The Agentic SOC Is Here: How AI Is Rewriting Cybersecurity Defense

John & Rocky Giglio | Jun 19, 2026 min read

Security Bros - Episode 8 - The Agentic SOC Is Here: How AI Is Rewriting Cybersecurity Defense

Watch now on YouTube

Twelve weeks. That’s how long large enterprises took to patch Log4Shell on average. Twelve weeks after one of the most publicized critical vulnerabilities in recent memory, attackers had a 12-week window to exploit it.

Meanwhile, a large language model can generate a working exploit for a known vulnerability in about 12 seconds.

That gap – 12 weeks versus 12 seconds – is the entire argument for the agentic SOC. Nicolas Popp, a 30-year cybersecurity veteran and current partner at Crosspoint Capital, put it plainly in a recent conversation on Security Bros: “You’ve got to break the asymmetry. You need to oppose AI with AI.”

Catch the episode now

You can subscribe on your favorite app. We are on Spotify, Apple Podcasts, and YouTube. We recommend YouTube as we will have demos and such fairly regularly so will be best to consume there. We will do our best to describe what we are doing or seeing so if you are in the car you can keep your eyes on the road.

Regardless of where you tune in, don’t forget to like and subscribe!

Watch on YouTube

Spotify

This post breaks down what that actually means, what an agentic SOC looks like in practice, where the industry is getting it right, and where the hardest unsolved problems still live from our discussion with Nico Popp.

Why Traditional SOCs Can’t Keep Up

The SOC was already overwhelmed before AI entered the picture. Roughly half of all alerts go uninvestigated in the average security operations center – not because analysts are lazy, but because there aren’t enough of them and the alert volume is impossible to humanly process.

Managed security service providers face the same ceiling. Even at scale, they can’t cost-effectively get eyes on every alert, so they tier, filter, and prioritize. Customers pay for outcomes, not for headcount reviewing alerts that probably don’t matter.

That model is now breaking under a new weight. AI-powered attackers don’t need 150 nation-state hackers in a building. One attacker with the right tools now operates with the speed of automation, the scale of an army, and the sophistication of an elite red team. EDR evasion techniques, lateral movement playbooks, and improbable attack paths are baked into the tooling.

The old economic argument for agentic security was “we don’t have enough talent.” That argument still holds, but it’s no longer the lead. The lead is asymmetry. Defenders are operating at human speed while attackers have gone machine-native.

Speed, Scale, Sophistication: The Three Vectors of AI-Powered Attacks

Popp breaks the threat down into three dimensions, and each one alone would be enough to force a rethink.

Speed: An LLM can generate a working exploit in seconds. The human patching cycle runs in weeks. Even aggressive patching programs are structurally too slow.

Scale: Where nation-state teams once required significant human infrastructure, a single attacker can now spin up 150 AI agents pursuing your network simultaneously. They’ll find non-critical vulnerabilities, chain them into improbable attack paths, and move faster than any human team can respond.

Sophistication: Techniques that used to require deep expertise – EDR evasion, living-off-the-land movement, malware-free attacks – are now available to anyone willing to use the right tools. The capability floor has dropped dramatically.

If attackers are running AI, defenders have to run AI. The question is what that actually looks like operationally.

What an Agentic SOC Actually Looks Like

The agentic SOC cybersecurity model isn’t a single product. It’s an architectural shift in how security operations are structured and executed.

At the foundation, AI agents handle Tier 1 work: alert triage, initial investigation, enrichment, and response for known threat patterns. This is the 50% of alerts nobody was getting to anyway. The trust argument for deploying here is low-friction: agents are handling what humans weren’t doing. If they find one breach in that pile, the value is immediate.

Above that sits an orchestration layer. As vendors like Microsoft, CrowdStrike, and Palo Alto build their own native agents, those agents need coordination. The same alert might surface from a CrowdStrike Falcon agent and a Microsoft Sentinel agent simultaneously. An orchestration layer determines whether they’re corroborating or conflicting, then routes to the appropriate response path.

What separates good orchestration from bad is memory. An agent that only knows current rules is useful. An agent trained on historical traces – what worked, what was a false positive, what the environment looked like during an incident 18 months ago – is a different tool entirely. That operational intelligence is what separates a 10-year SOC analyst from a junior hire, and it’s what agentic systems need to replicate.

The best emerging analogy is a military command structure: a general (master orchestrator), specialized units for different threat types (Tier 1, 2, 3 agents), and a chain of command that knows when to escalate versus when to execute autonomously.

VulnOps: Closing the Patch Gap Before Attackers Exploit It

VulnOps – vulnerability operations – is getting serious attention as a distinct practice. The SANS Institute recently published guidance pushing organizations to build dedicated VulnOps functions with defined roles and responsibilities. The timing isn’t coincidental.

Popp breaks VulnOps into three layers:

Layer 1: Intelligent Agentic Patching

Finding vulnerabilities faster isn’t enough. The goal is prioritizing which ones are genuinely exploitable in your specific environment, identifying attack paths that chain non-critical vulns, and automating the patch workflow where possible. The bottleneck: testing whether patches break production still slows everything down.

