Normal view

How attackers are gaining access to LLM inference

3 June 2026 at 17:59

This article is based on joint research with Eran Segal, researcher at Kodem Security.

The most capable commercial AI models are now useful enough to attackers that they have become an integral part of their kill chain, in multiple steps. The Cybench benchmark tests models on offensive cyber tasks. Its current top performers (Claude Opus 4.6, Claude Sonnet 4.5, Grok 4) can write functional exploit code, reason through credential chains, and sustain complex reconnaissance workflows: multi-step offensive work that previously required human expertise. Malware families are already using this. Instead of generating a payload offline and shipping it, they wire a live LLM API into the malware itself so it can adapt its behavior at runtime on the infected host.

Commercial providers run abuse detection and terminate accounts linked to malicious activity. A payment method creates a paper trail that investigators can follow. So attackers solve the access problem the same way they solve any resource problem: they steal it, find it free, or find it unguarded.

This post covers five routes threat actors use to reach LLM inference without paying for it: buying offensive models on underground forums, using front-end models using 3rd party LLM service that allows paying in bitcoin, using free-tier or keyless public APIs, hunting for leaked API keys in developer artifacts, and exploiting self-hosted LLM servers left open on the internet.

Method 1: Offensive LLMs and Anonymous Payment

Cyber-oriented LLMs sold on underground forums are the most visible route. WormGPT, GhostGPT, KawaiiGPT, and Xanthorox are the most cited examples, covered in depth by Unit 42. These are returned open-weight models or jailbroken wrappers over commercial APIs, marketed specifically as having no content filter. They solve the moderation problem but not the cost problem: access is sold on a subscription basis, and the capability ceiling sits well below that of frontier commercial models. So they are useful for generating phishing content or simple malware stubs, but less so for the kind of autonomous multi-step offensive work that the frontier models in the Cybench ranking are capable of.

Method 2: Using Frontier Models Through a Third-Party Service

If a threat actor would like to use the frontier models to achieve top performance, they can still use these models using 3rd party services such as PayWithMoon and AIMLAPI. 

 These services sit between the attacker and a commercial LLM provider, accepting cryptocurrency without identity verification and then funding a legitimate provider account on the attacker’s behalf. The account itself reaches frontier models, but the funding trail stops at the middleman. The account will still get burned once abuse detection triggers, but replacing it is cheap. The upstream provider has no usable identity to pursue. This is how attackers buy frontier-model access while skipping the paper trail a normal commercial account would leave behind.

Method 3: Free-Tier and Keyless Public Inference APIs

A cheaper alternative to underground subscriptions exists in plain sight. Most major inference providers publish permanent free tiers that require nothing more than a disposable email address, and a handful of services accept requests with no credentials at all. An attacker who registers for a pool of free-tier accounts gets as meny tokens as he wishes without paying a dime.

The scale of the free-tier ecosystem is easy to measure because the community has cataloged it. Public curated lists such as cheahjs/free-llm-api-resources and mnfst/awesome-free-llm-apis explicitly filter for providers that offer a permanent (not trial-credit) free tier with no credit card. Representative entries, with numbers pulled from each provider’s own rate-limit documentation:

  • Groq: 30 requests/minute (RPM) on all free-tier models, with requests/day (RPD) caps ranging from 1,000 (for the 70B llama) to 14,400 (for the 8B llama).
  • Cerebras: 30 RPM, 14,400 RPD, and roughly 1M tokens/day on three of the four free-tier models (gpt-oss-120b, llama3.1-8b, qwen-3-235b).
  • Cohere: 20 RPM on the Chat API and a hard cap of 1,000 total API calls/month on a trial key.
  • Mistral La Plateforme: 1B tokens/month on the Experiment plan. No credit card is required, but a verified phone number is required, which is the highest sign-up friction in this group.
  • HuggingFace: Free accounts are rate-limited on both the Hub API and the Inference API per 5-minute window. Anonymous per-IP access exists but is stricter than the free-account path.
  • OpenRouter: 50 free model RPD with no deposit at all, and 1,000 RPD after a one-time $10 top-up that is never spent against model usage.
  • SambaNova: 20 RPM and 20 RPD, with a 200,000 tokens/day cap. The tightest daily request ceiling in this group by a wide margin.

These providers differ in rate limits, models, and throughput. What they share is that a usable credential requires nothing more than a disposable email address (a phone number in Mistral’s case) and no payment method. Credentials can simply be rotated when limits are reached.

The fully keyless end of the spectrum is thinner, but it exists. Pollinations.ai exposes an OpenAI-compatible endpoint that accepts requests with no authentication for basic use. DuckDuckGo’s Duck.ai anonymizes browser-based access to Claude 3.5 Haiku, Llama 4 Scout, Mistral Small 3, GPT-5 mini, and GPT-4o mini with no account at all. These services are not designed for bulk programmatic use, but they are reachable from any HTTP client, and the only cost is rate-limit friction.

Among the malware families in the intro table, LameHug/PROMPTSTEAL is the cleanest example of this route in the wild: it calls HuggingFace’s Inference API for Qwen 2.5-Coder-32B-Instruct to drive reconnaissance and data theft, with no embedded credentials reported by Splunk. Whether the malware carries a token or registers one at runtime is not established, but either way, the enabling property is HuggingFace’s no-credit-card free tier.

Method 4: Exposed API Keys

The fourth route to free model access doesn’t require finding an exposed server at all. Developers routinely hardcode credentials directly into apps, config files, and scripts. These credentials can be found in GitHub in open-source projects, while closed-source projects contain the credentials in the app itself. These artifacts are submitted to VirusTotal when apps are submitted for malware analysis. It can be an APK, ELF, EXE, or any type of artifact shipped with the product.

To find them systematically, we wrote a YARA rule targeting the key formats of the major AI providers: Google Gemini (AIzaSy…), OpenAI (sk-…), Anthropic (sk-ant-…), HuggingFace (hf_…), Replicate, Mistral, Cohere, Groq, and several others. We ran the rule as a retrohunting query across the VirusTotal corpus, collected the matching sample hashes, then pulled the raw files and ran a regex extraction pass to extract every key-value pair, provider, and surrounding code context. From there, we enriched each sample with VirusTotal metadata to understand detection rates and file types. The final step was validation: a lightweight GET request against each provider’s model-list or whoami endpoint. No prompts sent, just a check of whether the key authenticates.

The corpus yielded 647 unique keys across all providers. Roughly 62% were Google Gemini (AIzaSy…) keys. That concentration traces back to the Android developer ecosystem, where apps built for translation, search, or chatbot features commonly bundle the key directly in compiled resources or Java code. HuggingFace keys made up about 11%, Replicate about 8%, OpenAI sk- keys about 7%, and the remaining share was split across Voyage (5%), Mistral (3%), and Cohere (3%), with trace amounts of Anthropic, Groq, and OpenAI environment-style keys. The Mistral and Cohere keys concentrated heavily in a single file: a cracked “Collins Italian Dictionary MOD” Android APK that bundled 20 Mistral keys and 15 Cohere keys alongside 2 Gemini keys, with the small remainder scattered across two versions of a Ubisoft game APK.

About 65% of the 659 unique samples are confirmed Android by VirusTotal’s type classification. Another 18% are ZIP archives that follow the same submission pattern but were not explicitly tagged as Android. The true APK share sits between 65% and 84%. The remainder consisted of Windows PE files (5%), HTML pages, Python scripts, plain-text credential dumps, and a handful of Mach-O and ELF binaries. That Android skew isn’t surprising. APKs are frequently submitted to VirusTotal for modding and repackaging, and their keys remain intact after decompilation.

We submitted research samples to Intezer Analyze for code-based attribution, and three entries stand out. Four samples whose filenames suggested Akira ransomware are three Mimikatz binaries (1, 2, 3) and one malicious binary without family attribution, all credential-dumping tools that happened to carry API keys. The sample with a HuggingFace key is SolarMarker, an SEO-poisoning backdoor with infostealer capability. A Windows binary named SystemSettings.exe contained OpenAI, Replicate, and Voyage keys; the multi-key combination is more consistent with theft from a developer’s machine than with intentional hardcoding.

When we ran the validation, almost all the keys were dead. The revocation rate was approximately 99.5%, consistent with a corpus skewed toward older samples that had been on VirusTotal long enough to be detected, rotated, or simply expired. The small fraction that remained live consisted entirely of Google Gemini keys from Android APKs. All appeared to be genuine developer mistakes rather than exfiltrated credentials: a key embedded in a const in bundled JavaScript, one in a logging module in a compiled Android class, and one in a utility app’s APK resources. Those three keys have been reported to Google.

The method also illustrates why embedding API keys in client software is a particularly bad idea. Extracting a key from an APK requires a decompiler, and APKs have a reliable path to VirusTotal: users submit them for malware checks, repackaged versions circulate through third-party stores, and cracked builds get flagged automatically. The near-total revocation rate strongly suggests that LLM providers scan VirusTotal for their own key formats and automatically revoke matches. The three keys that were still live were all recent submissions, not yet caught by that sweep. If that pipeline exists, embedding a key in client-side code is not just a security mistake, but a futile one, and the key will likely be dead before it can be abused at scale.

The takeaway for an attacker is that hunting VirusTotal for hardcoded keys is low-effort but low-yield. The more durable access method is the exposed LLM server. A server running vLLM (a popular open-source LLM inference framework) or an open Ollama instance requires no authentication, doesn’t rotate anything while in use, and the owner usually doesn’t know it’s happening.

Method 5: Hack Public LLM Hosting Servers

Self-hosted LLM platforms make it easy to run your own models on your infrastructure, and that same ease extends to anyone who can access the port. Most ships have no authentication by default and expose administrative endpoints that let a stranger list installed models, queue inference jobs, load new models from remote URLs, or, in several cases, execute code on the host. When the server is exposed to the public internet, the attacker does not need a stolen key or a forum subscription. The victim is paying the GPU bill, carrying the API-key spend, or hosting the RCE.

We scanned roughly 4,500 hosts across eleven of them. Every service had open instances, and 14 LocalAI hosts showed active compromise based on attacker-loaded model names consistent with a single automated campaign. The sections below cover what each platform is, how exposure gets abused, and what the scan found in the wild.

Ollama

Ollama runs open-weight LLMs locally. By default, it binds to 127.0.0.1, and the authentication is disabled. But setting OLLAMA_HOST=0.0.0.0 is a common step when accessing it from another machine on the network or from a frontend app running in a separate container. It exposes all interfaces, and anyone reaching it’s port gets full API, model management, and hardware access. SentinelOne Labs and Censys already published the definitive survey, documenting 175,000+ hosts chained into anonymous AI networks for free text, embedding, and bulk content generation on victim hardware. That pattern is now commercialized by Operation Bizarre Bazaar, which sells subscription access to a unified LLM gateway fronted by stolen Ollama endpoints, turning ad-hoc LLMjacking into a growing concern.

LocalAI

LocalAI is an OpenAI API-compatible model server supporting LLMs, image generation, speech, and transcription. Authentication is disabled by default. It also supports remote model installation, P2P distributed serving, and a built-in agent platform with support for MCP. Of all the services in this research, it has the widest attack surface.

Of all the hosts scanned, 55% were confirmed open, the highest absolute count in this group. About 24% are API proxies with live upstream keys for OpenAI, Anthropic, and Google accessible to anyone who can reach the host.

The most striking finding is evidence of automated exploitation at scale. About 21% of confirmed hosts carry model names with a consistent signature tied to ProjectDiscovery’s nuclei scanner templates, with per-run timestamps mapping to late March and early April 2026. The pattern is consistent with automated scanning for an unauthenticated remote code execution path, in which a malicious URL supplied during model installation triggers server-side code execution. The exploit payload appears to load a small publicly available Italian-language model as a “hello world” confirmation, which recurs on every affected host. The markers not being cleaned up argue against mature attacker tradecraft. Operators running LocalAI can open /v1/models on their own host: any nuclei-rce-* or rce_<timestamp> identifier is not human-chosen and indicates this campaign hit them.

Langflow

Langflow is a visual builder for multi-agent AI pipelines, widely used to prototype RAG systems and chatbots. Flows routinely embed hardcoded credentials: OpenAI and Anthropic API keys, database connection strings, Slack tokens, and webhook secrets. Anyone who can reach the host and read a flow config has all of them. Unlike the previous examples, this app does not have a known major misconfiguration, but it does not prevent attackers from being able to hack and gain access to this service. For example, two unauthenticated RCE bugs make reaching the config trivial:

  • CVE-2025-3248:on the CISA KEV list, reliably patched only in 1.6.4+ 
  • CVE-2026-33017: fixed in 1.9.0, exploited in the wild within 20 hours of disclosure. 

Every confirmed host in our scan ran a version vulnerable to CVE-2026-33017; about 72% were also vulnerable to CVE-2025-3248. Several hosts didn’t authenticate at all, with flows, credentials, and both RCE paths openly accessible. Code execution on the Langflow host is the small prize. The keys inside the flows pivot to everything the workflows connect to.

n8n

n8n is a low-code workflow automation platform with 400+ service connectors and code execution nodes (workflow steps that run arbitrary scripts). It has the strongest default auth posture of any service in this research: User Management is enforced on fresh installs. 

But it does not prevent attackers from actively gaining access to n8n. Vulnerabilities such as CVE-2026-21858 (“Ni8mare”, CVSS 10.0, fixed in 1.121.0), which is a vulnerability in the web hooks request handling that turns exposed endpoints into a full unauthenticated RCE surface via content-type confusion, with a public PoC already out. Prior research estimates the exposed n8n population at tens of thousands of hosts.

The post-exploitation story mirrors Langflow. Workflows carry hardcoded API keys, database connection strings, and webhook secrets. RCE on the n8n host effectively gives access to every system the automations touch.

vLLM

vLLM is a high-throughput LLM serving engine with GPU acceleration, commonly used to self-host open-weight models in production. It exposes an OpenAI-compatible REST API. Authentication requires an explicit –api-key flag; without it, the API is open.

The interesting finding from our scan was not vLLM itself but the adjacent deployments surfaced by the same query: OpenAI-compatible HTTP proxies, specifically LiteLLM-style gateways that aggregate multiple paid providers behind a single endpoint. These proxies store live API keys for OpenAI, Anthropic, Google, Groq, and Cohere. None had protection on the model list endpoint. One host exposed 35 models across multiple providers; several listed exclusively Anthropic Claude models. A proxy returns a model list only when the upstream provider authenticates, so every successful response confirms the underlying keys are live and billable.

The abuse path is trivial: point any standard OpenAI SDK client at the proxy, enumerate the models, and, on hosts where prompt submission is also unprotected, send requests billed to the operator’s accounts. It is the same credential-pivot pattern as Langflow and n8n. 

ComfyUI

ComfyUI is a node-based workflow UI for Stable Diffusion, video generation, and multimodal image models. It runs on high-end GPU hardware with no authentication by default, making it a direct target for attackers looking to steal GPU compute.

Our scan found open instances across a wide range of versions (v0.2.2 to 0.19.0), all of which were fully unauthenticated. The hardware exposure is the headline finding. Open hosts reported a combined ~4.3 TB of GPU VRAM, with cards ranging from RTX 4090s and RTX 5090s to datacenter-grade A100S and L40S units, each worth tens of thousands of dollars. An attacker can queue generation jobs against any of them at no cost.

Beyond compute theft, 95% of open hosts expose a job history endpoint that leaks previously executed workflows, local file paths, and prior user content. About 12% advertise URL-loading nodes that act as server-side request forgery primitives: usable for internal network reconnaissance or cloud metadata credential theft.

llama.cpp server

llama-server is the HTTP server shipped with llama.cpp, commonly used to serve a single open-weight model in production. It has no authentication by default, no access controls on the inference endpoint, and a metadata endpoint that advertises exactly what the host is running. Anyone who reaches the port can submit prompts, watch active jobs, and burn the operator’s GPU on their own workload. Classic LLMjacking, with the bonus of knowing exactly which model they are running.

Of scanned hosts, 59% were confirmed open, more than any other platform in the scan. Everyone exposed its model name and hardware configuration, and about 37% also leaked real-time job state, confirming the host was actively serving users at the time of the scan. The models observed were standard open-weight builds rather than anything exotic, which is the point. An attacker is not looking for a rare model, just an unattended GPU.

