Normal view

AI SOC Live at Nasdaq: Real conversation about modern security operations

20 April 2026 at 18:58

The SOC is broken. Not because of a lack of talent or effort, but because human capacity does not scale. Alert volumes keep rising. Attacks move faster. And the operating model still assumes analysts will investigate most of what comes in, which means the vast majority of alerts never get looked at.

Our AI SOC Report 2026, based on analysis of 25 million alerts across our global customer base, put a sharp number on the problem. Over 60% of alerts are never reviewed by SOC and MDR teams. Nearly 1% of all incidents trace back to alerts classified at the lowest severity levels, signals most teams never touch. With average enterprises generating around 450,000 alerts annually, that equates to roughly one real threat per week hiding in the backlog, undetected.

That is not a tool problem. It is an operating model problem.

On April 27, we are bringing together the security leaders who are doing something about it.

Get your invite to AI SOC Live at the NASDAQ today.

What is AI SOC Live

AI SOC Live is a monthly, online event where security leaders discuss the latest issues facing the cyber industry. This month, AI SOC Live will be a full-day, invitation-only event at the Nasdaq in New York City. It is designed for CISOs, security directors, SOC managers, and MSSPs who are not just watching AI transform security operations from the sidelines, but are in the middle of it, making decisions about how their teams operate, what they invest in, and where the humans actually need to be.

This event is a full day of sessions, panels, and conversations built around the people, processes, and technology required to run a world-class SOC in 2026.

Who you will hear from at AI SOC Live Nasdaq

The speaker lineup reflects how seriously we have curated this event.

Itai Tevet, CEO and Founder of Intezer, will open the day with a session on the new SOC operating model, what it means when AI executes investigation and humans supervise outcomes, and why that shift changes security results structurally, not incrementally.

Alon Cohen, Founder and Executive Chairman of both Intezer and CyberArk, will speak to the broader impact of AI on security, drawing on decades of experience building foundational security companies.

Pavi Ramamurthy, Global CISO & CIO at Blackhawk Network as well as a founding member of the Professional Association of CISOs, and a venture advisor at YL Ventures. She will be speaking about the role of humans in the SOC.

David Spark, Founder and Executive Producer of the CISO Series Podcast, will host a live recording of the show featuring Nick Vigier, CISO at Oscar Health, digging into AI SOC beyond the hype.

You will also hear from CISOs at WCG Clinical, and ION Group, alongside practitioners from Realm Security, Legato Security, Upwind Security, and Monad. Sessions cover cloud security for the AI era, the blueprint for AI SOC success, and what every CISO needs to manage not only their security, but their executive board as well. 

And Mitchem Boles, Field CISO at Intezer, and Marcus Mingo, Detection Engineer at Intezer, will be there all day, available for the kind of real, technical conversations that rarely happen at larger conferences. See the full list of speakers.

What the day looks like

The agenda moves quickly and stays practical.

The morning opens with sessions on the new operating model and AI’s impact on security, followed by a CISO panel on the role of humans in the SOC and a session from Realm Security on building a data-first AI SOC. After a working lunch with interactive product demos, the afternoon covers cloud security, a live CISO Series recording, and a panel on advancing SOC outcomes at the C-suite level.

The day closes with a photo opportunity in front of the iconic Nasdaq billboard, followed by a cocktail reception overlooking New York City.

Attendees also earn CPE credits through the event’s partnership with ISC2.

Why this conversation matters now

The 2026 data makes the stakes clear. Our report found that more than half of confirmed compromised endpoints had been marked as “mitigated” by the EDR vendor, meaning teams believed those machines were clean when they were not. 

The gap between what organizations believe is covered and what is actually investigated is where real risk lives. Closing that gap requires a different operating model, one where AI investigates every alert, including the low-severity signals that human teams deprioritize, and humans supervise outcomes instead of grinding through queues.

That is the conversation happening at AI SOC Live.