Layer 2: Control Reconfiguration

If patching will take time, can you use existing controls to disarm the vulnerability now? Can you reconfigure your EDR, update a WAF policy, or adjust firewall rules to eliminate the exploitable attack surface while the patch cycle runs? Companies like Zest Security are building AI that does exactly this: it identifies the vulnerability, determines exploitability in your environment, then generates the WAF rule or Terraform code to mitigate it immediately.

Layer 3: Detection Rule Creation

During the window between vulnerability disclosure and patch deployment, AI needs to generate detection rules specific to that exploit signature. If the attack is occurring in your environment, you should know about it before the patch lands.

The unresolved edge case in all three layers: third-party and legacy software. Load balancers, VPN appliances, legacy network gear – these often can’t be patched, can’t be reconfigured easily, and sit in exposed positions. Tools like Reversing Labs can analyze vendor binaries to detect when a supplier is unknowingly shipping a vulnerable open-source library. That’s early warning, but the response options are still limited.

The Governance Problem Nobody Has Fully Solved

The hardest open problem in agentic security isn’t building the agents. It’s controlling them.

Popp calls this Identity Action Management (IAM 2.0). Traditional identity covers authentication and authorization: can this agent access this system? The new question is whether the agent is taking the right action right now, with the right intent, in the right sequence.

An agent authorized to isolate a compromised endpoint should probably do that once. Should it do it 200 times in an hour without human review? Probably not. Writing policy at that level of granularity, across every possible action an agent might take, is genuinely hard.

The current thinking involves what Gartner calls “guardian agents” – purpose-built agents that evaluate intent and reasoning, not just API calls. When an agent wants to take a machine offline, it doesn’t just make the API call. It surfaces its reasoning chain to a governance layer, explains the evidence, and gets clearance before acting. High-confidence, well-established playbook responses can automate that clearance. Novel or high-stakes situations escalate to humans.

Token cost adds another layer. Practitioners building this report that the number one use case for agentic security governance isn’t even a security problem – it’s cost. Organizations are discovering that unchecked AI agent sprawl burns through LLM token budgets the way unmanaged cloud workloads burned through cloud budgets a decade ago.

The organizations building this right think about it as a three-part governance stack: cost governance (what is this running and how much?), action governance (is this agent doing what it should?), and audit trail (can I reconstruct what happened and why?).

How Managed Security Providers Need to Adapt

The MSSP model is under pressure from both directions. Enterprises expect managed SOC providers to keep pace with AI-speed threats, but they’re also cutting headcount spend and expecting more efficiency.

The adaptation path isn’t optional: build agents into the service, or fall behind. The providers who win will package their expertise as software – capturing institutional SOC knowledge into agent training data, building reinforcement learning loops that make agents smarter over time, and selling subscriptions to that capability rather than hours of analyst time.

The trap is treating this as a cost-cutting move. The better frame is capability expansion. Agents handle the volume work. Humans handle the judgment calls, the novel situations, and the client relationships that still require a real person at 2am when something has gone very wrong.

What to Expect Over the Next 12 Months

The shift to agentic security is happening now. Palo Alto’s announcements around autonomous SOC capabilities, CrowdStrike’s Falcon-native agents, and Google Cloud’s agentic SecOps investment all point the same direction. Tuskeera and a range of startups are building specific point solutions into this space.

For legacy vendors, the advice from practitioners is direct: don’t rush to own the agentic layer. If you have proprietary data, context, or security expertise, you can monetize that as a skill or data source that the orchestration layer consumes. You don’t need to build the whole stack to compete.

For enterprises: the organizations asking how to govern agents before they’ve fully deployed them are ahead. Most are still catching up.

The asymmetry between AI-powered attackers and human-speed defenders defines the next five years of security. The solution isn’t mysterious: build agentic systems that match AI with AI, govern them properly, and train them on operational history that makes them smarter over time.

The organizations that get there first won’t just be more secure. They’ll be running a fundamentally different security operation than the ones still counting alert queues and analyst headcount.

FAQ: Agentic SOC and AI-Powered Security Operations

What is an agentic SOC?

An agentic SOC is a security operations center where AI agents handle threat triage, investigation, and initial response autonomously. Human analysts focus on high-stakes decisions and novel situations, while agents handle the volume work that was previously going unreviewed.

Why is agentic security becoming urgent now?

AI tools have made it possible for a single attacker to operate with the speed, scale, and sophistication previously available only to nation-state threat actors. Traditional human-speed SOC operations can’t keep pace with machine-speed attacks.

What is VulnOps?

VulnOps is a practice framework for managing the full vulnerability response lifecycle using AI. It covers intelligent prioritization and patching, real-time control reconfiguration to neutralize threats before patches deploy, and automated detection rule creation for active exposure windows.

What is Identity Action Management (IAM) in the context of AI agents?

Traditional identity management covers authentication and authorization. IAM in agentic security extends this to governing what an agent actually does in real time: whether the action is appropriate, whether the intent is correct, and whether the sequence of actions falls within defined parameters.

How should MSSPs adapt to the agentic security era?

MSSPs that capture institutional SOC expertise as agent training data, build reinforcement learning loops, and offer agent-powered services as subscriptions will outcompete those relying on human headcount alone. The packaging shifts from hours of analyst time to AI-powered capability as a service.