Jan

Jan is an Electron desktop AI app with an optional OpenAI-compatible API server on port 1337. When enabled, it binds to all interfaces with no authentication. Jan is a useful example of how exposure surfaces unexpected content rather than how common it is. Our scan confirmed only two genuine Jan hosts. Both had gone offline by the rescan a week later. While one was live, it exposed a 35-model library that included miqu-70b; a leaked Mistral Medium prototype that was never officially released. When a desktop app binds its API server to the public internet, whatever model (or file path metadata) sits on the operator’s disk becomes visible.

Gradio

Gradio is a Python framework for building ML demo apps: image classifiers, code interpreters, document Q&A, or anything a researcher can wrap in a web UI. Exposure risk depends entirely on what the underlying app does. A sentiment-analysis demo is low-stakes. An app that accepts file uploads, runs user code, or queries a database is a direct path to exploitation. The Gradio queue keeps processing submitted requests whether the operator is watching or not, so abuse can run quietly for days.

Three unauthenticated bugs make unpatched instances worse:

  • CVE-2024-1561: arbitrary file read, fixed in 4.13.0
  • CVE-2024-0964: path traversal, fixed in 4.9.0
  • CVE-2024-47084: CORS validation bypass, fixed in 4.44.0; a malicious website can reach a locally running Gradio server while the victim is still logged in

Ranking the Five Routes

Each route carries operational trade-offs. The table below scores each on five dimensions, ranging from 0 (least favorable) to 5 (best for attacking): non-resistance (refusal behavior in response to offensive prompts), model capability (coding ability and parameter count), tool and MCP support, and effective token quota.

 

Route Non-resistant model Model capability Tool / MCP support Token quota Cost 
Offensive LLMs (WormGPT, GhostGPT, crypto middlemen) 5 3 5 2 2
Crypto payment for frontier 2 5 5 5 3
Free-tier and keyless public APIs 2 4 4 3 5
Stolen or leaked API keys 1 4 5 1 5
Exposed LLM servers 5 3 3 5 5

 

Offensive LLMs score highest on non-resistance. But the underground-forum variants sit well below frontier models in capability and tool support, and subscriptions cap the quota. The crypto-middleman variant reaches frontier models via real provider accounts, but those accounts burn quickly once abuse is detected.

Crypto payment for frontier models is for sure the best way to gain access for the most capable models with the ability to connect the model to any interface, such as MCPs, but it comes with some risks that the model might resist the action or the user will be blocked.

Free-tier and keyless public APIs score well in capability and tool support, with full-function calling across most providers. The per-account quota is modest, tens of RPM, thousands of RPD, but trivial account rotation pushes the effective quota well above the face value.

Stolen or leaked API keys, in principle, offer the best combination of capability and tool support; the retrohunt’s 0.5% live rate shows the real-world quota is near zero.

Exposed LLM servers score highest on non-resistance and token quota. Non-resistance is unconstrained: the attacker controls model selection, and our scan found at least one LM Studio host actively serving llama3.3-8b-instruct-thinking-heretic-uncensored-claude-4.5-opus-high-reasoning-i1. Token quota is equally unconstrained, bounded only by the victim’s hardware rather than a billing cap. Capability and tool support vary by host, but that variance is what makes the route durable at scale. No individual host needs to run a frontier model.

The scoring explains why exposed servers are the most durable route, even though they don’t top every dimension. They are the only route where non-resistance and token quota both max out. The other three are each compromised on at least one of those two axes.

Cases Found in the Wild

Threat actors are now wiring malware to live LLM APIs, using them to generate malicious logic at runtime rather than embedding static code in the payload. Instead of scripting separate execution flows for different host conditions, the malware queries an LLM while running, determines whether the target appears to be a personal machine, a server, or an industrial controller, and then generates tailored commands or code accordingly. This shift matters because dynamically generated logic has no fixed signature to detect. Researchers have identified five malware families doing this.

Malware name Capabilities AI Provider Runtime model source
MalTerminal Reverse shell or ransomware generation OpenAI GPT-4 (deprecated chat completions endpoint) Hardcoded API key
LameHug/PROMPTSTEAL Reconnaissance and infostealer Qwen 2.5-Coder-32B-Instruct via HuggingFace Public HuggingFace Inference API (no embedded key observed)
Ransomware 3.0/PROMPTLOCK Ransomware with exfiltration and wipe capability gpt-oss-20b Local Ollama API on the infected host
PROMPTFLUX Dropper with AI-driven polymorphism Google Gemini (gemini-1.5-flash-latest) Hardcoded API key
QUIETVAULT GitHub/NPM token stealer that uses AI to find additional secrets Whatever AI CLI is installed on the victim (provider not named) AI CLI tools already on the infected host

 

MalTerminal and PROMPTFLUX both use a hardcoded API key to connect to a commercial provider when needed. MalTerminal uses OpenAI GPT-4 via the now-retired chat-completions endpoint to create reverse shells or ransomware. PROMPTFLUX connects to Google gemini-1.5-flash-latest to rewrite its own VBScript source code between runs, making it harder to detect. 

LameHug, also known as PROMPTSTEAL, uses HuggingFace’s Inference API to run Qwen 2.5-Coder-32B-Instruct for Windows commands to support reconnaissance and data theft. HuggingFace requires an API token for each request, but free accounts don’t need a payment method and allow a few hundred requests per hour per API token. Attackers can easily create and rotate these API tokens, giving them the same access as stolen keys but with less hassle. 

PROMPTLOCK is a proof-of-concept AI-powered ransomware prototype, often called “Ransomware 3.0,” developed by researchers at NYU’s Tandon School of Engineering. The Go binary invokes gpt-oss-20b via a local Ollama API running on the infected host to generate Lua scripts that perform file listing, encryption, exfiltration, and (unfinished) wipe logic. This is a bring-your-own-model: no outbound calls, no provider-side billing trail, and no way to scale beyond the victim’s own hardware. 

QUIETVAULT is a credential-theft variant. The JavaScript stealer exfiltrates GitHub and NPM tokens to an attacker-controlled GitHub repo and then hands off the filesystem search for additional secrets to whatever AI CLI is already installed on the victim, so the stolen credentials are an active on-host AI session rather than a bare API key.

Looking at the four main routes discussed in this post, LameHug/PROMPTSTEAL is the best example of the free-tier method, since it calls HuggingFace’s Inference API directly. MalTerminal and PROMPTFLUX both use hardcoded API keys, but it’s unclear where those keys came from, so they could fit into the free-tier, crypto-middleman, or stolen-keys categories. QUIETVAULT is a twist on the stolen-credential method, using an on-host AI session instead of just a key. PROMPTLOCK is different because it uses a local model and only works on one victim at a time, so it doesn’t fit into the four main routes and isn’t discussed further.

Source

Conclusion

Across four routes: offensive LLMs for sale, free-tier and keyless public APIs, hardcoded keys in distributed artifacts, and exposed LLM servers on victim infrastructure, the most durable access is the last one. The precondition for abuse is almost never a sophisticated exploit. It is an unauthenticated port facing the internet.

AI is the defining technology of this moment. It extends what a single person or small team can do and accelerates work that used to take weeks. AI is being integrated into more and more areas, from personal agents and email writing to some vulnerability research. The wow factor is real. But an LLM server is still a service running on a host. It listens on a port, speaks a protocol, and has an attack surface. The failure modes in this report; misconfiguration, leaked credentials, unpatched CVEs, open ports, are the same ones that produced years of incidents on Docker, Kubernetes, cloud storage, Redis, Elasticsearch, and bare Linux servers. The tooling is new. The mistakes are not.

Two things follow. The operator is still responsible for the basics: authenticate the service, keep it off the public internet unless there is a reason to expose it, patch the known CVEs, and audit what is running. These are not AI-specific requirements. They are the same ones we have been making for every networked service. An exposed Ollama instance serving a stranger’s prompts is not a failure of the model or the vendor that shipped it. It is a failure of whoever put it on the internet without a password. You broke it. You pay for it.

IOCs

SHA-256 Payload
ecd3b1a0e4832f1dc72be84c3c838ae4e29637c1cff4bfa70649cda90fa7a8ce Mimikatz binaries (carrying AI API keys)
153d7cdca3cb96023a2ee8e3de49b29ced60ffc865da04c3c6ef2b445b056d8f
0c1a409dd791ee8f7e157c455d9c35671bd81d17b562c7acd73f9f26401533ba
a9dc00aeae6c245d76d873e675b555f044ecf94a5ece031a1e6ca30223beb905 Malicious binary without family attribution (carrying AI API keys)
99308a3f00490e8138974faafa3ea5ae089459b2500e097ccc0ed042b6a0c2af SolarMarker (HuggingFace key)
796e81c1b31f443ab3437663af97fe41b25bbf8ab7abcd0637238a568b66aa9d SystemSettings.exe (OpenAI, Replicate, Voyage keys)

 

The post How attackers are gaining access to LLM inference appeared first on Intezer.

A Gartner take on the MDR market in 2026

29 May 2026 at 16:47

Gartner’s research note, The Impact of AI on MDR Services, arrives at a moment when the security operations landscape is shifting faster than most organizations realize. The report’s central argument is clear. AI is fundamentally reshaping what MDR services can deliver, but the benefits are accruing unevenly. Service providers gain operational efficiency. Buyers, meanwhile, are being told not to expect lower costs, and to brace for a more complex relationship with their providers.

For CISOs navigating this transition, the question is no longer whether AI will change the SOC. It is whether the current service model is the right vehicle for that change.

What Gartner is really saying

Gartner’s analysis centers on three impacts. First, AI-enabled MDR services will expand capabilities and claim higher quality, but organizations will face real discrepancies in delivered value across providers. Second, the cost savings that leadership expects from AI in the SOC will largely go unrealized, since MDR providers will absorb efficiency gains rather than pass them through as lower prices. Third, and perhaps most significant, more organizations will consider insourcing MDR functions altogether as AI tools mature.

That third point deserves attention. Gartner explicitly notes that advances in AI SOC agents and existing security tools are “increasing the security team’s internal competition for traditional MDR services.” In other words, the technology that once justified outsourcing detection and response is now making it feasible to bring those functions back in-house.

The report also strikes a cautious tone about trust. It warns that SOC managers become frustrated when their only option is to “talk to an AI chatbot instead of a live person or security engineer.” And it urges buyers to demand transparency with verified outputs, human validation of AI findings, and measurable improvements in speed and accuracy. These are not minor caveats. They point to a structural tension at the heart of the AI-augmented MDR model.

The tension Gartner identifies, and where it leads

Gartner’s recommendations to buyers are telling. They advise organizations to challenge MDR providers to demonstrate tangible value, to refuse machine-driven deliverables that lack context, and to refactor service metrics so they measure actual outcomes rather than volume of AI-processed alerts. The message, read between the lines, is that AI in the hands of an MDR provider benefits the provider first.

This is a reasonable observation, but it raises a deeper question. If the primary advantage of AI accrues to the service provider’s operational efficiency, and the buyer still needs to invest in internal staff, updated processes, and careful oversight of the provider’s output, then what exactly is the buyer paying for?

Gartner stops short of answering that question directly. It recommends that organizations “do the research” to determine whether an AI tool or an MDR service better matches their needs. It even suggests that for certain use cases, like after-hours coverage with no remediation requirement, an AI tool may be sufficient on its own.

The case for a different operating model

At Intezer, we believe the answer to Gartner’s implicit question is becoming clearer by the quarter. The MDR model was built for a world where skilled analysts were scarce and automation was rudimentary. In that world, outsourcing triage and investigation to a provider with deeper expertise and broader staffing made sense. But AI has changed the economics and the capabilities.

What organizations actually need is not a service that wraps AI around a human-labor model. Organizations need AI that executes investigation at a depth and scale that was never possible with human analysts alone, while keeping the security team in control of outcomes. That means every alert is investigated at forensic depth. It means transparent, evidence-based verdicts that analysts can verify and trust. And it means the security team supervises the AI rather than managing a vendor relationship.

Gartner’s insistence on transparency and measurable outcomes aligns with this direction. When the report warns against tolerating “machine-driven deliverables” without context, it is describing the exact failure mode of bolting AI onto a legacy service model. The alternative is an AI SOC platform that makes its reasoning visible, produces evidence behind every verdict, and earns trust through verifiable results rather than vendor assurances.

What this means for security leaders

Gartner’s research validates what many CISOs are already experiencing. The MDR relationship is becoming more complex, not simpler. Costs are not coming down. And the organizations that are moving fastest are the ones exploring how AI can augment their own teams directly, not just enhance a provider’s backend operations.

The practical path forward is not about choosing between AI and human expertise. It is about choosing an operating model where AI handles the investigative work that humans cannot scale, while analysts focus on the judgment calls, escalations, and strategic decisions that require human context. That is the model Gartner’s data points toward, even if the report frames it as a future possibility rather than a present reality.

For organizations still early in this transition, the Gartner report offers a useful framework. Demand transparency. Measure outcomes, not activity. And ask the hard question about where AI-driven value should live: inside a provider’s margin, or inside your own SOC.

Learn more about how Intezer AI SOC delivers can help your SOC maximize the benefits of AI combined with human supervision.

The post A Gartner take on the MDR market in 2026 appeared first on Intezer.

Generalist AI for your SOC: When and where to use it

5 May 2026 at 20:46

Many security leader are asking the same question right now. We already pay for Microsoft Copilot, ChatGPT Enterprise, or Claude. Why buy anything else?

It is a fair question. These are genuinely impressive platforms. And the honest answer is that they can help with some things. Just not the things that matter most for most SOC teams.

This post is a practical guide to where generalist AI earns its place in a SOC and where it runs out of road.

Where generalist AI platforms actually add value

Let’s be direct about what generalist AI platforms do well in a security context.

They are good at drafting, incident summaries, policy documentation, communication templates, and post-mortems. If an analyst needs to translate a technical finding into plain language for an executive, a general-purpose LLM can accelerate that substantially.

They are useful for on-demand research. Asking a question about a CVE, looking up MITRE ATT&CK techniques, or getting a quick primer on an unfamiliar attack class. These are real productivity wins.

They can assist with simple scripting and query construction. Writing a KQL query for a Sentinel rule, generating a Python snippet to parse a log format. Useful, time-saving work.

The common thread is that these are assistance tasks. A human still needs to initiate the process while the AI is a capable co-pilot. And for these use cases, a general-purpose tool is perfectly appropriate.

Where generalist AI runs out of road

The problem is that none of those use cases address the actual constraint facing most SOC teams.

Security teams are not failing because analysts lack knowledge or work too slowly. They are constrained by investigative capacity. Alert volumes are rising. Environments are growing. Attacks are moving faster. And the operating model still assumes humans will triage and investigate the majority of what comes in.

When that assumption breaks down, investigation becomes selective. High-severity alerts get attention. Medium alerts accumulate. Low-severity alerts are deferred or auto-closed. And the uncomfortable truth is that real attacks frequently begin as weak signals. Credential misuse, living-off-the-land techniques, early-stage lateral movement. They rarely present as critical alerts. They appear ordinary until someone actually investigates them.

Generic AI does not fix this. Here is why.

Generalist AI is built for breadth, not depth

ChatGPT and Microsoft Copilot are built for general-purpose text generation. Forensic investigation of a suspicious process execution chain, or a cloud misconfiguration alert at 3am, requires domain-specific knowledge and structured reasoning those platforms were not designed to provide.

Generalist AI assists but does not execute 

Even with a great prompt, a general-purpose AI is accelerating an analyst’s workflow, not replacing the need for one. The investigation still depends on human capacity. And human capacity does not scale as fast as the alert surface grows.

Generalist AI KPIs are increased token usage

Microsoft’s KPI, for example, is token usage. More engagement equals more revenue, regardless of whether your security outcomes improved. That is not a subtle difference. It shapes every product decision, every definition of success. And this can result in very high costs for SOC teams heavily relying on these platforms. This is in stark contrast to Intezer AI SOC which selectively uses LLMs while primarily executing forensic investigations with highly scalable tools and processes. 

Read more about how Intezer Forensic AI SOC follows Anthropic’s best practices.

