AI SOCs Will Still Need SOC Analysts, Security Vendors Say
AI SOCs Will Still Need SOC Analysts, Security Vendors Say
https://www.infosecurity-magazine.com/news/ai-soc-still-need-analysts/
Publish Date: 2026-06-01 07:45:00
Source Domain: www.infosecurity-magazine.com
Offerings of fully autonomous security operations centers (SOCs) are flourishing on the cybersecurity market and trigger anxiety about a future with empty desks.
In reality, however, top security vendors exhibiting at Infosecurity Europe 2026 actually agree on one thing: AI won’t replace the SOC. It will replace the mind-numbing copy-pasting and routine ticket-taking.
Speaking to Infosecurity, Brett Candon, VP of International at Dropzone AI, said AI is shifting the traditional multi-tiered SOC model into a leaner, smarter operation powered by accelerated ‘tier-1.5’ analysts and strategic engineers.
AI SOC: A Glass Box, Not a Black Box
Automation has promised to fix the SOC for over fifteen years, but vendors argue that true autonomy requires absolute transparency.
Candon emphasized that AI must be treated as a supportive “glass box” rather than a mysterious black box. The goal, he noted, is to replace heavy manual investigation work while logging every procedural step so human analysts can easily audit the machine’s rationale.
Patricia Titus, Field CISO at Abnormal AI, agreed that human-in-the-loop validation remains a non-negotiable safety net. Organizations still need sharp minds to verify that the machine is performing accurately.
“You actually need someone who understands that to be able to go back and analyze the data periodically to make sure the tool, the AI tool, is actually catching what you want it to catch,” she said.
Furthermore, an AI is only as good as the security data infrastructure supporting it. Yonni Shelmerdine, chief product officer at Vega Security, pointed out that AI cannot bypass fundamental data architecture gaps. If critical security logs are frozen or filtered out due to high cloud storage costs, human engineering is required to fix the underlying pipeline.
Shelmerdine warned that if the data is gone, “no super-duper AI bot will be able to help.”
Intern Tier-1 and Professional Tier-1.5 SOC Analysts
Rather than…
