AI tools are showing up in analyst workflows whether your organization plans for it or not. A Tier 1 analyst dealing with a hundred alerts a day will find ways to work faster — and if the org hasn’t provided sanctioned tools, they’ll use unsanctioned ones. That’s not a criticism, it’s human nature under pressure. ...
Tier 1 analysts using AI for alert triage is one problem. Security engineers integrating AI into automated pipelines is a different one — and in some ways a harder one. When AI is in the pipeline, the decisions it influences happen at scale, without a human in the loop on every call, and the code you write today becomes the attack surface your team defends tomorrow. ...
AI adoption in SOCs is largely happening bottom-up. Analysts are finding tools that help them work faster. Engineers are integrating models into pipelines. This is happening whether or not there’s an organizational policy governing it — and in most cases, the policy comes after the adoption, not before. ...