A practical AI decision framework

Use generalist AI when:

  • The task requires drafting or synthesizing text and security context is not critical to the output
  • An analyst is researching something unfamiliar and needs a starting point
  • The work is advisory and a human will validate and act on every output
  • Speed of completion matters more than forensic accuracy

Consider purpose-built AI when:

  • You need investigation to happen without an analyst driving every step
  • Alert volume has outpaced the team’s capacity to investigate manually
  • Medium and low-severity alerts are going uninvestigated because there simply is not time
  • You need verdicts accurate enough to act on, not just suggestions to review

The line between these two categories comes down to one question. Do you need AI assistance, or do you need AI execution?

What autonomous execution actually requires

This distinction matters because it shapes what you need from a platform.

Assistance is achievable with a good LLM and a capable prompt. Execution requires something harder: accuracy and forensic depth at investigation time.

General-purpose AI tools and many first-generation AI SOC products rely primarily on LLM analysis and SIEM queries. That is not enough to produce verdicts you can trust without a human checking every one.

Intezer AI SOC is built for the execution side of that line. Automated evidence collection, threat intelligence correlation, network forensics, endpoint forensics, and reverse engineering. That additional depth is what generates the high-confidence verdicts that allow organizations to trust the outcome without a human reviewing every decision.

Below a certain threshold of accuracy and depth, AI assists humans. Above it, organizations can safely offload Tier 1 and Tier 2 work entirely. The threshold is not crossed through breadth. It is crossed through domain specialization and forensic rigor.

Intezer’s investigations produce evidence-based verdicts with 98% accuracy. Up to 2% of alerts are escalated as real incidents while the rest are resolved automatically. That is not a productivity improvement. That is a fundamentally different operating model.

The closed loop of triage and detection engineering

There is one more dimension where general-purpose tools fall short and that is detection engineering.

When a generic AI tool helps an analyst triage an alert, that interaction is largely isolated. The outcome does not feed back into your SIEM rules. It does not surface coverage gaps. It does not help you get better at detecting the same class of threat next time.

Intezer’s investigation outcomes feed directly into detection engineering at the source, continuously identifying broken or noisy rules, flagging coverage gaps against the MITRE ATT&CK framework, and generating deployment-ready detection rules informed by real investigation results. The system improves with every alert it processes. Detection gets better based on evidence, not assumptions.

That closed loop is the difference between a productivity tool and an operating model.

Is a single generalist interface with multiple plugins the answer?

There is also an important architectural point worth making. Generalist AI platforms are increasingly effective at consolidating workflows into a single interface, and in theory, you could extend them into security operations through plugins and MCPs. The building blocks exist.

 

But in practice, stitching together the specialist capabilities needed for real alert triage such as forensic evidence collection, threat intelligence correlation, reverse engineering, network analysis, etc.  means sourcing, integrating, and maintaining a patchwork of plugins across multiple providers. Each one has its own update cycle, its own failure modes, and its own gaps. The integration burden falls on your team, and keeping it all working reliably over time is its own operational overhead.

 

At some point the question becomes whether the effort of assembling and maintaining a DIY investigation pipeline inside a generalist platform is worth it — or whether it makes more sense to use a purpose-built system where those capabilities are already unified, tested, and working together out of the box.

The bottom line

Generalist AI platforms have a real role to play in the SOC. Use them for drafting, research, and analyst-driven assistance tasks. It is good at those things and it is likely already paid for.

But do not confuse that with solving the capacity problem. When investigation still depends on human bandwidth, the alert backlog does not disappear. It just accumulates more slowly.

The future SOC is one where AI executes investigation and humans supervise outcomes. Getting there requires technology purpose-built for that job.

Learn more about Intezer AI SOC.

The post Generalist AI for your SOC: When and where to use it appeared first on Intezer.

AI SOC Live at Nasdaq: Real conversation about modern security operations

20 April 2026 at 18:58

The SOC is broken. Not because of a lack of talent or effort, but because human capacity does not scale. Alert volumes keep rising. Attacks move faster. And the operating model still assumes analysts will investigate most of what comes in, which means the vast majority of alerts never get looked at.

Our AI SOC Report 2026, based on analysis of 25 million alerts across our global customer base, put a sharp number on the problem. Over 60% of alerts are never reviewed by SOC and MDR teams. Nearly 1% of all incidents trace back to alerts classified at the lowest severity levels, signals most teams never touch. With average enterprises generating around 450,000 alerts annually, that equates to roughly one real threat per week hiding in the backlog, undetected.

That is not a tool problem. It is an operating model problem.

On April 27, we are bringing together the security leaders who are doing something about it.

Get your invite to AI SOC Live at the NASDAQ today.

What is AI SOC Live

AI SOC Live is a monthly, online event where security leaders discuss the latest issues facing the cyber industry. This month, AI SOC Live will be a full-day, invitation-only event at the Nasdaq in New York City. It is designed for CISOs, security directors, SOC managers, and MSSPs who are not just watching AI transform security operations from the sidelines, but are in the middle of it, making decisions about how their teams operate, what they invest in, and where the humans actually need to be.

This event is a full day of sessions, panels, and conversations built around the people, processes, and technology required to run a world-class SOC in 2026.

Who you will hear from at AI SOC Live Nasdaq

The speaker lineup reflects how seriously we have curated this event.

Itai Tevet, CEO and Founder of Intezer, will open the day with a session on the new SOC operating model, what it means when AI executes investigation and humans supervise outcomes, and why that shift changes security results structurally, not incrementally.

Alon Cohen, Founder and Executive Chairman of both Intezer and CyberArk, will speak to the broader impact of AI on security, drawing on decades of experience building foundational security companies.

Pavi Ramamurthy, Global CISO & CIO at Blackhawk Network as well as a founding member of the Professional Association of CISOs, and a venture advisor at YL Ventures. She will be speaking about the role of humans in the SOC.

David Spark, Founder and Executive Producer of the CISO Series Podcast, will host a live recording of the show featuring Nick Vigier, CISO at Oscar Health, digging into AI SOC beyond the hype.

You will also hear from CISOs at WCG Clinical, and ION Group, alongside practitioners from Realm Security, Legato Security, Upwind Security, and Monad. Sessions cover cloud security for the AI era, the blueprint for AI SOC success, and what every CISO needs to manage not only their security, but their executive board as well. 

And Mitchem Boles, Field CISO at Intezer, and Marcus Mingo, Detection Engineer at Intezer, will be there all day, available for the kind of real, technical conversations that rarely happen at larger conferences. See the full list of speakers.

What the day looks like

The agenda moves quickly and stays practical.

The morning opens with sessions on the new operating model and AI’s impact on security, followed by a CISO panel on the role of humans in the SOC and a session from Realm Security on building a data-first AI SOC. After a working lunch with interactive product demos, the afternoon covers cloud security, a live CISO Series recording, and a panel on advancing SOC outcomes at the C-suite level.

The day closes with a photo opportunity in front of the iconic Nasdaq billboard, followed by a cocktail reception overlooking New York City.

Attendees also earn CPE credits through the event’s partnership with ISC2.

Why this conversation matters now

The 2026 data makes the stakes clear. Our report found that more than half of confirmed compromised endpoints had been marked as “mitigated” by the EDR vendor, meaning teams believed those machines were clean when they were not. 

The gap between what organizations believe is covered and what is actually investigated is where real risk lives. Closing that gap requires a different operating model, one where AI investigates every alert, including the low-severity signals that human teams deprioritize, and humans supervise outcomes instead of grinding through queues.

That is the conversation happening at AI SOC Live.

Who should attend

This event is designed for CISOs, VPs and Directors of Information Security, SOC managers, and MSSPs from large enterprises who are responsible for security strategy, risk decisions, and operational outcomes. Whether you are evaluating AI for the first time or scaling capabilities you already have deployed, the sessions and conversations are built for leaders making real decisions, not attendees collecting swag.

Space is limited and invitations are by request.

Request your invitation at intezer.com/ai-soc-live-nasdaq

 

The post AI SOC Live at Nasdaq: Real conversation about modern security operations appeared first on Intezer.

AI SOC: When to buy and when to DIY

14 April 2026 at 16:58

The question isn’t whether to build. It’s what’s worth building.

Nearly every security organization with strong engineering resources is running some kind of internal AI project right now. That’s not a problem to be solved, it’s a sign of a healthy, capable team. The question worth asking isn’t “build or buy?” It’s a more precise one: which parts of this problem are worth your engineers’ time, and which parts aren’t?

That distinction changes the conversation entirely.

Intezer’s approach isn’t to compete with your internal roadmap. It’s to handle the commodity layer, common alert sources like CrowdStrike for example, so your engineers can focus on the security challenges that are actually unique to your organization. Some companies with very strong engineering teams are getting tremendous value from Intezer, precisely because they understand exactly what they’d rather not build themselves.

One Fortune 100 company started with Intezer for phishing triage, which removed a significant chunk of their internal DIY roadmap and freed their team to focus on their unique, internal use cases. Another F500 company went further as they expanded their Intezer contract while building their own custom internal AI for their own security use cases. Build and buy, working together, each doing what it does best.

So with that framing in mind, here’s an honest look at the parts of the AI SOC problem that are genuinely worth building and the parts that usually aren’t.

The maintenance treadmill nobody talks about

The first thing you encounter when you start building AI-driven alert triage is that the initial integration is only a fraction of the long-term work.

SIEM integrations break when vendors push updates. EDR APIs change without notice. New alert formats appear. Security tools version, deprecate endpoints, and shift data schemas on their own timelines. Keeping those integrations alive requires constant reverse engineering, work that is generic across every security organization in the world, but still consumes real engineering hours every single week.

Intezer already handles all of that. The integrations are built, maintained, and updated as the ecosystem evolves. When you offload the commodity layer, you skip the maintenance treadmill and get straight to what actually requires your organization’s specific knowledge.

Vendor alerts share many similarities even in different customer environments

Every security team knows their environment has its own complexity with unique infrastructure, specific tooling, particular workflows that took years to build. That’s real, and it matters.

But when it comes to the triage logic itself like investigating a suspicious lateral movement event, assessing a phishing alert, working through a cloud misconfiguration, the patterns tend to look remarkably similar across organizations. These are problems the industry has collectively solved thousands of times over.

That doesn’t diminish the work your team has done. It does raise a practical question: is rebuilding that common triage baseline the best use of your most capable engineers? The time spent recreating what already exists everywhere is time not spent on the challenges where your team’s knowledge is genuinely irreplaceable for your specific threat model, your particular infrastructure, and the edge cases no vendor has seen before.

Plugging into Intezer for the common alert sources isn’t a concession. It’s a way to protect your team’s time for the work that only they can do.

The integration challenge

One objection that comes up reliably, “we’ll need to do the integration work regardless”. That’s true. Connecting any automated system to your production security stack is environment-specific work that no vendor can fully do for you.

But here’s the distinction. With Intezer, that integration challenge is the only technically demanding part remaining. You’re not also building the investigation engine, the forensic analysis layer, the case correlation logic, the noise reduction system, and the detection feedback loop from scratch.

Building everything yourself means doing all of that foundational work and the integration. You spend months getting to a starting line that Intezer has already crossed, backed by years of operational learning across more than 150 enterprise deployments.

What the ROI actually looks like

There’s a headcount dimension here that often gets underweighted.

Building and maintaining your own AI SOC automation means dedicating engineering resources to it indefinitely. Those people aren’t available for other priorities. Their output is difficult to measure in security terms. And at the end of it, you’ve built something that performs commodity triage work, the same work Intezer has already productized and is continuously improving.

Buying Intezer converts that into a measurable line item with clear security outcomes attached: investigation accuracy, alert volume handled per analyst, time to resolution, escalation rate. RSM reported saving approximately 21,000 analyst hours per month, the equivalent of around 130 analysts, by running Intezer as their AI SOC layer. That’s not a soft productivity argument. It’s a concrete operational ROI story.

Continuous learning

One more dimension worth considering. What happens after an alert is triaged?

When Intezer investigates an alert, that outcome feeds back into detection engineering at the source, surfacing noisy or broken rules, mapping coverage gaps to MITRE ATT&CK, and generating deployment-ready detection rules informed by actual investigation results. The system gets smarter with every alert it processes. Detection improves based on evidence, not assumptions.

Homegrown automation rarely achieves this systematically. You triage the alert, close the ticket, and move on. The learnings don’t automatically improve your SIEM rules or extend your detection coverage. The system runs, but it doesn’t compound.

The practical frame

Think of it less as build vs. buy and more as what’s the right division of labor?

The commodity layer, common alert sources, standard triage logic, integration maintenance, detection lifecycle management, is worth offloading. That’s where Intezer operates. Your engineers stay focused on what’s actually differentiated: the security challenges that are specific to your environment, your risk profile, your business.

The teams that figure out this division early move faster, cover more, and build the things that actually matter. 

Learn more about Intezer.

The post AI SOC: When to buy and when to DIY appeared first on Intezer.

AI SOC for teams outgrowing MDR

25 March 2026 at 22:21

For teams that have outgrown their MDR, the answer isn’t a better MDR. It’s a different operating model.

MDR works. For a lot of teams, it’s the right solution at the right time. It brings experienced analysts, established processes, and investigation capacity that most organizations can’t build internally overnight.

But as environments grow and alert volumes climb, many teams start to feel the limits of the model itself. Investigation quality depends on analyst availability and shift coverage. Low and medium severity alerts get deprioritized because the queue demands it. And the security team watching from the other side can’t always tell whether the backlog is safe to ignore or hiding something real.

That’s not a failure of MDR. It’s a ceiling built into any operating model that scales investigation through human labor.

Today, we’re announcing expanded capabilities in the Intezer AI SOC platform, powered by ForensicAI™. Built for teams who’ve reached that ceiling and are ready for what comes next.

The risk in the backlog

Across enterprise SOC environments, roughly 60% of alerts go unreviewed. Not because teams aren’t working hard. Because there are only so many hours in a day, and the alert stream doesn’t stop.

“Many organizations handle millions of security events per year. There’s no possible way you can go through 100% of your alerts and resolve them completely, unless you rely on an AI platform.”
— Cecil Pineda, 4x CISO, Healthcare Industry

Our analysis of more than 25 million alerts found that nearly 1% of real threats originate from low-severity signals, alerts that most teams deprioritize or skip entirely. For a large enterprise, that’s an average of 54 true threat alerts per year. More than one per week. Hiding in the noise tier that nobody gets to. 

Read our full AI SOC research report.

There’s also a second gap that rarely gets discussed. Because investigation and detection engineering are siloed within most MDRs, real investigation outcomes almost never feed back into SIEM and EDR rule tuning. Noisy detections stay noisy. Coverage gaps stay gaps. The system doesn’t learn from its own work.

What’s new in the Intezer AI SOC

The Intezer AI SOC platform was built on a simple premise. If you can’t investigate every alert, you can’t meaningfully reduce risk. Intezer AI SOC handles the investigative execution (triage, correlation, forensic-depth analysis) across 100% of alerts, regardless of severity. Humans supervise outcomes and engage at the decision point.

With this expansion, we’re adding three capabilities that close the remaining gaps between autonomous AI SOC operations and the full-service coverage teams expect.

AI-driven detection engineering

Investigation outcomes now feed directly into a closed-loop detection engineering process. SIEM and EDR rules are tuned or created, at the source, based on real verdict data, threat intelligence, and observed attacker behavior. Broken detections, noisy rules, and coverage gaps are identified and addressed continuously. This is the connection that siloed MDR roles have historically missed. Triage informs detection, better detection shortens the triage process, and the system gets smarter over time.

On-demand security experts

When the AI surfaces a high-confidence incident and you want a second set of eyes, or you’re mid-response and need expert judgment, Intezer’s security researchers and analysts are available directly through the platform. You can request expert analysis of artifacts, alerts, and logs, get guidance during an active incident, or validate suspicious activity the AI flagged. A dedicated expert is always on call for urgent requests, with Customer Success tracking every engagement through to resolution.

Continuous feedback and model tuning

Every time your team reviews a verdict, marks a false positive, or flags a result that doesn’t fit, that signal improves the system. Intezer’s experts review edge cases, adjust tuning rules, and add custom AI instructions calibrated to your environment and risk profile. Tuning also happens proactively through continuous platform monitoring and improvements, with no periodic review project required.

Learn more about Intezer’s QA process. 

The shift

“Security operations have reached a structural limit. Human teams, whether internal or outsourced to MDR providers, cannot realistically investigate the volume of alerts enterprises now face. Our analysis of more than 25 million alerts makes the risk clear: Real threats are often buried in the low-severity signals that never get investigated. AI SOC changes the model by making full forensic investigation possible across every alert, continuously improving detection based on real outcomes, and allowing human experts to focus on the incidents that truly require judgment and response.”
— Itai Tevet, CEO and Co-Founder, Intezer

Together, these capabilities shift security teams away from manual alert processing and toward supervising outcomes. Organizations that have outgrown their MDR can now investigate 100% of alerts at forensic depth, trust the evidence behind every verdict, close the loop between investigation outcomes and detection quality, and bring in expert analysts when it matters most.

The result is stronger security outcomes, broader alert coverage, and the ability to operate at enterprise scale without the constraints of a human-scaled model.

AI executes. Humans supervise.

RSA Conference is where the security industry sets its direction. This year, AI in the SOC is the conversation happening on every floor of Moscone. But there’s a meaningful difference between AI that helps analysts work faster and AI that takes on the investigative function entirely.

This announcement draws that line with data. 25 million alerts analyzed, 60% going unreviewed in enterprise environments, real threats hiding in the low-severity tier at a rate of more than one per week. These aren’t hypotheticals. They’re findings from production environments at scale where Intezer is not simply delivering better analyst productivity, but rather measurable improvements in enterprise security. 

For teams that have been thinking about what comes after MDR, this is the moment to see it working. 

Visit Intezer at Moscone South, Booth #555

The post AI SOC for teams outgrowing MDR appeared first on Intezer.

Intezer’s 2025 momentum reflects rapid adoption of AI SOC in global enterprise 

25 March 2026 at 09:47

Security operations is undergoing a fundamental shift.

As alert volumes continue to rise and environments grow more complex, enterprises are moving away from security models built on manual triage, fragmented automation, and are looking to decrease their reliance on outsourced MDR services. More enterprises are adopting AI SOC as the new model for running security operations, one that can triage and  investigate all alerts at machine scale while keeping internal teams focused on judgment and response.

That shift was reflected clearly in Intezer’s momentum over the past year.

In 2025, Intezer processed more than 25 million security alerts across live enterprise SOC environments, as adoption expanded across large and complex organizations looking for a more scalable way to run security operations.

A year of strong growth

Over the past year, Intezer achieved several major company milestones:

  • Multiplied revenue year over year
  • Achieved 126% net revenue retention
  • Expanded adoption across Fortune 500 organizations
  • Scaled the team across key functions to support a growing enterprise customer base

These milestones reflect more than company growth. They reflect a broader market transition toward AI SOC as enterprises look for ways to investigate every alert, reduce hidden risk, and operate beyond the limits of human investigation capacity.

Growing industry recognition

Intezer’s momentum is also being recognized by media, industry analysts and practitioners. Here is a sampling of recent coverage.

Reuters covered Intezer’s research team’s work on uncovering novel cyber attacks this past December, that were targeting Russian defense organizations.

Well known industry analyst Richard Stiennon recently included Intezer in the 2026 Cyber 150, an independently compiled list based on IT-Harvest data, and has also included Intezer in his new book, Guardians of the Machine Age.

At the same time, practitioners are taking notice. In his write-up on Intezer’s 2026 AI SOC Report, Darwin Salazar highlighted the report’s forensic depth, auditability, and practical value in a crowded AI SOC market.

Why this momentum matters

Traditional SOC and MDR models are constrained by human investigation bandwidth. As alert volumes increase, teams are forced to prioritize only a subset of alerts, often based on severity labels before full context is available. That leaves real risk hiding in uninvestigated alerts.

Enterprises are increasingly adopting AI SOC to remove that bottleneck.

Intezer investigates 100% of alerts at forensic depth across endpoint, identity, cloud, network, phishing, and SIEM sources, escalating only the incidents (less than 2%) that require human judgment. This allows security teams to stay in control while scaling operations far beyond what manual investigation models can support.

What the numbers show

The business results from the past year point to strong validation in the market.

Doubling revenue year over year signals accelerating demand.

126% net revenue retention reflects strong customer expansion and continued platform adoption.

Growth across Fortune 500 organizations shows that large enterprises are increasingly embracing this operating model.

And continued team expansion across key functions ensures Intezer can support customers as adoption grows.

Looking ahead

The market is moving toward a new SOC operating model, one where AI executes investigations at scale and human teams focus on decisions, response, and strategy.

Intezer’s momentum over the past year reflects that shift clearly. As more enterprises look to eliminate investigation bottlenecks and reduce cyber risk, AI SOC is moving from emerging category to operational reality.

Learn more about Intezer.

The post Intezer’s 2025 momentum reflects rapid adoption of AI SOC in global enterprise  appeared first on Intezer.

Intezer’s 2025 momentum reflects rapid adoption of AI SOC in global enterprise 

12 March 2026 at 23:46

Security operations is undergoing a fundamental shift.

As alert volumes continue to rise and environments grow more complex, enterprises are moving away from security models built on manual triage, fragmented automation, and are looking to decrease their reliance on outsourced MDR services. More enterprises are adopting AI SOC as the new model for running security operations, one that can triage and  investigate all alerts at machine scale while keeping internal teams focused on judgment and response.

That shift was reflected clearly in Intezer’s momentum over the past year.

In 2025, Intezer processed more than 25 million security alerts across live enterprise SOC environments, as adoption expanded across large and complex organizations looking for a more scalable way to run security operations.

A year of strong growth

Over the past year, Intezer achieved several major company milestones:

  • Multiplied revenue year over year
  • Achieved 126% net revenue retention
  • Expanded adoption across Fortune 500 organizations
  • Scaled the team across key functions to support a growing enterprise customer base

These milestones reflect more than company growth. They reflect a broader market transition toward AI SOC as enterprises look for ways to investigate every alert, reduce hidden risk, and operate beyond the limits of human investigation capacity.

Growing industry recognition

Intezer’s momentum is also being recognized by media, industry analysts and practitioners. Here is a sampling of recent coverage.

Reuters covered Intezer’s research team’s work on uncovering novel cyber attacks this past December, that were targeting Russian defense organizations. 

Well known industry analyst Richard Stiennon recently included Intezer in the 2026 Cyber 150, an independently compiled list based on IT-Harvest data, and has also included Intezer in his new book, Guardians of the Machine Age.

At the same time, practitioners are taking notice. In his write-up on Intezer’s 2026 AI SOC Report, Darwin Salazar highlighted the report’s forensic depth, auditability, and practical value in a crowded AI SOC market.

Why this momentum matters

Traditional SOC and MDR models are constrained by human investigation bandwidth. As alert volumes increase, teams are forced to prioritize only a subset of alerts, often based on severity labels before full context is available. That leaves real risk hiding in uninvestigated alerts.

Enterprises are increasingly adopting AI SOC to remove that bottleneck.

Intezer investigates 100% of alerts at forensic depth across endpoint, identity, cloud, network, phishing, and SIEM sources, escalating only the incidents (less than 2%) that require human judgment. This allows security teams to stay in control while scaling operations far beyond what manual investigation models can support.

What the numbers show

The business results from the past year point to strong validation in the market.

Doubling revenue year over year signals accelerating demand.

126% net revenue retention reflects strong customer expansion and continued platform adoption.

Growth across Fortune 500 organizations shows that large enterprises are increasingly embracing this operating model.

And continued team expansion across key functions ensures Intezer can support customers as adoption grows.

Looking ahead

The market is moving toward a new SOC operating model, one where AI executes investigations at scale and human teams focus on decisions, response, and strategy.

Intezer’s momentum over the past year reflects that shift clearly. As more enterprises look to eliminate investigation bottlenecks and reduce cyber risk, AI SOC is moving from emerging category to operational reality.

Learn more about Intezer.

The post Intezer’s 2025 momentum reflects rapid adoption of AI SOC in global enterprise  appeared first on Intezer.

Alert fatigue is costing you: Why your SOC misses 1% of real threats

3 February 2026 at 15:04

Introducing the 2026 Intezer AI SOC Report for CISOs

For years, security leaders have lived with an uncomfortable truth. It has been to date, simply impossible to investigate every alert. As alert volumes exploded and teams failed to scale, SOCs, whether in-house or outsourced, normalized “acceptable risk” with the deprioritization of low-severity and informational alerts.

Our latest research shows that this approach is no longer defensible.

Intezer has just released the 2026 AI SOC Report for CISOs, based on the forensic analysis of more than 25 million security alerts across live enterprise environments. The findings reveal a critical disconnect between how security teams prioritize alerts and where real threats actually originate, and the cost of that gap is far higher than most organizations realize .

Why “acceptable risk” is no longer acceptable 

Across endpoint, cloud, identity, network, and phishing telemetry, Intezer found that nearly 1% of confirmed incidents originated from alerts initially labeled as low-severity or informational. On endpoints, that figure climbed to nearly 2%.

At enterprise scale, that percentage is not noise.

For a typical organization generating roughly 450,000 alerts per year, this translates to ~50 real threats annually, about one per week, never investigated by a SOC or MDR team. These are not theoretical risks. They are real compromises hiding in plain sight, dismissed not because they were benign, but because teams lacked the capacity to look.

What the data revealed across the attack surface

Because Intezer AI SOC investigates 100% of alerts using forensic-grade analysis, the report exposes how attackers actually operate once you remove triage bias from the equation.

Endpoint security is more fragile than reported

More than half of endpoint alerts were not automatically mitigated by endpoint protection tools. Of those, nearly 9% were confirmed malicious. Even more concerning, 1.6% of endpoints undergoing live forensic scans were still actively compromised despite being reported as “mitigated” by EDR tools.

See the full endpoint threat data → Download the 2026 AI SOC Report

Low-severity does not mean low-risk

Within endpoint alerts alone, 1.9% of low-severity and informational alerts were real incidents, the exact alerts most SOCs never review.

Attackers favor stealth over noise

Cloud telemetry was dominated by defense evasion and persistence techniques, reflecting a shift toward long-term access, token abuse, and misuse of legitimate services rather than overt exploitation.

Phishing has moved into trusted platforms and browsers

Fewer than 6% of malicious phishing emails contained attachments. Most relied on links, language, and abuse of legitimate services such as cloud file sharing, code sandboxes, CAPTCHA mechanisms, where traditional controls have limited visibility.

Cloud misconfigurations persist as silent risk multipliers

Most cloud posture findings stemmed from legacy or default configurations, especially in Amazon S3, including missing encryption, weak access controls, and lack of logging—issues often classified as “low severity,” yet repeatedly exploited once attackers gain a foothold.

To read the full report and all the findings, download the CISOs guide to AI SOC 2026 here. 

Why traditional SOCs fail: capacity, fragmentation and judging alerts by their severity

Modern SOC failures are rarely the result of a single broken tool or negligent team. They are the outcome of structural tradeoffs that every traditional SOC—internal or MDR—has been forced to make.

Capacity is the first constraint.
Human analysts do not scale linearly with alert volume. As telemetry expands across endpoint, cloud, identity, network, and SaaS, SOCs hit a hard ceiling. The only way to cope is aggressive triage: close most alerts automatically, investigate only what looks “important,” and hope severity labels align with reality. The 2026 AI SOC Report shows that this assumption is false at scale.

Tool fragmentation compounds the problem.
Most SOC stacks are collections of siloed detections, EDR, SIEM, identity, cloud posture, email, each optimized for a narrow signal. Severity is assigned locally, without cross-surface context or forensic validation. As a result, alerts are scored based on abstract rules, not evidence of compromise. When SOCs trust these labels blindly, they inherit the tools’ blind spots.

Process tradeoffs lock risk in place.
Once triage rules are defined, they become institutionalized. Low-severity alerts are ignored by design. MDR providers codify this into SLAs. Internal SOCs bake it into runbooks. Crucially, there is no closed-loop feedback: missed threats do not automatically improve detections, because they were never investigated in the first place.

The outcome is not an occasional failure. It is systematic, repeatable risk, embedded directly into how SOCs operate.

Real-world examples of missed threats hiding in plain sight

The data in the 2026 AI SOC Report makes clear that missed threats are not exotic edge cases. They are ordinary attacks progressing quietly through environments because no one looked.

Endpoints marked “mitigated” but still compromised
In over 1.6% of live forensic endpoint scans, Intezer found active malicious code running in memory even though the EDR had already reported the threat as resolved. These cases included stealers, RATs, and post-exploitation frameworks, often originating from low-severity alerts that never triggered deeper inspection. Without memory-level forensics, these compromises would have remained invisible.

Phishing hosted on trusted platforms
Attackers increasingly host phishing pages on legitimate developer platforms like Vercel and CodePen, or abuse trusted cloud services such as OneDrive and PayPal. The parent domains appear reputable, so alerts are downgraded or ignored. Yet behind them are live credential-harvesting pages that bypass email gateways and browser-based defenses alike.

Cloud misconfigurations as delayed breach accelerators
Many cloud posture findings such as unencrypted S3 buckets, missing access logs and permissive cross-account policies rarely trigger action. But once an attacker gains any foothold, these long-standing misconfigurations dramatically accelerate lateral movement, persistence, and data exposure.

In every case, the failure was not detection. The signal existed. The failure was investigation.

How attackers deliberately exploit SOC blind spots

Attackers understand SOC economics better than most defenders.

They know which alerts generate fatigue.
They know which detections are noisy.
They know which categories are deprioritized by default.

As a result, modern attackers design their campaigns to blend into the backlog, not trigger alarms.

Stealth over speed
Cloud intrusions favor defense evasion, persistence, and token abuse over loud exploitation. These behaviors generate alerts, but rarely high-severity ones. The report shows cloud telemetry dominated by exactly these tactics, indicating attackers are optimizing for long-term access rather than immediate impact.

Living off trusted infrastructure
Phishing campaigns increasingly abuse legitimate brands, file-sharing services, CAPTCHA frameworks, and developer platforms. These environments inherit trust by default, allowing attackers to operate under severity thresholds that SOCs routinely ignore.

Multi-stage loaders and memory-only execution
On endpoints, attackers rely on layered loaders, in-memory payloads, and obfuscation techniques that evade static detections. Initial alerts may look benign or incomplete. Without forensic follow-through, SOCs miss the actual compromise entirely.

Attackers are not evading detection systems alone, rather they are exploiting SOC decision-making models.

What this means for your SOC operations

For CISOs and SOC leaders, the implication is stark:
Risk is no longer defined by what you detect, but by what you choose not to investigate.

If your SOC:

  • Ignores low-severity alerts by default
  • Relies on severity labels without forensic validation
  • Limits investigations based on human capacity
  • Operates without a feedback loop between outcomes and detections

Then missed threats are not anomalies, they are guaranteed.

The organizations that will reduce risk in 2026 are not adding more dashboards or rewriting triage rules. They are adopting operating models where investigation is no longer a scarce resource.

This is why AI-driven, forensic-grade SOC platforms fundamentally change the equation. When every alert is investigated:

  • Severity becomes evidence-based, not assumed
  • Detection quality improves through real-world validation
  • Attackers lose the ability to hide in “acceptable risk”
  • SOC teams regain control without scaling headcount

This is the shift behind the Intezer AI SOC model and why the concept of acceptable risk must be redefined for the modern threat landscape.

This all changes when you can investigate everything

The data in the 2026 AI SOC Report points to a different reality, one where AI-driven forensic analysis removes investigation capacity as a constraint.

When every alert is investigated:

  • “Low severity” stops being a proxy for “safe”
  • Detection quality improves through real-world validation
  • Missed threats drop from dozens per year to near zero
  • Escalations fall below 2%, without sacrificing coverage
  • Risk tolerance is defined by evidence, not exhaustion

This is the operating model behind Intezer AI SOC, powered by ForensicAI™ and it is why the definition of acceptable risk must be reset.

