The Future of Security Isn’t AI vs. Analyst — It’s Both

AI Hype Is Loud. The Real Changes Are Quieter.

Everywhere you turn, a vendor is claiming to deliver the “autonomous AI SOC.” Most of it is marketing noise. “Everyone’s saying they’re a fully automated AI SOC or using AI to replace analysts,” said Francis Odum. “But you have to be able to separate the real capabilities from the buzzwords.”

That starts with the platform. According to Christian Karam, legacy architectures simply weren’t built to support AI at the scale or speed required.  

“The best performance from these solutions comes when they’re operating on ultra-modern platforms,” he explained. “You still need the right underlying data structure — and speed — to support real-time decisions.”

In other words, AI doesn’t work without AI-ready infrastructure. You can’t bolt intelligence onto outdated systems and expect it to deliver.

Where AI Is Actually Delivering Value

While marketing may be outpacing maturity in some areas, the panelists were aligned: AI is already helping SOC teams in meaningful ways, specifically in two areas:

• First, copilot capabilities are accelerating everyday tasks. Analysts are using natural language to query environments, generate reports, and surface insights faster than ever. “That’s one of the clearest productivity wins we’re seeing right now,” Odum said.
• Second, AI is cutting through the noise. By reducing false positives and surfacing high-fidelity alerts, teams can focus on what matters. “SOC teams are using AI to optimize their detection coverage and eliminate the low-signal clutter that’s been draining their time,” said Odum.

But again, results depend on modern architecture. “If you’re still using traditional SOAR, with rigid playbooks and manual configurations, you’re not getting the benefit,” Karam added. “You need cloud-native systems that let AI work with your data, not around it.”

From Search to Strategy: The Rise of Agentic AI

The conversation shifted toward the next evolution: agentic AI. It’s not just about helping analysts ask better questions — it’s about teaching AI to take action.

“In the early stages, AI was good for summarization and research,” said Hugh Njemanze. “Now we’re moving into a phase where we ask: what tasks can this system perform on our behalf?”

He compared it to a travel booking system. “Instead of asking it about flight options, you tell it where you’re going and when. AI builds the full itinerary, figures out the best carriers, the right connections, and even identifies inconsistencies. That’s agentic behavior. That’s where AI becomes operational.”

This is the direction Anomali is investing in: building agents that understand where organizational data lives, how to find it, and how to verify it. “We’ve taken strong measures to reduce hallucinations,” Njemanze explained. “Our goal is to make the agent as reality-aware as a human, but much faster.”

Rethinking the Role of the Analyst

As AI systems grow more capable, one question keeps coming up: what happens to the analyst?

“The real shift is that answers become easy,” Karam said. “What matters now is asking the right question. That’s where human insight becomes even more critical.”

Rather than eliminating jobs, AI is changing them. Traditional SOC tiers, especially Tier 1, may evolve into new types of roles focused on strategic thinking, adversary emulation, and even AI prompt engineering.

‍

“The roles will evolve over time, and we will move away from the nomenclature we have now. The nature of the attacks are always going to change and that will bring in additional challenges to defend.” -- Francis Odum

‍

“If we take ourselves away from the analyst for a minute and think in a completely different field, let's say somebody invented a mechanism that could teleport you anywhere you want it in less than five minutes. Would we be thinking in terms of how many bus driver jobs are going away? Or would we be thinking in terms of how humanity can now go from New York to London for lunch? So that's how I'm looking at it. It's not so much what's going to happen to the analyst job. It's what's the analyst going to be able to do that was not possible before? -- Hugh Njemanze  

The Future of the SOC Is Human + AI

Looking ahead, the panel agreed: defenders are finally entering a new wave of innovation. After years of incremental change, AI is accelerating what’s possible.

“For a while, it felt like the security industry hit an innovation ceiling,” said Karam. “But now, with AI built into modern platforms, we’re seeing real momentum. The next five years are going to be very, very busy — and very exciting.”

See What’s Possible with AI-Powered Defense

AI is reshaping the SOC — not with marketing hype, but with operational impact.

• Schedule a demo to explore how the Anomali Security and IT Operations Platform delivers real results with AI

‍