As of today, AI-SOC capabilities center on autonomous alert triage and basic investigations. When something looks awry — a suspicious login, an EDR alert, etc. — agents call disparate tools to enrich the alert, create a timeline of activities, produce a confidence score, and even suggest steps for remediation. Sounds like an efficient Tier 1 analyst to me.
In the near future, AI-SOCs will delve into Tier 2 analyst tasks with automated remediation. Additionally, agent swarms will have specialized roles for detection, investigations, remediation, and even system tuning. Some vendors also propose agents for threat hunting and continuous posture management.
There’s still a lot of innovation, development, and real-world testing needed, but it’s clear that agents will increasingly perform more of the heavy lifting. So where does that leave humans? Here are a few roles where cybersecurity professional skills will be needed and in high demand.