Download the report and join the discussion

The 2026 AI SOC Report for CISOs is grounded in:

  • 25 million alerts analyzed
  • 10 million monitored endpoints and identities
  • 82,000 forensic endpoint investigations, including live memory scans
  • Telemetry from 7 million IP addresses, 3 million domains and URLs, and over 550,000 phishing emails

All data was aggregated and anonymized across Intezer’s global enterprise customer base.

👉 Download the full report to explore the findings in detail, and
👉 Join Intezer’s research team on Wednesday, February 4th at 12 p.m. ET for a live webinar breaking down what this data means for SOC leaders and CISOs.

Because in 2026, the biggest risk is no longer what you detect, it’s what you choose not to investigate.

The post Alert fatigue is costing you: Why your SOC misses 1% of real threats appeared first on Intezer.

How AI brings the OSCAR methodology to life in the SOC

21 January 2026 at 15:41

When I look back on my years as a SOC lead in MDR, the thing I remember most clearly is the tension between wanting to do things the “right way” and simply trying to survive the day.

The alert queue never stopped growing. The attack surface kept expanding into cloud, identity, SaaS, and whatever new platform the business adopted. And every shift ended with the same uneasy feeling: What did we miss because there wasn’t enough time to investigate everything fully?

While different sources emphasize different challenges, recent statistics from late 2024 and 2025 reports reflect exactly what so many SOC analysts and leads feel:

  • The majority of alerts are never touched. Recent surveys indicate that 62% of alerts are ignored largely because the sheer volume makes them impossible to address. Furthermore, many analysts report being unable to deal with up to 67% of the daily alerts they receive.
  • The volume is unmanageable for humans. A typical SOC now processes an average of 3,832 alerts per day. For analysts trying to manually triage this flood, the math simply doesn’t add up.
  • Burnout is the new normal. The pressure is unsustainable, with 71% of SOC analysts reporting burnout due to alert fatigue. This has accelerated turnover, with some SOCs seeing analyst retention cycles shrink to less than 18 months, eroding institutional knowledge.

When people outside the SOC see these numbers, they assume analysts aren’t doing their jobs. The truth is the opposite. Most analysts are doing the best work they can inside a system that was never built for volume. Traditional triage is reactive and heavily dependent on intuition. On a good day, that might work. On a bad day, it leads to inconsistent decisions, coverage gaps, and immense pressure on analysts who care deeply about getting it right.

This is where the OSCAR methodology becomes valuable again.

Why the OSCAR methodology still matters

As a SOC lead, I always wanted the team to approach alerts with organizational structure. OSCAR provides that structure by creating a clear, repeatable sequence:

  • Obtain Information
  • Strategize
  • Collect Evidence
  • Analyze
  • Report

It removes guesswork and helps analysts who are still developing their skills stay grounded during chaotic shifts. But here is the reality I learned firsthand – You can only scale OSCAR so far with humans alone.

Evidence collection takes time. Deep analysis takes more time. No matter how motivated an analyst is, there are simply not enough hours in a shift to apply OSCAR to every alert manually. Most teams end up applying the methodology selectively; critical and high-severity alerts get the full OSCAR treatment, while everything else gets whatever time is left.

That gap between process and reality is exactly where Intezer enters the picture.

How Intezer operationalizes OSCAR at scale

Intezer takes the proven structure of OSCAR and executes it automatically and consistently across every alert. Instead of relying on how much energy an analyst has left 45 minutes before there shift ends, Intezer performs evidence collection, deep forensic analysis, and reporting at a speed and depth no human team could sustain.

Here is how the platform automates the methodology step-by-step:

O: Information obtained

In my SOC days, gathering context meant jumping between consoles and browser tabs, hoping nothing crashed. Intezer collects all of this instantly from endpoints, cloud platforms, identity systems, and threat intel sources. Analysts start every case with the full picture rather than a partial one.

S: Strategy suggested

Instead of relying on an analyst’s instinct about what might be happening, the Intezer platform generates verdicts and risk-based priorities immediately (with 98% accuracy). This provides critical consistency, especially for junior analysts who are still finding their confidence. Additionally, all AI reasoning is fully backed by deterministic, evidence based analysis.

C: Evidence collected

This was always the slowest part of manual investigation. Intezer collects memory artifacts, files, process information, and cloud activity in seconds. No hunting, no guessing, and no hoping you pulled the right logs before they rolled over.

A: Analysis (forensic-grade)

Intezer performs genetic code analysis, behavioral analysis, static/dynamic analysis, and threat intelligence correlation on every single alert. This is the level of scrutiny senior analysts wish they had time to do manually, but usually can only afford for the most critical incidents.

Read more about how Intezer Forensic AI SOC operates under the hood.

R: Reporting & transparency

The platform creates clear, structured, audit trails. This removes the burden of manual documentation from analysts and ensures that the “why” behind every decision is transparent and explainable.

The result: Moving beyond “speed vs. depth”

When OSCAR is coupled with Intezer’s AI Forensic SOC, the operation transforms. We see this in actual customer environments:

  • 100% alert coverage: Even low-severity and “noisy” alerts are fully triaged.
  • Sub-minute triage: Drastically improved MTTR/MTTD and minimized backlogs.
  • 98% accurate decisioning: Verdicts are supported by deterministic evidence, reducing escalations for human review to less than 4%.

The shift in operations:

CapabilityTraditional MDR SOCIntezer Forensic AI SOC
CoverageCritical and High-severity100% of alerts
Triage time20+ mins per alert<2 mins (automated)
Analyst modeData collectorInvestigator

From the perspective of a former SOC lead, the most important benefit is this: 

”Analysts finally get to think again. Automation handles the busy work. Humans get to use judgment, creativity, and experience.”

Final thoughts

For years, triage has been treated like a speed exercise. But the threats we face today require depth, context, and clarity. OSCAR gives SOCs the investigative structure they need, and Intezer provides the scale required to actually use that structure across every alert.

For the first time, teams don’t have to choose between speed and depth. They get both.

If your SOC wants to move from reactive to truly investigative operations, we would be happy to show you what an OSCAR-driven Intezer SOC looks like in practice.

The post How AI brings the OSCAR methodology to life in the SOC appeared first on Intezer.

Building effective AI for the SOC: How Intezer Forensic AI SOC follows Anthropic’s best practices

14 January 2026 at 18:58

One of the most influential publications on real-world AI system design is Anthropic’s guide, Building Effective Agents. Its core message is simple:
Effective AI requires structure first, adaptability second.

Anthropic emphasizes that AI agents work best when:

  1. A deterministic workflow does all the structured work up front
  2. The agent only activates when uncertainty remains
  3. The agent begins with full context, not an empty slate
  4. Tool usage is controlled and evidence-driven
  5. Human-in-the-loop remains central for oversight and trust

These principles ensure accuracy, avoid hallucinations and keep investigations reproducible, all critical requirements for cybersecurity.

Intezer Forensic AI SOC is built on exactly this philosophy. Our platform uses a dual-mode design with Intezer AI Workflow and AI Agent, completely aligning with Anthropic’s best practices to deliver fast, scalable and highly accurate investigations across a broad range of alerts, all while keeping analysts in the loop.

Here is how Intezer implements Anthropic’s best practices for agents.

Structured first: Intezer AI Workflow handles the majority of alerts

Anthropic advises that AI systems should begin with deterministic workflows instead of free-form reasoning. In cybersecurity, this is essential for accuracy, auditability, trust and scalability (when handling huge volumes of alerts).

Intezer’s AI Workflow mode is a structured triage process designed by security experts and executed with strict consistency. It applies AI only at key decision points, not as the driver of the entire investigation.

This approach provides:

  • Deterministic, reproducible results
  • High speed due to streamlined, parallelizable steps
  • Lower costs because heavy reasoning is used sparingly
  • No drift or unexpected branching
  • Clear human oversight points

Most alerts, especially well-defined ones, are fully resolved at this stage, giving SOCs broad alert coverage at low cost.

Adaptive only when needed: Intezer AI Agent extends the investigation

Anthropic states that agents should activate only when the structured workflow reaches uncertainty, and only after they inherit the full context. Intezer follows this exactly.

AI Agent mode activates only when the Workflow cannot reach a high-confidence verdict.

At that point, the agent:

  • Starts with all evidence collected so far
  • Avoids premature assumptions
  • Uses tools deliberately and contextually
  • Expands the investigation where human analysts would
  • Surfaces deeper behavioral patterns or cross-asset correlations

This ensures the agent is guided, not free-floating, and its decisions remain grounded in evidence, not guesswork.

Tools the AI Agent can leverage once activated

  • Dynamic SIEM queries
  • EDR/XDR telemetry lookups
  • Identity provider (IDP) investigation
  • Behavioral analysis of processes and command lines
  • User activity mapping
  • Process ancestry and parent-child correlation
  • Intezer’s historical alert database
  • Code DNA similarity and malware lineage tracking
  • Additional host, memory, or file-based forensics

The result is deeper investigation where it matters, without unnecessary cost.

Human-in-the-loop by design

Intezer keeps human analysts at the center so they can review and override conclusions, and trace every decision made by Intezer. Of course, all evidence and reasoning is grounded in forensic data and is fully transparent and explainable for beginners and advanced analysts alike.

This aligns with Anthropic’s principle that humans remain final decision-makers, especially in high-stakes domains like cybersecurity.

How this architecture improves SOC performance

Intezer’s adherence to Anthropic’s best practices produces measurable outcomes across the three most important SOC metrics: accuracy, coverage, and speed, while also reducing cost.

Accuracy

Intezer’s approach of combining deterministic forensics + adaptive AI = best-in-class verdict quality.

  • The structured workflow prevents hallucinations
  • The AI Agent only activates with strong guardrails
  • Context inheritance ensures consistent reasoning
  • Analysts always have visibility and control

This hybrid approach dramatically reduces false positives and prevents premature conclusions.

Triage of all alerts, including low-severity (where threats often hide)

Because AI Workflows handle the bulk of alerts inexpensively and AI Agents only run when needed, heavy and expensive reasoning calls are minimized

This frees SOCs from cherry-picking which alerts to ingest allowing them to triage and investigate them all.

This is crucial for:

  • High-volume enterprise environments
  • MSSPs with strict SLAs
  • Cloud-scale detection pipelines
  • 24/7 monitoring teams

You get broad alert coverage without inflating compute costs.

Speed: Structured steps + adaptive depth

  • Workflow mode resolves most alerts within seconds
  • Agents accelerate investigations that normally take analysts hours
  • No bottlenecks, no backlog, no manual evidence gathering

The result is a SOC where every alert is investigated quickly, consistently, and with forensic depth.

Table of how Intezer’s design reflects Anthropic’s guidance

Anthropic best practiceHow Intezer implements it
Start with deterministic workflowsAI Workflow handles structured triage with predefined expert steps
Activate agents only when neededAI Agent triggers only when confidence is insufficient
Give agents full contextAgent inherits the entire Workflow evidence set
Control tool usageAgent selects tools based on evidence, not speculation
Maintain human-in-the-loopAnalysts can verify, guide, and override conclusions
Prioritize safety and reproducibilityEvery action is logged, justified, and traceable

Conclusion: Anthropic’s Agent principles in a real SOC

Anthropic’s framework for building effective agents is now influencing industries far beyond general AI research. Intezer Forensic AI SOC might be one of the strongest real-world implementations of these practices in cybersecurity.

By combining:

  • Deterministic workflows for reliable baseline investigations
  • Adaptive agents for deeper reasoning when needed
  • Human oversight for trust and accountability
  • Cost efficiency enabling full-pipeline alert coverage

Intezer is able to deliver fast, accurate, and scalable triage that transforms SOC operations.

Learn more about how you can transform your SOC today.

The post Building effective AI for the SOC: How Intezer Forensic AI SOC follows Anthropic’s best practices appeared first on Intezer.

Intezer named a top-tier Solutions Partner in the Microsoft AI Cloud partner program

17 December 2025 at 14:56

Security teams that rely on Microsoft know the power of a deeply integrated security stack. Today, we’re proud to announce an important milestone that further strengthens that ecosystem.

Intezer has been named a top-tier Solutions Partner in the Microsoft AI Cloud Partner Program (MAICPP), a designation reserved for solutions that meet Microsoft’s highest standards for security, architecture, and seamless cloud integration.

This recognition follows a successful Microsoft technical audit and certifies the Intezer Forensic AI SOC platform as trusted, Microsoft-validated software designed to deliver real security outcomes for modern SOC teams.

Join AI SOC Live on January 6th to see how to maximize your Microsoft Security investment with  Forensic AI SOC. January 6th | 9am PT | 12pm EST.

Strengthening Microsoft-driven SOCs with Forensic AI

Microsoft security tools generate powerful signals, but signals alone don’t equal outcomes. SOC teams still face alert overload, limited context, and the constant risk that real threats hide in low- or medium-severity alerts.

The Intezer Forensic AI SOC platform was built to solve this problem.

Intezer strengthens the outcomes of Microsoft-driven SOCs by combining agentic AI with automated forensic investigation, enriching Microsoft alerts with deep technical evidence and cross-platform context. The platform investigates alerts from and across:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity (Entra ID)
  • Microsoft Defender for Office 365 and reported phishing
  • Microsoft Sentinel
  • Microsoft Defender for Cloud
  • Non-Microsoft security tools across endpoint, identity, cloud, email, and network environments

Instead of triaging only “high severity” alerts, Intezer investigates every alert with automated querying of Microsoft Sentinel, whenever needed, to enrich alerts, correlate logs, and validate activity. This provides visibility into every incident without manual lookups or switching tools.

How Intezer delivers better SOC outcomes on Microsoft

24/7 AI-powered triage and investigation

Intezer automatically triages and investigates 100% of alerts, including low- and medium-severity alerts that are commonly ignored. By mirroring how expert human analysts investigate incidents, using multiple AI models combined with deterministic forensics, Intezer delivers speed without sacrificing accuracy.

Less than 4% alerts escalated, higher confidence decisions

Across Microsoft and non-Microsoft alerts, fewer than 4% are escalated to human analysts. Each verdict is backed by forensic evidence, reducing noise, eliminating guesswork, and enabling analysts to focus only on what truly matters.

Faster response with native Microsoft actions

Intezer enables automated remediation directly through Microsoft tools, including:

  • Device isolation via Defender for Endpoint
  • User lockout through Entra ID
  • Email quarantine in Defender for Office 365
  • Interactive response via Microsoft Teams

This tight integration allows teams to move from alert to action in minutes, without switching tools or workflows.

Built to maximize the value of Microsoft security investments

“This designation reflects our commitment to helping organizations get the most out of their Microsoft security investments,” said Itai Tevet, CEO and co-founder of Intezer.
“As a top-tier Solutions Partner in the Microsoft AI Cloud Partner Program, we deliver AI-powered, forensic-grade investigations that strengthen the security outcomes of SOC teams using Defender, Sentinel, and the broader Microsoft Security Suite. We help teams move from alerts to clear, confident decisions in minutes.”

Intezer customers can also purchase directly through the Microsoft Azure Marketplace and apply existing Azure credits, simplifying procurement and accelerating time to value.

What the MAICPP designation means for security teams

The Microsoft AI Cloud Partner Program recognizes partners whose solutions are proven to work at scale across the Microsoft Cloud. Achieving top-tier Solutions Partner status signals that Intezer:

  • Meets Microsoft’s highest standards for security, reliability, and architectural excellence
  • Integrates deeply and natively across the Microsoft Security Suite
  • Delivers validated customer impact for organizations operating on Microsoft infrastructure

For customers, this designation provides confidence that Intezer is not just compatible with Microsoft security, but purpose-built to extend and elevate it.

Why this matters now

As SOCs face increasing alert volumes, tighter budgets, and a growing shortage of skilled analysts, automation alone is no longer enough. Security teams need forensic-grade AI that can explain why an alert matters, not just label it.

The MAICPP designation confirms that Intezer delivers exactly that:

  • Enterprise-grade accuracy
  • Microsoft-validated integrations
  • Proven SOC efficiency at scale

For organizations running on Microsoft, Intezer is now officially recognized as a trusted partner to help transform alerts into outcomes.

Learn more about Intezer Forensic AI SOC for Microsoft or get started today through the Azure Marketplace.

The post Intezer named a top-tier Solutions Partner in the Microsoft AI Cloud partner program appeared first on Intezer.

