AI in Security Operations Moves From Concept to Measurable Results
Sophos reported that its managed detection and response business now resolves authorized security cases in 89 seconds using AI, with the system handling 52% of cases end-to-end without human intervention. The company maintains analyst oversight through defined boundaries and monitoring.
This marks a shift in how managed security service providers approach staffing constraints. Rather than hiring more analysts or deploying additional tools, providers are routing routine triage and response work to AI while keeping human experts focused on cases requiring judgment, threat hunting, and customer advisory work.
The Attack Surface Expands
The security problem itself is growing. Organizations now operate across SaaS applications, browser-based tools, remote access systems, and personal devices-each a potential entry point for attackers using stolen credentials or mimicking normal activity.
NordLayer's research found that 82% of IT professionals reported web-based security incidents in the past year, with half describing the impact as moderate or severe.
The Real Challenge: Governance and Trust
Providers face three overlapping problems. First, they must determine how to deploy AI safely in operations. Second, they need to explain its value clearly to customers. Third, they must monitor identity, browser activity, SaaS risk, and AI-driven threats without overwhelming analysts with manual work.
Success depends on governance. Providers must clearly define what AI is authorized to do, when human analysts step in, and how response decisions are documented.
Recent Market Moves
Google Cloud Combines Tools for Faster Vulnerability Response
Google Cloud introduced Google AI Threat Defense, integrating Gemini, Wiz, CodeMender, and Mandiant to predict attack paths, validate risk, and generate fixes. The platform monitors cloud, code, identity, and runtime environments across four stages: environment preparation, scanning and prioritization, remediation acceleration, and live threat monitoring.
SilverSky Adopts Torq's AI SOC Platform
The managed security provider selected Torq following a proof-of-concept evaluation. SilverSky said the platform's AI-driven investigation and response orchestration, combined with human oversight capabilities, strengthen its managed extended detection and response services while maintaining accountability in the investigation process.
AttackIQ and Acumen Cyber Test Defenses Against Real Attack Paths
The partnership brings continuous threat exposure management into security operations by validating controls against actual adversary techniques. Organizations move beyond static vulnerability lists to map viable attack paths, test controls against frameworks like MITRE ATT&CK, and prioritize remediation based on operational impact.
Ping Identity Adds Controls for AI Agents
Ping Identity expanded its platform with capabilities for securing identity in environments where AI agents configure access and operate on behalf of users. New features include AI-first interfaces, agent-ready skills for identity governance, and privileged access controls for desktop agents and coding assistants. The design prevents agents from accessing long-lived credentials directly.
EDAMAME Introduces Runtime Verification for AI Agents
The Paris-based company released runtime verification and deterministic guardrails that detect when agent behavior diverges from stated intent. The system compares declared purpose against observed activity in processes, files, networks, credentials, and posture across developer workstations, CI/CD runners, and cloud environments, flagging patterns like credential harvesting and token exfiltration.
For management overseeing security operations, understanding AI Agents & Automation and how they integrate into SOC workflows is becoming essential. Teams responsible for security operations may benefit from exploring an AI Learning Path for Cybersecurity Analysts to understand how these systems function and where human judgment remains critical.
Your membership also unlocks:
