Dive Brief:
- Enterprises receive 4,330 security alerts on average per day and only manage to detect and investigate 37% of those alerts, a report from Crogl found. The agentic AI company commissioned the Ponemon Institute to conduct an independent survey of 649 IT and IT security practitioners across North America on the state of security operations in 2026.
- AI adoption in security workflows is growing among enterprises, but confidence in the technology’s ability to reduce threats is low, the report found. While 62% of organizations have adopted some form of AI, only 44% said the technology alone is effective in the security operations center, which is usually composed of a team of IT security professionals monitoring an enterprise’s IT infrastructure for real-time incidents.
- “Security teams are under relentless operational pressure,” Crogl CEO Monzy Merza said in a press release. “They are managing thousands of alerts every day while defending against increasingly complex attacks. AI is emerging as a critical force multiplier inside the SOC, but the research makes clear that automation alone is not enough.”
Dive Insight:
AI’s potential in security operations is rooted in the technology’s detection and automation capabilities, but deployment efforts face integration and oversight challenges.
Organizations using AI to manage alerts identified speed as the technology’s biggest plus, with 67% of survey respondents noting that it helps resolve security alerts faster. More than half of organizations with a dedicated SOC use AI within security operations to automate documentation, simplify cases and improve collaboration, the report found.
Still, 52% of respondents believe human analysts remain the most effective last line of defense in an AI-enabled SOC, compared with 44% who believe the same of AI on its own, according to the report.
AI agents stand to significantly transform SOCs, particularly for automating complex tasks, but agents are limited in their ability to replicate human knowledge, according to experts who presented at the Gartner Security & Risk Management Summit last year. Humans will continue to play a pivotal role as AI agent actions will require monitoring.
However, additional barriers exist to deploying AI within an SOC. Half of survey respondents cited challenges integrating AI into existing workflows and another 49% said data is too dispersed and difficult to standardize.
Oversight marks another challenge, with only 36% of organizations indicating a strong ability to detect whether AI tools could be introducing data leakage, a rising governance risk among enterprises.
“Organizations that combine agentic speed with strong human oversight, disciplined workflows, and clear data governance are positioned to see the greatest impact,” Merza said.
