SOC, AI/ML

Rise of the machines: How to secure and win the AI revolution

Well-dressed robot tycoons riding in an open-topped limousine on a sunny day enjoy the good life while they drive past impoverished humans.

Artificial intelligence is changing both the offensive side and the defensive side of cybersecurity. Attackers use AI to speed up vulnerability discovery and phishing campaigns, while defenders rely on AI to keep up with attacks that unfold more quickly than human security teams can respond.

In a recent SC Media webcast, CrowdStrike Field CTO Cristian Rodriguez explained to host Mandy Logan that the future of security operations centers (SOCs) isn't about replacing analysts with AI but augmenting them through an agentic SOC — an arrangement in which AI handles repetitive investigative work while humans remain responsible for critical decisions.

AI has changed the pace of cybersecurity

AI has altered the threat landscape by dramatically accelerating attacker operations, Rodriguez said.  SOCs built over the past decade were designed to defend against "human-speed" attacks, not machine-speed campaigns that can find vulnerabilities, craft exploits, and pivot laterally within a few minutes.

"What we've seen with AI is that it's essentially invalidated this idea of using just a human or having a human throw more headcount at the problem," Rodriguez said. "AI in itself has to accelerate this new model of the defender side of the house, where things like agentic SOC start to become a reality."

He also highlighted the growing risks posed by shadow AI, the practice of using AI tools and agents without management approval.  These unauthorized tools create new attack surfaces across endpoints, SaaS applications, cloud environments, and identity systems, making comprehensive visibility essential.

Agentic SOC augments analysts rather than replacing them

CrowdStrike foresees AI agents handling tedious operational tasks such as alert enrichment, triage, evidence gathering, and incident documentation, while human analysts remain in charge of validating conclusions, approving responses, and handling complex investigations.

"You'll have AI augmenting things like triage. You'll have AI automatically enriching components of a detection," Rodriguez said. "We see humans being accelerated by AI within the SOC as this new agentic operating model."

The success of this model, he added, depends on thorough, high-quality telemetry across far-ranging environments and systems. Without accurate contextual data, Rodriguez emphasized, AI can't make trustworthy decisions. Because CrowdStrike's approach centers on collecting high-fidelity data and using AI to correlate events across multiple domains, it lets analysts understand attack paths more quickly and accurately.

Building trust through bounded autonomy

But organizations should not view agentic SOC as a fully autonomous security system, Rodriguez said.  Instead, AI adoption should occur incrementally through what he called "bounded autonomy," in which organizations gradually expand AI's responsibilities as confidence grows.

"It's not overnight that we're going to unplug all our humans and plug in AI," Rodriguez said.  "Let's start to incorporate AI into these workflows that we're familiar with, and we'll get more comfortable with AI doing its thing until there's an evolution of the way that these processes are going to roll out."

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds