Notifications
Clear all
Topic starter
27/06/2026 2:04 pm
TL;DR: A survey of 491 security leaders and analysts finds that 96% do not expect AI to cut SOC headcount, while 80% of analysts and 75% of leaders expect autonomous SOCs within three to five years, according to Abnormal AI and Omdia. The governance issue is not replacement, but whether teams can preserve human oversight as automation shifts from task support to operational decision-making.
NHIMG editorial — based on content published by Abnormal AI: Human-Centered AI: Redefining the Modern SOC
By the numbers:
- 96% of security leaders plan no headcount reductions from AI adoption, using it instead to shift analysts toward threat hunting and mentoring.
- 44% of SOC analysts waste too much time on repetitive tasks, and 35% report burnout, directly degrading security outcomes.
- 80% of analysts and 75% of security leaders expect autonomous SOCs to become the norm within three to five years.
Questions worth separating out
Q: How should security teams use AI in the SOC without losing human control?
A: Use AI to remove repetitive work, enrich alerts, and accelerate triage, but keep humans accountable for escalation, containment, and exception handling.
Q: When does SOC automation create more risk than it reduces?
A: SOC automation becomes risky when the system can act faster than governance can explain its actions.
Q: What should organisations measure to know whether AI is helping the SOC?
A: Track analyst time recovered, reduction in repetitive work, quality of escalations, and how much of the saved capacity is being redirected to threat hunting or incident response.
Practitioner guidance
- Separate automation from authority Document which SOC functions AI may assist with and which actions still require analyst approval, especially for containment, suppression, and escalation decisions.
- Measure whether AI time savings become security capacity Track where saved analyst time goes after AI adoption.
- Set evidence requirements before expanding AI scope Require transparency into model training, validation results, and false-positive behaviour before AI is allowed deeper influence over response prioritisation or automated action.
What's in the full report
Abnormal AI's full report covers the survey detail this post intentionally leaves for the source:
- Survey methodology and respondent mix across 491 security leaders and analysts
- The full set of question-by-question findings on AI adoption, burnout, and trust
- Role-based breakdowns showing how analysts and leaders differ on automation priorities
- The operational detail behind autonomous SOC expectations and evaluation criteria
👉 Read Abnormal AI's full report on human-centred AI in the SOC →
AI in the SOC: what it means for analysts and response teams?
Explore further
27/06/2026 3:40 pm
Human-centred AI is a governance model, not an operating principle for automatic trust. The article’s strongest signal is that security teams want AI to absorb repetitive SOC work while preserving human judgement. That is sensible, but it also means AI is being admitted into workflows that already depend on precise escalation and accountability. The practitioner conclusion is that AI can accelerate SOC operations only if the programme still knows where human review must remain non-negotiable.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to the 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: Who should be accountable for autonomous SOC actions?
A: Accountability should remain with the organisation that authorises the automation, not with the tool itself. If an autonomous action causes harm, the programme must be able to identify the approved scope, the owner of the workflow, and the escalation path that should have intervened. Without that, automation becomes operationally fast but governably weak.
👉 Read our full editorial: Human-centered AI is reshaping the modern SOC
