Just saw a post on LinkedIn claiming a CISO at a big tech company completely replaced their entire Tier 1 SOC team with AI. Supposedly, AI handles all the triage now, hands the cases over to IR, and the engineers just hit "authorize."
Honestly, as someone working in the trenches, seeing stuff like that makes me worry about job security. Is AI actually going to automate us all away?
I started looking into some of these AI SOC startups- there are too many to keep up with. From what I can tell, they aren't complete solutions they claim they can reduce MTTR and lower risk, but most of them seem like just an LLM wrapper glued onto a legacy SOAR workflow.
Don't get me wrong, if AI can automate away the soul-crushing, manual parts of the job, i'll take it. I don't want to do that anyway. But it feels like these tools only work for the easy stuff: clean detections and low-hanging fruit.
What happens when things get complicated? AI can't replace human judgment. If it only sees an isolated alert from a SIEM, it has no real environment context. It’s just guessing- faster guessing isn't a strategy, and I would rather human analysts with experience do the guessing.
And what about talent ? Tier 1 is where we all cut our teeth and built pattern recognition. If we delete the entry-level entirely, where do the experienced incident responders come from in 10 years? Are we just blindly trusting that an AI is going to handle first-touch analysis perfectly forever?
So I have to ask: Is anyone actually running a SOC with zero Tier 1 analysts? Have you actually found an AI tool that works for your teams?