Comprehensive Google SecOps migration checklist for CISOs and SOC leaders

10 December 2025 at 13:49

There’s a clear trend emerging with many organizations transitioning from legacy SIEMs to Google SecOps. While the Google SIEM platform is powerful, in our experience working with enterprise clients, that power only reveals itself when security leaders make three early decisions correctly:

  • Detection strategy: Whether to migrate existing rules or start fresh with a green-field approach.
  • Data onboarding: How to scale ingestion across multi-cloud environments without breaking pipelines.
  • Operating model: Building workflows that prevent “alert debt” from piling up on day one.

The strategic message is clear. Treat SIEM detection management with the same diligence you treat core security architecture, and augment your analysts with AI-powered triage so your humans can focus on higher-order investigations.

Here’s a practical checklist for discovery, migration, and operational success, designed for CISOs and SOC leaders evaluating a move to Google SecOps.

NOTE: This blog post is relevant to anyone considering a Chronicle SIEM migration as Google SecOps is the new Google branding for Chronicle.

The tl;dr version of the Google SIEM migration checklist 

PhaseKey focus
Pre-MigrationInventory, pain-point assessment, business justification
MigrationTool selection, data ingestion, rule/dashboard migration, Integration, governance & risk
Post-MigrationMeasurement of success, continuous improvement, cost optimisation, governance & reporting

Full Google SecOps migration checklist

Let’s dive into the details for each phase of the migration process.

Pre-migration checklist: Establishing the baseline

  1. Inventory current environment
    • Catalogue all data sources feeding Splunk: log types, volumes (GB/day), retention policies, on-prem vs cloud vs multi-cloud.
    • Map all current detections, dashboards, reports, playbooks, SOAR workflows.
    • Identify any compliance/regulatory retention obligations (audit logs, legal hold).
    • Establish current licensing costs, infrastructure (forwarders, indexers), staffing.
  2. Assess SIEM performance & pain points
    • Are you seeing cost escalation vs benefit (slower detection, high false positives, low automation)?
    • Is the SIEM struggling with data volume growth, scalability, multi-cloud telemetry?
    • Are SOC analysts spending more time on infrastructure/configuration than investigations?
    • Are you able to integrate newer requirements (cloud workloads, containers, IoT/OT, multi-cloud) effectively? This 451 Research report indicates many orgs run multiple SIEMs due to tool sprawl.
  3. Define business & security objectives
    • What do you hope to achieve? E.g., faster detection/response, lower cost, improved coverages, cloud alignment.
    • What are the key metrics: mean time to detect (MTTD), mean time to respond (MTTR), cost-per-alert, false positive rate, regulatory coverage, etc.
    • What is your target SOC maturity in e.g., 12-24 months? Are you planning a cloud-first strategy, heavier automation/AI, less on-prem infrastructure?
  4. Build the migration justification
    • Prepare a comparative TCO/ROI: legacy SIEM vs cloud-native. Google SecOps materials claim e.g., “ingest and analyse your data at Google speed and scale” and highlight cost benefit.
    • Understand what it will cost to migrate: re-write detections, dashboards, data flows, training, potential downtime.
    • Present risk assessment: What happens if you don’t migrate (risk of obsolete tool, scaling failure, cost spirals)? The “Great SIEM Migration” guide argues that legacy tools may become “dinosaurs”.

Migration-phase checklist: Executing the transition

  1. Select migration path & vendor/partner support
  2. Data ingestion, normalization & compatibility
    • Ensure: all of your log types/sources in Splunk are supported by the new platform. Google SecOps supports ingestion of Splunk CIM logs.
    • Plan for data mapping: Splunk field names, dashboards, custom fields → new schema.
    • Address historic data: Will you migrate archives? Will you keep Splunk as store-only? Community posts warn that mapping old archives can be complex.
    • Validate performance: test ingestion, query latency, retention policies on the new platform.
  3. Detection rules, dashboards, SOAR workflows
    • Catalogue existing detection rules, dashboards, SOAR playbooks in Splunk.
    • Determine which can be reused, which need rewriting. Ensure parity: detection coverage, mapping to MITRE ATT&CK, business use-cases. Splunk claims strong out-of-box detection library.
    • Build and test new rules/playbooks in Google SecOps; validate they meet or exceed current performance (MTTD, MTTR, false positives).
    • Ensure analyst training and new workflows are adopted: new UI, new query language, new incident-investigation flows (Google SecOps offers “Gemini in security operations” natural-language assistant).
  4. Integration & ecosystem fit
    • Ensure that Google SecOps integrates with your existing tool-stack (EDR, identity, network, cloud logs, SOAR, threat intel). Google advertises 300+ SOAR integrations.
    • Confirm multi-cloud/on-prem data ingestion: check vendor statements.
    • Validate APIs, custom connectors, forwarder architecture. Splunk vs Google SecOps comparison note: Splunk emphasizes hybrid flexibility.
  5. Governance, compliance & retention
    • Check how historic data will be retained, archived, accessed, both for compliance (audits/regulators) and investigations.
    • Confirm where the data resides (region/residency rules), encryption, access controls. Google SecOps claims to treat all data as first-party.
    • Align on SLAs, incident response metrics, roles & responsibilities.
    • Define cut-over strategy: Will Splunk be decommissioned or kept in read-only mode? Define freeze date, dual-runs, parallel operations.
  6. Risk management & business continuity
    • Define fallback/rollback plans: If the new platform fails, do you have the old SIEM in warm standby?
    • Monitor for data loss/misalignment during migration (NXLog warns of risks).
    • Communicate to stakeholders: SOC analysts, business units, auditors. Ensure training and change-management.
    • Set benchmarks and metrics: Time to detect/resolve in new platform vs old; cost per alert; staff utilisation; alert volumes; false positives.

Post-migration checklist: Optimizing & sustaining value

  1. Validate outcomes & measure success
    • Measure MTTD, MTTR, alert volumes, analyst productivity pre- and post-migration.
    • Compare actual cost savings vs business case.
    • Assess detection coverage: Are all critical use-cases still covered? Are any gaps emerging?
    • Run periodic health checks (some vendors like CardinalOps offer detection-rule health monitoring with MITRE ATT&CK coverage for Google SecOps).
  2. Continuous improvement & SOC maturity evolution
    • SOC maturity doesn’t stop at migration. Use freed-up resources to focus on advanced use-cases (threat hunting, proactive detection, automation, investigations).
    • Tune detection rules, remove noise, refine playbooks.
    • Leverage AI/natural-language features (Google SecOps touts “Gemini in security operations”).
    • Plan for future: hybrid/multi-cloud expansions, new telemetry sources, OT/IoT, supply-chain threats.
  3. Decommission legacy infrastructure & optimise cost
    • If the migration path included decommissioning the old SIEM (or reducing its role), ensure you turn off unneeded licences/infra.
    • Monitor the cost model of the new platform: ingestion volumes, retention policies—ensure you don’t inadvertently pay for excess.
    • Re-allocate resources: freed licences, server hardware, staff time — invest into SOC capability rather than maintenance.
  4. Governance, audit and stakeholder reporting
    • Update your SOC governance frameworks: incident-response playbooks, escalation paths, KPIs aligned with the new platform.
    • Communicate to board/executive leadership key outcomes: improved detection/response, cost rationalization, strategic alignment.
    • Ensure audit/compliance reports reflect the new tooling (document changes, validate controls).
    • Set up periodic reviews of tool performance, vendor roadmap, SOC maturity.

Final thoughts

Migrating to Google SecOps isn’t a simple platform swap, it’s a redesign of how your SOC operates. The upside: cost efficiency, scale, and automation can be immediate. The risks: migration complexity, content gaps, and operational disruption are real and must be managed deliberately.

As a CISO or SOC leader, treat this as a transformation program. Use the table and/or the full Checklist above to drive decisions; follow a strategic landing plan to sequence work; and anchor on the three non-negotiables outlined above:

  1. A clear detection strategy (migrate only if the value is there; rebuild the rest in YARA-L),
  2. Data onboarding at scale with a parser matrix and cost guardrails, and
  3. An operating model that prevents alert debt from day one through automation and measurable KPIs.

If you want help getting there faster, we can provide a SIEM jumpstart (curated + bespoke YARA-L rules, MITRE gap analysis and coverage, detection reviews, continuous improvement with Intezer engineers), a parser/ingestion plan for multi-cloud, and of course, Intezer Forensic AI SOC’s triage to meet on day-one, 100% alert coverage with full auditability so your analysts focus on the few cases that truly need their context and expertise.

Learn more about how Intezer can help you with your SecOps migration.

The post Comprehensive Google SecOps migration checklist for CISOs and SOC leaders appeared first on Intezer.

Top 15 AI SOC Tools for 2026: SOC Automation Compared

2 December 2025 at 13:01

The Security Operations Center (SOC) has always been the heart of enterprise defense, but in 2026, it’s evolving faster than ever.

The rise of AI-driven SOC platforms, often referred to as Agentic AI SOCs, is redefining how enterprises detect, investigate, and respond to threats.

For years, security teams relied on a mix of SIEM, EDR, and MDR vendors to stay ahead of attacks. But these stacks often created their own problems: endless alert noise, long investigation times, and an overworked analyst team stuck in repetitive triage.

The new generation of AI SOC platforms changes that. They leverage large language models (LLMs), enabling SOCs to automatically triage and investigate every alert in minutes, not hours.

In this guide, we’ll break down the Top 15 AI SOC platforms to watch in 2026, ranked by how they balance speed, accuracy, explainability, and coverage across modern enterprise environments.

What is an Agentic AI SOC?

“Agentic” AI refers to systems that don’t just respond, they act. In cybersecurity, an Agentic AI SOC is capable of performing end-to-end investigations, drawing conclusions, and recommending (or executing) responses based on forensic evidence and reasoning.

These platforms are trained not only to summarize alerts but to understand their context, correlating data across endpoints, identities, networks, and cloud systems.

The best AI SOCs of 2026 are explainable, autonomous, and fast, providing the confidence enterprises need to trust machine-led decision-making.

Top AI SOC platforms in 2026 comparison table

PlatformBest forKey strength
Intezer (Forensic AI SOC)Large EnterprisesForensic-level, explainable investigations
7AIEnterprises exploring multi-agent automationMulti-agent orchestration
AiStrikeMid-market SOCsAffordable automated triage
SentinelOne (Purple AI)Enterprises using SentinelOne EDRIntegrated SOC automation
CrowdStrike (Charlotte AI)Falcon ecosystem usersGenerative AI for summaries
BlinkOpsSecurity automation teamsPlaybook-based automation
Bricklayer AIStartupsLightweight triage and reporting
Conifers.aiCloud-native companiesCloud-first visibility
Vectra AIMature SOCsNetwork threat detection
Dropzone AISOC automation innovatorsHuman-in-the-loop design
ExaforceMinimizing SIEM CostAlert routing and prioritization
Legion SecuritySOCs with expert analystsWorkflow management
Prophet.aiPredictive threat modelingProactive threat detection
Qevlar AILLM-driven SOCsAI triage experiments
Radiant SecurityMid-market enterprisesResponse recommendations

1. Intezer: Best AI SOC platform for enterprise SOCs

Best for: Large enterprises that prioritize speed, accuracy, and complete alert coverage.

Intezer AI SOC is built for enterprise and MSSPs, trusted by global brands including NVIDIA, Salesforce, MGM Resorts, Equifax, and Ferguson.
Intezer investigates 100% of alerts in under two minutes with 98% accuracy.

Unlike other platforms that rely solely on LLM-generated heuristics, Intezer fuses human-like reasoning with multiple AI models and deterministic forensic methods,  including code analysis, sandboxing, reverse engineering, and memory forensics.
The result is evidence-backed, explainable verdicts that eliminate the guesswork for SOC analysts.

For enterprises managing millions of alerts across SIEM, EDR, cloud, and identity systems, Intezer delivers full alert coverage and eliminates the low-severity blind spots that MDRs often ignore.

With endpoint-based pricing, Intezer removes the “alert tax” of data-ingest models and helps SOC leaders prove ROI to their boards, without expanding headcount.

Why enterprises choose Intezer

  • 100% alert investigation coverage across SIEM, EDR, phishing, identity, and cloud
  • Sub-2-minute investigations with 98% accuracy
  • Transparent, explainable verdicts
  • Trusted by Fortune 500 enterprises
  • Predictable ROI and cost efficiency

Experience Intezer in action with a custom demo.

Hear what CTO of MGM has to say about Intezer.

2. 7AI: Best for multi-agent SOC automation

7AI is one of the most experimental platforms in the 2026 AI SOC space. It focuses on multi-agent orchestration, where separate AI agents collaborate to triage, enrich, and investigate alerts across different domains.

Screenshot of 7AI product

While its architecture is impressive, 7AI is best suited for innovation-driven security teams that have strong engineering capacity and want to customize workflows. It performs well in large-scale EDR and cloud environments but requires fine-tuning for reliability.

Best for: Enterprises exploring multi-agent SOC architectures.

3. AiStrike: Best for mid-market SOCs

AiStrike targets the mid-market segment with a focus on cost-effective AI triage. It offers a simple, clean dashboard that connects with EDR and SIEM tools to automatically prioritize alerts. While its forensic depth is limited compared to enterprise-grade solutions, AiStrike delivers solid speed and automation for smaller SOCs.

Aistrike dashboard

Best for: Mid-market SOCs that want affordable, plug-and-play AI investigations.

4. SentinelOne (Purple AI): Best for endpoint-centric SOCs

SentinelOne’s Purple AI brings native AI investigation and response into the SentinelOne platform. It’s tightly integrated with SentinelOne’s EDR and XDR stack, which makes it a strong option for organizations already using the SentinelOne’s stack.

SentinelOne Purple AI product image

While Purple AI provides quick, summarized threat analysis and remediation recommendations, it focuses heavily on endpoints rather than full enterprise coverage.

Best for: Enterprises deeply invested in SentinelOne’s ecosystem that want integrated AI triage.

5. CrowdStrike (Charlotte AI): Best for AI-driven summarization

CrowdStrike’s Charlotte AI is the generative assistant within the Falcon platform, built to help analysts ask natural-language questions and interpret alerts faster.

Crowdstrike Charlotte AI product image

While not a fully autonomous SOC, Charlotte AI improves analyst experience and productivity by summarizing incidents and surfacing relevant insights. It’s ideal for teams that want to augment analysts rather than automate full investigations.

Best for: Enterprises using the CrowdStrike Falcon suite that want faster analyst assistance.

6. BlinkOps: Best for automation engineers

BlinkOps focuses on workflow automation, not investigations per se. It enables security teams to build playbooks and automation pipelines that connect multiple tools (SIEM, EDR, IAM, etc.).

BlinkOps prod image

While it doesn’t deliver forensic-level verdicts, BlinkOps is popular among DevSecOps teams that want custom automation flexibility.

Best for: Security engineers looking to automate existing SOC workflows.

7. Bricklayer AI: Best for startups and lean SOCs

Bricklayer AI provides lightweight alert triage and reporting capabilities. It’s built for smaller organizations that want to reduce alert fatigue without complex integrations. Its simplicity and affordability make it a solid entry point for teams without mature SOC processes.

Best for: Startups building early SOC capabilities on a budget.

8. Conifers.ai: Best for cloud-native companies

Conifers.ai specializes in cloud-first security visibility across AWS, Azure, and Google Cloud. Its AI models excel at correlating identity, network, and workload activity to flag potential breaches.

conifer.ai dashboard

It’s not a full SOC replacement, but it significantly enhances cloud investigation and response.

Best for: Cloud-first organizations seeking AI-enhanced detection and context.

9. Vectra AI: Best for network and identity threat detection

Vectra AI has long been a leader in AI-driven network detection and response (NDR). Its platform now extends into AI SOC territory, combining real-time detection with contextual identity analysis.

Vectra AI product image

Vectra is strong in hybrid environments but remains specialized in network telemetry rather than full-stack coverage.

Best for: Enterprises prioritizing network and identity visibility.

10. Dropzone AI: Best for SOC automation innovators

Dropzone AI represents the new wave of human-in-the-loop SOC automation. It allows analysts to supervise and approve actions initiated by AI, blending human expertise with autonomous investigation.

