How SOC Teams Use Agentic AI & Co-Pilot AI to Reduce Risk
- By Ian Forrest, VP Product
- 12 minutes to read
-
Table of Contents
Many Security Operations Centers (SOCs) are at a breaking point. According to Trend Micro, “70% of SOC teams are emotionally overwhelmed by the volume of security alerts.” Former Gartner Analyst Anton Chuvakin explains the problem extends beyond volume to poor information quality and user experience:
“You also have alert fatigue when your alerts are not false, but a high ratio of them are particularly fatigue-inducing and hard to triage (it’s not the volume, but the poor information quality of the alert that kills; it’s also bad UX).”
As alert queues grow and threats evolve faster than playbooks can adapt, organizations are turning to advanced AI solutions: agentic AI systems, AI-powered co-pilots, and automated investigation tools that enable a shift from reactive to proactive SOC operations.
In this article, we’ll explore how these technologies are reshaping security operations in 2025, supported by real-world examples and independent research from S&P Global Market Intelligence.
The Modern AI-Driven SOC: Beyond Alert Management
Today’s AI SOC represents a fundamental evolution in security operations. Unlike traditional SOCs that focus primarily on alert management, AI-driven security operations centers leverage artificial intelligence at every stage of the security lifecycle.
Key Components of an AI SOC
-
Intelligent Alert Triage: Automated prioritization beyond simple severity ratings
-
Context-Aware Analysis: Systems that understand the relationship between alerts
-
Autonomous Investigation Capabilities: AI that can pursue investigative paths without human initiation
-
Decision Support Systems: Recommendations based on historical outcomes and current threat intelligence
Continuous Learning Framework: Improvement through both supervised and unsupervised methods
This transformation addresses what S&P Global’s report identifies as a critical industry challenge: “roughly 50% of security alerts go unaddressed in a typical day,” even though this figure has declined slightly year-over-year.
Comparing Security Operations Approaches
|
Feature |
Traditional SOC |
AI-Enhanced SOC |
Agentic AI SOC |
|---|---|---|---|
|
Threat Detection |
Rules-based, manual |
ML-assisted pattern recognition |
Autonomous detection with reasoning |
|
Response Time |
Hours to days |
Minutes to hours |
Near real-time |
|
False Positives |
High (20-30%) |
Moderate (10-15%) |
Low (3-5%) |
|
Threat Hunting |
Manual, periodic |
Guided, semi-automated |
Continuous, autonomous |
|
Analyst Augmentation |
Basic case management |
Co-pilot assistance |
Agentic collaboration |
|
Investigation Depth |
Limited by human capacity |
Enhanced with AI tools |
Comprehensive with autonomous research |
Agentic AI: The New Force Multiplier in Security Operations
Agentic AI represents the next evolution in security automation—systems that don’t just follow predefined playbooks but can reason about security events and take autonomous actions based on context and objectives.
Jose Veitia, Security Leader and an early Pathfinder AI customer, has witnessed this transformation firsthand. His team is using agentic AI to shift from reactive alert handling to proactive threat mitigation. His experience is just one example of a broader trend in security operations, one that’s increasingly supported by independent research.
How Agentic Systems Transform Security Workflows
Veitia describes how automation through agentic AI has helped ensure deeper, more consistent investigations:
“We do this work consistently and we try to do it thoroughly, but we are human, right? With this being automated with AI, the level of thoroughness is a lot more in some cases and it’s more consistent.”
This aligns with S&P Global’s description of agentic AI capabilities:
“Agentic capability may be deployed as focused functionality, equipped to perform specific tasks… [and] take action based on its own assessment of appropriate steps.”
Unlike rule-based automation, agentic systems can:
-
Adapt to novel threats without predefined playbooks
-
Pursue multiple investigative paths simultaneously
-
Make reasoned decisions about which actions to take
-
Present findings with supporting evidence and confidence levels
Dynamic Guidance Beyond Static Playbooks
Playbooks are foundational, but they don’t always keep up with changing threat behavior. Veitia highlighted the value of having contextual response recommendations generated by AI:
“We may not have a step for something that’s pretty new. So having a reminder that, hey, here’s what you should do—that’s amazing.”
In this way, automation becomes more than just a queue manager—it becomes a partner in investigation, especially when static logic falls short.
