level 1 SOC analyst is expected to evolve as AI handles more repetitive tasks.

Guest Socials -⁠⁠ ⁠⁠⁠Edward's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity Podcast

Questions asked:

(00:00) Introduction: Why Agentic AI in the SOC Matters Now(03:03) Meet Edward Wu: 30 Patents and a Mission to Fix Alert Fatigue(04:03) What is an "Agentic SOC"? (AI Foot Soldiers & Human Generals)(06:27) Why SOAR & Playbooks Are Not Enough for Modern Threats(08:18) Reality vs. Hype: Can AI Create a Fully Autonomous SOC?(11:55) The New SOC Workflow: How AI Changes Daily Operations(14:10) Can You Build Your Own AI Agent? The Hidden Complexities(19:06) From Skepticism to Demand: The Evolution of AI in Security(22:00) Slashing MTTR: How AI Transforms Key SOC Metrics(28:42) Are AI-Powered Cyber Attacks Really on the Rise?(31:01) How Smart SOC Teams Use ChatGPT & Co-Pilots Today(32:38) The 4 Maturity Levels of Adopting AI in Your SOC(37:04) How to Build Trust in Your AI's Security Decisions(41:28) Beyond the SOC: Which Cybersecurity Jobs Will AI Disrupt Next?(46:44) What is the Future for Level 1 SOC Analysts?(49:11) Getting to Know Edward: Sim Racing & StarCraft Champion

Resources spoken about during the episode:

Take a self-guided demo of Dropzone.ai

Request a Demo

Download a Copy of the Gartner Hype Cycle for Security Operations 2025

Thank you to our episode sponsor Dropzone.ai

Home Top podcasts Popular guests Top books