Dropzone.ai product image

While not as proven in large enterprises as Intezer, Dropzone’s agentic architecture makes it an intriguing option for forward-thinking SOCs.

Best for: SOCs experimenting with supervised AI autonomy.

Read about what CISOs are looking for in an AI SOC platform

11. Exaforce: Best for minimizing SIEM cost

Exaforce uses a multi-model AI engine to reduce alert overload, accelerate investigations, and expand detection coverage without relying on a traditional SIEM. Its AI stack, combining data-ingestion models, behavioral machine learning, and large language models, analyzes real-time telemetry while cutting SIEM-related storage and licensing costs.

Exaforce product image

The platform adapts quickly through feedback loops and natural-language business context, continuously refining accuracy and reducing false positives. With investigative graph visualizations and flexible deployment options, Exaforce helps streamline complex investigations.

Best for: Companies struggling with excessive SIEM spend.

12. Legion Security: Best for companies with expert human analysts

Legion automates SOC investigations by capturing and operationalizing real analyst decision-making. Its browser-based agent records every step of an analyst’s workflow such as data reviewed, actions taken, judgments made and then creating reusable investigative logic.

Legion Security product image

These recordings evolve into living agents that can be replayed, tested, refined, and re-executed across new alerts. Legion offers flexible deployment options including cloud, hybrid, or customer-hosted to support diverse security and compliance requirements. 

Best for: Organizations with expert human analysts, looking to create custom AI agents that can mirror their in-house best practices and knowledge. 

13. Prophet Security: Best for predictive SOCs

Prophet focuses on automated alert resolution using agentic reasoning that mirrors how experienced analysts assess user behavior, asset context, and threat indicators. It enriches alerts with data from endpoints, cloud systems, identity platforms, and threat intelligence to deliver high-confidence dispositions without relying on static rules. The platform supports flexible automation, from fully automated closure of benign alerts to analyst-in-the-loop escalation, and includes a copilot-style natural language interface for deeper investigation and threat hunting. 

Best for: Enterprises investing in predictive threat modeling and trend forecasting.

14. Qevlar AI: Best for experimental SOCs

Qevlar is an AI-powered investigation co-pilot that enhances analyst workflows by replicating the reasoning and research steps of human investigators. It ingests alerts from various tools and produces structured, evidence-backed reports with clear verdicts, confidence levels, and referenced data sources. Instead of suppressing or prioritizing alerts, Qevlar enriches and interprets them while preserving full analyst oversight. It also offers an automated documentation engine and support for on-prem deployment.

Best for: SOCs experimenting with AI-based triage prototypes.

15. Radiant Security: Best for mid-market enterprises

Radiant Security positions itself as an AI SOC for the mid-market and differentiates itself with claims of adaptive AI that can learn how to handle never-seen-before alerts as well as a built-in, affordable logging solution leveraging customers’ own archive storage. 

Radiant Security log management

Best for: Mid-market companies looking to eliminate expensive SIEM costs. 

The future of Agentic AI SOCs

The next evolution of SOC automation goes beyond alert management. In 2026 and beyond, Agentic AI SOCs will not only investigate but also take verified actions, quarantining hosts, isolating sessions, and orchestrating containment based on evidence and policy.

This shift demands trust, explainability, and speed. Enterprises can no longer afford “black-box” AI that delivers vague suggestions. They need platforms capable of forensic reasoning, auditability, and full coverage, exactly what Intezer Forensic AI SOC delivers.

SOC leaders who adopt these systems early will gain measurable efficiency, lower operational risk, and stronger security posture, without expanding headcount.

Final thoughts

AI SOC platforms are transforming how enterprises defend against modern threats.
While each platform on this list has unique strengths, Intezer stands out as the clear enterprise choice for those who demand accuracy, speed, and complete visibility.

See how Fortune 500 SOCs cut through the noise, reduce risk, and reclaim their time with Intezer. 

Book a demo to experience Intezer in action.

The post Top 15 AI SOC Tools for 2026: SOC Automation Compared appeared first on Intezer.

Introducing Intezer Forensic AI SOC

25 November 2025 at 12:38

Modern SOC teams face some real challenges. They are drowning in alert volume, short on experienced analysts, and facing a new generation of AI-driven attacks that operate faster than humans can respond. This combination is eroding SOC effectiveness, slowing response times, and creating blind spots where real threats hide in low-severity alerts that teams no longer have the time or capacity to investigate.

To meet this moment, Intezer is proud to unveil Intezer Forensic AI SOC, the only AI SOC platform battle-tested inside some of the world’s most targeted and security-mature organizations. Already trusted by more than 150 enterprises, including 15 of the Fortune 500, the platform brings forensic-grade accuracy, full alert coverage, and sub-minute triage to modern security operations.

Why enterprises need a Forensic AI SOC

As attack surfaces grow, many organizations turn to MDR providers for 24/7 alert triage. But MDRs often operate as black boxes with inconsistent quality, high escalation rates, and limited visibility, leaving low-severity alerts unaddressed and creating gaps adversaries can exploit.

Most “AI SOC” tools depend entirely on AI agents for alert triage and investigation. This leads to surface-level results, slower performance, and higher compute usage, limiting their ability to process large alert volumes, especially low-severity signals where threats frequently hide.

The way forward requires an approach that removes SOC bottlenecks while delivering stronger, more reliable security outcomes. 

Why this matters now

The recent Anthropic AI espionage report marks a turning point. Threat actors are now weaponizing AI agents to automate full intrusion chains at machine speed.

These attacks often leave behind subtle, low-severity breadcrumbs that traditional SOCs and MDRs overlook. Without full alert coverage and forensic-grade triage, organizations cannot detect or contain AI-driven campaigns before they escalate.

This is precisely the gap Intezer’s Forensic AI SOC was built to close.

Watch session on how security leaders prepare for the new era of AI-orchestrated cyber attacks.

The Forensic AI SOC advantage

Intezer Forensic AI SOC flips the AI SOC model on its head. Instead of solely relying on AI Agents and LLMs, our platform combines AI agents and automated orchestration of  deterministic forensic tools, to mimic the triage and investigation methods used by elite responders and perform deep, accurate investigations at speed and scale.

Every alert is examined through a forensic lens using Intezer’s battle-tested capabilities, including endpoint forensics, reverse engineering, network artifact analysis, sandboxing, and other proprietary methods. These are paired with the adaptive research and reasoning of multiple LLMs to ensure both depth and flexibility in every investigation.

Intezer Forensic AI delivers:

  • 100% alert coverage, including low-severity alerts often ignored by SOCs and MDRs
  • Fewer than 4% of alerts escalated for human review
  • 98% accurate, consistent verdicts backed by deterministic evidence
  • 1-minute median triage time
  • Predictable, scalable pricing tied to endpoints, not alert volume or costly model usage

Enterprises get both the intelligence of AI and the rigor of forensics, without sacrificing speed, cost, or accuracy.

Proven in the world’s most targeted enterprises

Intezer supports over 150 enterprises, including 15 of the Fortune 500, across verticals such as finance, tech, pharma, critical infrastructure, hospitality and more. These organizations operate some of the most complex and heavily targeted environments in the world and rely on Intezer to keep their businesses secure. 

“Intezer’s AI-driven triage has been transformative for our SOC. It integrates seamlessly with our existing systems and delivers analyst-level investigations at scale, giving our team the confidence that every alert is handled with forensic accuracy.”

Branden Newman, CTO, MGM Resorts International

Built for the growing demands of enterprise SOCs

Enterprise SOCs must respond not only to rising alert volume, but also to increasing business pressure for speed, consistency, and measurable risk reduction. Companies using Intezer Forensic AI SOC enjoy:

  • Lower business risk
    Every alert, including low-severity signals used by modern attackers, is investigated with dramatically shortened MTTR.
  • Predictable, cost-efficient pricing
    Pricing aligned to endpoints avoids the unpredictable costs of LLM-heavy AI SOCs.
  • Instant time to value
    Hundreds of integrations enable rapid deployment and immediate time-to-value without training models on customer data.
  • Doing more with less
    Reduce MDR dependence and automate analyst workloads to optimize budgets and expand SOC output.

Built by security experts, for security experts

Intezer was founded and shaped by world-class SecOps leaders, security researchers and incident responders who have spent their careers defending some of the most targeted organizations and building foundational cybersecurity technologies.

Our leadership team includes pioneers who helped create and scale major cybersecurity companies. This firsthand experience responding to advanced threats, operating high-pressure SOC environments, and building products used by thousands of security teams worldwide directly informs how Intezer designs its technology.

We understand what analysts need, speed, accuracy, transparency, and trustworthy automation, because we’ve lived those challenges ourselves.

Intezer Forensic AI SOC reflects that operational DNA with a platform built not by generic AI engineers, but by practitioners who have spent years reverse engineering malware, hunting nation-state adversaries, leading global IR engagements, and building tools that analysts rely on every day.

Join the future of the SOC, today!

The SOC is entering a new era. Machine-scaled attacks demand an approach grounded in both forensic rigor and adaptive AI enabling consistent, accurate investigations to defend the enterprise. 

To explore how Intezer’s Forensic AI SOC can strengthen your operations, schedule a conversation with a product expert today!

The post Introducing Intezer Forensic AI SOC appeared first on Intezer.

Why the “AI SOC Agent” narrative misses the point: The future is about security outcomes, not workflow augmentation

16 November 2025 at 17:50

tl;dr Greater productivity ≠ greater security outcomes. Kinda like why being able to accelerate from 0-60 MPH doesn’t help when the ice is cracking under your wheels.

And now, the full version.

AI SOC shouldn’t just “augment workflows”, that’s a productivity-locked perspective. The goal and the delivery capability that exists right now is to deliver full-scale enterprise triage of 100% of alerts with forensicly-accurate verdicts. That looks like streamlined triage, explainable verdicts, measurable accuracy, and operational resilience. There’s already an AI SOC platform that has operationalized what Gartner calls “emerging”.

While recent Gartner reports on “AI SOC Agents” and “SecOps Workflow Augmentation” succeed in elevating the conversation, they also reveal how incomplete that conversation still is. Both documents frame AI in the SOC as a promising but premature experiment, a toolset meant to make analysts more productive, not organizations more secure. That framing misses the point. AI isn’t about automation for automation’s sake; it’s about turning expert knowledge, data, context, and expertise into repeatable, scalable decision-making that covers every alert with confidence and context.

The bias in today’s AI SOC conversation

Gartner’s reports argue that AI SOC agents should be treated as “workflow augmentation tools” to reduce analyst fatigue and improve response efficiency. They recommend cautious adoption, structured pilots, and human-in-the-loop validation. Pragmatic? When LLMs are relied upon solely, sure. But the underlying assumption that enterprise-proven AI is not yet mature enough to deliver reliable outcomes is outdated.

In practice, this mindset anchors the market in productivity metrics, not security performance. It evaluates how efficiently teams work, not how effectively they defend. The focus stays on “mean time to detect” and “mean time to respond,” rather than the more critical questions:

  • Are ALL alerts being triaged?
  • Are verdicts, not just investigations, consistently accurate?
  • Are we actually reducing risk, not just improving the process?
  • Are alerts triaged in seconds & minutes for true containment & response?

That’s where the emerging class of true AI SOC platforms breaks away from the Gartner lens.

Workflow augmentation isn’t security

The distinction matters. Augmentation is an operational improvement; outcomes are a security transformation. Most vendors today build tools that accelerate investigation but still depend on human oversight for every meaningful decision. Those are SOAR 2.0 platforms: automation-centric, workflow-obsessed, and still fundamentally enrichment, not triage.

A true AI SOC, by contrast, triages every alert across the stack autonomously, determines a verdict with auditable reasoning, and escalates only when necessary, typically less than four percent of the time. This isn’t a co-pilot; it’s a teammate that already performs at the level of a seasoned analyst and identifies the needles without the haystack. This is incredible for the SOC analysts that are focused on looking at real alerts.

Security outcome execution is the critical requirement any true AI SOC should provide:

  • Resolve millions of alerts monthly across distributed environments with <4% escalation rates.
  • Deliver verdict accuracy above 97.7% through hybrid deterministic and AI reasoning.
  • Provide explainable decisions, validated by periodic human review and forensic evidence.
  • Uncover real threats in seconds & minutes, not hours.

This isn’t augmentation; it’s execution.

Read more about properly framing the AI SOC conversation.

The “emerging” technology that’s already operational

Gartner describes AI SOC agents as an “emerging technology” that promises to evolve beyond playbook-driven automation. The irony is that enterprise SOCs are already running on these systems today. Fortune 10 environments and thousands of organizations worldwide are triaging every single alert, not just the critical and high-severity ones, through AI that emulates human reasoning at scale.

These systems don’t “pilot” AI; they operationalize it. They deliver 24/7 SOC capability, instant triage, and consistent decision-making grounded in explainable logic, not black-box inference. They prove that an AI SOC is no longer a future-state concept. It’s production-grade infrastructure that’s rewriting what operational maturity means, and has been for years now.

The difference between Gartner’s caution and what’s happening in practice is simple: proof.

Measuring what actually matters

The reports fixate on efficiency → MTTD, MTTR, analyst satisfaction, but those metrics only tell half the story especially for antiquated SOCs. The next generation of AI SOCs defines success through security outcome metrics, including:

  1. Total alert coverage – Every alert analyzed, across all severities and sources.
  2. Verdict accuracy – The supermajority of decisions must be right, consistently and explainably.
  3. Escalation rate – Only the rarest cases should reach human review.
  4. Explainability – Every verdict is clearly backed by evidence: memory scans, forensic traces, and contextual reasoning.
  5. Feedback velocity – Every corrected verdict feeds back into the detection logic, closing the learning loop.

When you measure what truly matters, accuracy, coverage, trust, the difference between AI that “helps” and AI that defends becomes obvious.

Why “AI SOC Agent” ≠ “AI SOC Platform”

The reports conflate two very different things. An “AI SOC agent” is a single use case, an assistant. An “AI SOC platform” is a full operating model: triage, investigation, and response fused into a continuous feedback loop back to detection engineering. One optimizes efficiency; the other drives security transformation.

That’s the real inflection point the industry is standing at. SOCs that treat AI as a productivity booster will get marginal gains, which is a great thing for the industry. SOCs that rebuild around AI as a core operating principle will experience exponential gains with real risk reduction.

In other words: this isn’t about speeding up analysts, it’s about scaling their expertise across the entire alert surface.

From AI promise to proof

The challenge now isn’t technology, it’s perception. The AI SOC has already proven it can outperform legacy models built on manual triage and brittle playbooks. It has shown that full alert coverage, explainable verdicts, and continuous learning can coexist with human oversight and compliance.

The industry doesn’t need another year of pilots to “validate the promise.” It needs a new standard of performance.

The next evolution of the SOC will be measured not by how well it augments workflows, but by how confidently it can:

  • Detect and triage every signal.
  • Deliver verdicts with explainable evidence.
  • Quantify accuracy in measurable, repeatable terms.
  • Strengthen analyst trust through transparency.

That’s the AI SOC outcome model, here today.

Final thoughts

Gartner’s perspective is valuable for shaping the taxonomy of an emerging market. But the reality on the ground has already overtaken the research. The world doesn’t need another whitepaper on “potential.” It needs proof of performance, and it exists.

The future SOC isn’t augmented.

It’s autonomous, accurate, and accountable for strategic security outcomes that CISOs and leaders require, either now or in the next few months with the executive leadership push to operationalize AI.

The world’s largest enterprises today already benefit from the real market-defining traits of a forensic AI SOC.

To learn more about Intezer’s Forensic AI SOC platform, schedule a demo today!

The post Why the “AI SOC Agent” narrative misses the point: The future is about security outcomes, not workflow augmentation appeared first on Intezer.

What the Anthropic report on AI espionage means for security leaders

14 November 2025 at 17:35

1. Introduction: The Benchmark, Not the Hype

For a while now, the security community has been aware that threat actors are using AI. We’ve seen evidence of it for everything from generating phishing content to optimizing malware. The recent report from Anthropic on an “AI-orchestrated cyber espionage campaign”, however, marks a significant milestone.