AI Co-Pilots for Analysts: Augmentation, Not Replacement
While agentic AI operates with some autonomy, co-pilot AI represents a different, complementary approach to security operations—working alongside human analysts to enhance their capabilities rather than replace them.
The Co-Pilot Advantage
Security co-pilots serve as intelligent assistants that:
-
Automate repetitive aspects of investigations
-
Surface relevant context and intelligence during analysis
-
Suggest next actions based on best practices
-
Generate investigation summaries and documentation
-
Learn from analyst decisions to improve future recommendations
There’s understandable skepticism about AI replacing human roles in security. But both Veitia and industry research suggest a more realistic path forward: human-in-the-loop augmentation.
“One of the biggest misconceptions with AI is that it’s going to replace a human. And right now, that is not the case. A human has to stay in the loop. This is supposed to be augmenting, not replacing.”
Gartner’s recent report, “Predict 2025: There Will Never Be an Autonomous SOC,” echoes this view, advising:
“Security leaders and senior operational staff need to identify where human-led SOC functions persist and how to transition SOC analysts to roles that require more human-in-the-loop decision-making.”
As capabilities grow, so too does the need for oversight. Emerging models even envision supervisory agents managing workflows—but still under the guidance of humans.
From Reactive to Proactive: The Evolution of Modern SOC Teams
The ultimate goal of AI integration is enabling the transition from a reactive to a proactive SOC—one that hunts for threats before they impact the organization rather than just responding to alerts.
Characteristics of a Proactive SOC
-
Threat Hunting: Regular, systematic searching for indicators of compromise
-
Environmental Awareness: Continuous assessment of the attack surface
-
Intelligence-Driven Security: Using threat intelligence to anticipate attacks
-
Continuous Improvement: Systematic reduction of security debt and noise
This shift is already happening in organizations like Veitia’s, where AI identifies patterns and proposes tuning strategies to reduce future noise:
“We are now the proactive SOC team that’s securing things and reducing the risk of the organization.”
This kind of continuous improvement loop mirrors what the S&P report frames as a move toward “hyperautomation”—an approach combining intelligent agentic workflows with downstream automation for sustained operational impact.
AI-Powered Investigations: Depth, Speed, and Consistency
When security events do occur, AI investigation capabilities dramatically change how teams respond. Modern security platforms now offer:
Enhanced Investigation Capabilities:
-
Multi-source Correlation: Automatically connecting data points across disparate systems
-
Timeline Reconstruction: Building comprehensive attack timelines with minimal human input
-
Entity Resolution: Identifying when different alerts relate to the same attack chain
-
Evidence Collection: Automated gathering and preservation of forensic artifacts
-
Knowledge Transfer: Capturing investigation steps to train junior analysts
Maintaining Investigation Quality at Scale
SOC teams often know what “thorough” looks like—they just don’t have the time to deliver it consistently. The result of AI-powered investigations is quality at scale—addressing a critical challenge for security teams facing staffing constraints and growing attack surfaces.
This tracks closely with S&P Global’s findings, which emphasize that “the need for continued investment in the effectiveness of threat detection and response remains high.”
The Future of Security Operations: Integration and Evolution
AI in security isn’t a vision for the distant future—it’s already reshaping how teams operate. That said, adoption isn’t just about tooling. It’s about trust, oversight, and ensuring that humans remain a critical part of the decision-making process.
As we’ve seen, the transformation of security operations isn’t about a single technology but the integration of multiple AI approaches:
-
AI-driven SOCs provide the organizational framework
-
Agentic AI enables autonomous reasoning and action
-
Co-pilot AI augments human analysts’ capabilities
-
Proactive SOC methodologies shift focus from response to prevention
-
AI investigations ensure consistent, thorough threat analysis
As Veitia summarizes the impact:
“It’s going to allow folks to level up faster because they have more time to strategize and really start game planning against the threats we’re seeing out there.”
As S&P Global notes, “This ability incrementally opens the door to the potential of what some think of as ‘autonomous’ security operations in greater degrees as the technology is seen as increasingly reliable.” But for now, the path forward is about collaboration—between people and technology, not one competing to replace the other.
Source:
S&P Global Market Intelligence, AI for Security: Agentic AI Will Be a Focus for Security Operations in 2025
Quotes from Jose Veitia sourced via Pathfinder AI Webinar