This is the first time we have a public, detailed report of a campaign where AI was used at this scale and with this level of sophistication, moving the threat from a collection of AI-assisted tasks to a largely autonomous, orchestrated operation.

This report is a significant new benchmark for our industry. It’s not a reason to panic – it’s a reason to prepare. It provides the first detailed case study of a state-sponsored attack with three critical distinctions:

  • It was “agentic”: This wasn’t just an attacker using AI for help. This was an AI system executing 80-90% of the attack largely on its own.
  • It targeted high-value entities: The campaign was aimed at approximately 30 major technology corporations, financial institutions, and government agencies.
  • It had successful intrusions: Anthropic confirmed the campaign resulted in “a handful of successful intrusions” and obtained access to “confirmed high-value targets for intelligence collection”.

Together, these distinctions show why this case matters. A high-level, autonomous, and successful AI-driven attack is no longer a future theory. It is a documented, current-day reality.

2. What Actually Happened: A Summary of the Attack

For those who haven’t read the full report (or the summary blog post), here are the key facts.

The attack (designated GTG-1002) was a “highly sophisticated cyber espionage operation” detected in mid-September 2025.

  • AI Autonomy: The attacker used Anthropic’s Claude Code as an autonomous agent, which independently executed 80-90% of all tactical work.
  • Human Role: Human operators acted as “strategic supervisors”. They set the initial targets and authorized critical decisions, like escalating to active exploitation or approving final data exfiltration.
  • Bypassing Safeguards: The operators bypassed AI safety controls using simple “social engineering”. The report notes, “The key was role-play: the human operators claimed that they were employees of legitimate cybersecurity firms and convinced Claude that it was being used in defensive cybersecurity testing”.
  • Full Lifecycle: The AI autonomously executed the entire attack chain: reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, and data collection.
  • Timeline: After detecting the activity, Anthropic’s team launched an investigation, banned the accounts, and notified partners and affected entities over the “following ten days”.

Source: https://www.anthropic.com/news/disrupting-AI-espionage

3. What Was Not New (And Why It Matters)

To have a credible discussion, we must also look at what wasn’t new. This attack wasn’t about secret, magical weapons.

The report is clear that the attack’s sophistication came from orchestration, not novelty.

  • No Zero-Days: The report does not mention the use of novel zero-day exploits.
  • Commodity Tools: The report states, “The operational infrastructure relied overwhelmingly on open source penetration testing tools rather than custom malware development”.

This matters because defenders often look for new exploit types or malware indicators. But the shift here is operational, not technical. The attackers didn’t invent a new weapon, they built a far more effective way to use the ones we already know.

4. The New Reality: Why This Is an Evolving Threat

So, if the tools aren’t new, what is? The execution model. And we must assume this new model is here to stay.

This new attack method is a natural evolution of technology. We should not expect it to be “stopped” at the source for two main reasons:

  1. Commercial Safeguards are Limited: AI vendors like Anthropic are building strong safety controls – it’s how this was detected in the first place. But as the report notes, malicious actors are continually trying to find ways around them. No vendor can be expected to block 100% of all malicious activity.
  2. The Open-Source Factor: This is the larger trend. Attackers don’t need to use a commercial, monitored service. With powerful open-source AI models and orchestration frameworks – such as LLaMA, self-hosted inference stacks, and LangChain/LangGraph agents – attackers can build private AI systems on their own infrastructure. This leaves no vendor in the middle to monitor or prevent the abuse.

The attack surface is not necessarily growing, but the attacker’s execution engine is accelerating.

5. Detection: Key Patterns to Hunt For

While the techniques were familiar, their execution creates a different kind of detection challenge. An AI-driven attack doesn’t generate one “smoking gun” alert, like a unique malware hash or a known-bad IP. Instead, it generates a storm of low-fidelity signals. The key is to hunt for the patterns within this noise:

  • Anomalous Request Volumes: The AI operated at “physically impossible request rates” with “peak activity included thousands of requests, representing sustained request rates of multiple operations per second”. This is a classic low-fidelity, high-volume signal that is often just seen as noise.
  • Commodity and Open-Source Penetration Testing Tools: The attack utilized a combination of “standard security utilities” and “open source penetration testing tools”.
  • Traffic from Browser Automation: The report explicitly calls out “Browser automation for web application reconnaissance” to “systematically catalog target infrastructure” and “analyze authentication mechanisms”.
  • Automated Stolen Credential Testing: The AI didn’t just test one password, it “systematically tested authentication against internal APIs, database systems, container registries, and logging infrastructure”. This automated, broad, and rapid testing looks very different from a human’s manual attempts.
  • Audit for Unauthorized Account Creation: This is a critical, high-confidence post-exploitation signal. In one successful compromise, the AI’s autonomous actions included the creation of a “persistent backdoor user”.

6. The Defender’s Challenge: A Flood of Low-Fidelity Noise

The detection patterns listed above create the central challenge of defending against AI-orchestrated attacks. The problem isn’t just alert volume, it’s that these attacks generate a massive volume of low-fidelity alerts.

This new execution model creates critical blind spots:

  1. The Volume Blind Spot: The AI’s automated nature creates a flood of low-confidence alerts. No human-only SOC can manually triage this volume.
  2. The Temporal (Speed) Blind Spot: A human-led intrusion might take days or weeks. Here, the AI compressed a full database extraction – from authentication to data parsing – into just 2-6 hours. Our human-based detection and response loops are often too slow to keep up.
  3. The Context Blind Spot: The AI’s real power is connecting many small, seemingly unrelated signals (a scan, a login failure, a data query) into a single, coherent attack chain. A human analyst, looking at these alerts one by one, would likely miss the larger pattern.

7. The Importance of Autonomous Triage and Investigation

When the attack is autonomous, the defense must also have autonomous capabilities.

We cannot hire our way out of this speed and scale problem. The security operations model must shift. The goal of autonomous triage is not just to add context, but to handle the entire investigation process for every single alert, especially the thousands of low-severity signals that AI-driven attacks create.

An autonomous system can automatically investigate these signals at machine speed, determine which ones are irrelevant noise, and suppress them.

This is the true value: the system escalates only the high-confidence, confirmed incidents that actually matter. This frees your human analysts from chasing noise and allows them to focus on real, complex threats.

This is exactly the type of challenge autonomous triage systems like the one we’ve built at Intezer were designed to solve. As Anthropic’s own report concludes, “Security teams should experiment with applying AI for defense in areas like SOC automation, threat detection… and incident response“.

8. Evolving Your Offensive Security Program

To defend against this threat, we must be able to test our defenses against it. All offensive security activities, internal red teams, external penetration tests, and attack simulations, must evolve.

It is no longer enough for offensive security teams to manually simulate attacks. To truly test your defenses, your red teams or external pentesters must adopt agentic AI frameworks themselves.

The new mandate is to simulate the speed, scale, and orchestration of an AI-driven attack, similar to the one detailed in the Anthropic report. Only then can you validate whether your defensive systems and automated processes can withstand this new class of automated onslaught. Naturally, all such simulations must be done safely and ethically to prevent any real-world risk.

9. Conclusion: When the Threat Model Changes, Our Processes Must, Too.

The Anthropic report doesn’t introduce a new magic exploit. It introduces a new execution model that we now need to design our defenses around.

Let’s summarize the key, practical takeaways:

  • AI-orchestrated attacks are a proven, documented reality.
  • The primary threat is speed and scale, which is designed to overwhelm manual security processes.
  • Security leaders must prioritize automating investigation and triage to suppress the noise and escalate what matters.
  • We must evolve offensive security testing to simulate this new class of autonomous threat.

This report is a clear signal. The threat model has officially changed. Your security architecture, processes, and playbooks must change with it. The same applies if you rely on an MSSP, verify they’re evolving their detection and triage capabilities for this new model. This shift isn’t hype, it’s a practical change in execution speed. With the right adjustments and automation, defenders can meet this challenge.

To learn more, you can read the Anthropic blog post here and the full technical report here.

The post What the Anthropic report on AI espionage means for security leaders appeared first on Intezer.

Properly framing the AI SOC conversation 

2 November 2025 at 21:45

Gartner’s recent Innovation Insight: AI SOC Agents report is an encouraging signal that the concept of an “AI-powered SOC” has reached mainstream awareness. The report recognizes the potential of AI technologies to transform how security operations centers function, especially in augmenting analysts through automation and intelligent workflows.

Yet, while Gartner’s analysis succeeds in capturing the momentum of this space, it falls short in clarifying how and where AI actually fits within the security operations stack. By treating “AI SOC” as a monolithic, undifferentiated category, the report overlooks the crucial distinctions between detection, triage and response, each of which requires a very different kind of AI capability and delivers very different value.

A closer look at Gartner’s analysis 

Gartner’s report provides a valuable overview of how AI SOC can assist with detection, alert investigation, and even response recommendation. We wholeheartedly agree with Gartner’s advice that CISOs should evaluate which security activities are “volumetric, troublesome, or low-performing, and which would benefit the most from augmentation with the application of AI”. However, presenting all of the AI SOC functions (and vendors) as part of a single undifferentiated security ecosystem, can be confusing. 

This broad framing misses the fact that an AI model designed to improve SIEM detection logic operates on entirely different data, architecture, and feedback loops than one built to support analyst decision-making or response automation. The result is a flattening of a nuanced market into one monolithic category, useful for taxonomy, but not for decision-making.

For CISOs, this lack of segmentation makes it hard to answer the key strategic question: Where should we apply AI first to get tangible operational value?

By contrast, our view is that organizations should start by identifying which part of their operations needs augmentation most, then evaluate AI solutions purpose-built for that domain.

A clearer way to frame the AI SOC market

To understand where AI truly fits in and how it can deliver measurable outcomes, it helps to zoom out and look at the broader security operations stack. As we described in a previous blog post, “Making sense of the AI SOC market”, we see three main layers where AI can add value:

Detection (SIEM, XDR)

The first layer converts raw telemetry into actionable alerts. Here, AI can strengthen correlation logic, improve detection models, and reduce false positives. This is largely about data pattern recognition and automation of repetitive analysis.

Triage and Investigation (SOC / MDR)

The middle layer is where human analysts determine which alerts are real incidents worth escalating. This is where AI can truly emulate analyst reasoning, gathering context, cross-referencing intelligence, and presenting likely root causes. Done well, AI here acts as a co-analyst, not a replacement.

Response and Case Management (SOAR)

The final layer coordinates remediation and manages incident workflows. AI can accelerate playbook creation, automate routine case handling, and improve overall response time through dynamic decision logic.

Each layer offers opportunities for AI—but they are fundamentally different problems to solve. When vendors use the term “AI SOC” without specifying which layer they’re addressing, it creates confusion and unrealistic expectations.

A more practical evaluation framework

To move the conversation forward, we recommend a more structured approach to evaluating AI SOC solutions.

Step 1: Identify your target layer

Ask: Which layer of our operations needs the most improvement. Is it detection (SIEM/XDR/Cloud), triage (SOC/MDR), or response (SOAR)? 

This helps narrow the field to the right class of solutions rather than chasing the broad “AI SOC” label.

Step 2: Define measurable outcomes

Especially for alert triage and investigation (which is usually handled by an internal SOC or external MDR), establish metrics to compare performance, such as:

  • Reduction in mean time to detect (MTTD)
  • Noise reduction rate
  • Scale of alert coverage
  • Consistency across SOC shifts or analyst tiers
  • Triage accuracy

These metrics allow organizations to compare vendors on tangible outcomes, not vague AI promises.

Step 3: Evaluate transparency and integration

An effective AI SOC solution should clearly explain its reasoning, integrate easily with your existing tools, and allow human oversight. The goal is augmentation, not opacity.

Read more about why the “AI SOC agent” narrative misses the point.

The way forward

Gartner deserves credit for bringing visibility to an emerging market, but their analysis underscores how early and fluid this space still is. The future of the AI SOC isn’t one product category. It’s a set of AI capabilities applied intelligently across the detection–triage–response continuum.

Organizations that treat AI as a modular capability rather than a monolithic product will see the most success. The key is knowing your operational priorities and matching them to the layer where AI can have the greatest impact.

Conclusion

AI is not a magic “SOC-in-a-box.” It’s a set of technologies that, when properly targeted, can transform specific parts of security operations. Gartner’s latest report captures the enthusiasm, but not yet the structure, of this market.

At Intezer, we believe the path forward starts with clarity. Understanding the distinct layers of the SOC, the role AI plays in each, and the outcomes that matter most. Only then can organizations cut through the noise and choose the right AI SOC partner for their needs.

Explore how Intezer delivers complete peace of mind for your security operations! 

The post Properly framing the AI SOC conversation  appeared first on Intezer.

Making sense of the AI SOC market

23 October 2025 at 18:23

There’s been an explosion of buzz around the AI SOC market. More than 40 vendors are now claiming to do something in this space, but as with many emerging technology categories, the result is a lot of excitement and a lot of confusion.

In this video and in the article below it, I want to provide some clarity. What exactly is “AI SOC”? Where did this category come from? And how can security teams cut through the noise to find real value?

The origins of the AI SOC: An old problem meets new tech

The rise of the AI SOC stems from two converging forces. A very old problem and a very new technology.

The old problem is the persistent talent shortage in cybersecurity combined with the overwhelming volume of security alerts. Security teams have been drowning in these alerts for years, struggling to keep up with investigation and response.

The new technology is AI, especially large language models (LLMs) and adjacent innovations, which open up an opportunity to finally address that shortage by automating some of the human decision-making process.

The 3 layers of security operations

To understand where AI fits in and how it can help, let’s zoom out and look at the broader security operations stack. 

There are three main layers:

Detection (SIEM, XDR) is the first level which handles converting raw logs and other telemetry data into actionable alerts.

Triage and investigation (SOC) is the middle layer where human analysts determine which alerts are real incidents worth escalating.

Response and case management (SOAR) is the final layer that manages incident remediation with case assignment, and workflow automation.

Each layer presents opportunities for AI. For example, in SIEM/XDR, AI can improve detection logic and reduce false positives. For SOC, AI can simulate the investigative reasoning of human analysts. And when applied to SOAR, AI can accelerate workflow creation and automate routine case handling.

In each of these areas, vendors are loosely using the term AI SOC to describe what they are doing. And that is why it’s important to know what problem you are trying to solve and which ‘AI SOC” solution is appropriate for you.

Read about how AI is redefining detection engineering.

What AI SOC usually means

All that said, when people refer to AI SOC, they’re usually talking about that middle layer. The part focused on automated alert triage, investigation, and escalation.

That’s where Intezer focuses: providing 24/7 managed alert triage, investigation, and response powered by a decade of deep forensic analysis tooling combined with flexible and adaptable LLMs.

Our system automatically investigates alerts, surfaces only what truly requires attention, and escalates only up to 4% of alerts to human analysts.

This is where the market’s energy, and customer need, are currently concentrated. Teams want to scale their response capabilities without adding headcount, and AI SOCs make that possible.

How to evaluate AI SOC vendors

With so many vendors entering the field, it’s important to evaluate them based on clear, measurable criteria. Some of the key metrics that I’m hearing from our customers and prospect that they consider, include:

  • Accuracy: How precise are the AI-driven investigations?
  • Speed: How quickly can alerts be triaged?
  • Scale and coverage: Can the system handle all your alerts in a timely fashion?
  • Noise reduction: What percentage of alerts still require human review?
  • Context and transparency: Can you understand how the AI reached its conclusions, or is it a black box?

For more on this, see our guide to evaluate AI SOC tools (with questions to ask vendors).

The road ahead

AI SOC is one of the most exciting and fast-evolving categories in cybersecurity. It’s also one of the messiest, but that’s often a sign of real innovation happening.

For years, the industry has been searching for a way to truly solve the alert overload and talent shortage problem. With the arrival of AI-driven investigation technology, we’re finally seeing that vision come to life.

A recent SACR market analysis report examined these metrics across leading AI SOC vendors which can be very helpful for evaluating which solution is right for you. And I definitely recommend reading about Intezer in the report 🙂. 

At Intezer, we’re proud to help security teams reduce noise, focus on real threats, and scale their operations intelligently.

If you’re exploring this space, we’d love to be your partner in building a smarter SOC.

The post Making sense of the AI SOC market appeared first on Intezer.

❌