Who should attend

This event is designed for CISOs, VPs and Directors of Information Security, SOC managers, and MSSPs from large enterprises who are responsible for security strategy, risk decisions, and operational outcomes. Whether you are evaluating AI for the first time or scaling capabilities you already have deployed, the sessions and conversations are built for leaders making real decisions, not attendees collecting swag.

Space is limited and invitations are by request.

Request your invitation at intezer.com/ai-soc-live-nasdaq

 

The post AI SOC Live at Nasdaq: Real conversation about modern security operations appeared first on Intezer.

AI SOC for teams outgrowing MDR

25 March 2026 at 22:21

For teams that have outgrown their MDR, the answer isn’t a better MDR. It’s a different operating model.

MDR works. For a lot of teams, it’s the right solution at the right time. It brings experienced analysts, established processes, and investigation capacity that most organizations can’t build internally overnight.

But as environments grow and alert volumes climb, many teams start to feel the limits of the model itself. Investigation quality depends on analyst availability and shift coverage. Low and medium severity alerts get deprioritized because the queue demands it. And the security team watching from the other side can’t always tell whether the backlog is safe to ignore or hiding something real.

That’s not a failure of MDR. It’s a ceiling built into any operating model that scales investigation through human labor.

Today, we’re announcing expanded capabilities in the Intezer AI SOC platform, powered by ForensicAI™. Built for teams who’ve reached that ceiling and are ready for what comes next.

The risk in the backlog

Across enterprise SOC environments, roughly 60% of alerts go unreviewed. Not because teams aren’t working hard. Because there are only so many hours in a day, and the alert stream doesn’t stop.

“Many organizations handle millions of security events per year. There’s no possible way you can go through 100% of your alerts and resolve them completely, unless you rely on an AI platform.”
— Cecil Pineda, 4x CISO, Healthcare Industry

Our analysis of more than 25 million alerts found that nearly 1% of real threats originate from low-severity signals, alerts that most teams deprioritize or skip entirely. For a large enterprise, that’s an average of 54 true threat alerts per year. More than one per week. Hiding in the noise tier that nobody gets to. 

Read our full AI SOC research report.

There’s also a second gap that rarely gets discussed. Because investigation and detection engineering are siloed within most MDRs, real investigation outcomes almost never feed back into SIEM and EDR rule tuning. Noisy detections stay noisy. Coverage gaps stay gaps. The system doesn’t learn from its own work.

What’s new in the Intezer AI SOC

The Intezer AI SOC platform was built on a simple premise. If you can’t investigate every alert, you can’t meaningfully reduce risk. Intezer AI SOC handles the investigative execution (triage, correlation, forensic-depth analysis) across 100% of alerts, regardless of severity. Humans supervise outcomes and engage at the decision point.

With this expansion, we’re adding three capabilities that close the remaining gaps between autonomous AI SOC operations and the full-service coverage teams expect.

AI-driven detection engineering

Investigation outcomes now feed directly into a closed-loop detection engineering process. SIEM and EDR rules are tuned or created, at the source, based on real verdict data, threat intelligence, and observed attacker behavior. Broken detections, noisy rules, and coverage gaps are identified and addressed continuously. This is the connection that siloed MDR roles have historically missed. Triage informs detection, better detection shortens the triage process, and the system gets smarter over time.

On-demand security experts

When the AI surfaces a high-confidence incident and you want a second set of eyes, or you’re mid-response and need expert judgment, Intezer’s security researchers and analysts are available directly through the platform. You can request expert analysis of artifacts, alerts, and logs, get guidance during an active incident, or validate suspicious activity the AI flagged. A dedicated expert is always on call for urgent requests, with Customer Success tracking every engagement through to resolution.

Continuous feedback and model tuning

Every time your team reviews a verdict, marks a false positive, or flags a result that doesn’t fit, that signal improves the system. Intezer’s experts review edge cases, adjust tuning rules, and add custom AI instructions calibrated to your environment and risk profile. Tuning also happens proactively through continuous platform monitoring and improvements, with no periodic review project required.

Learn more about Intezer’s QA process. 

The shift

“Security operations have reached a structural limit. Human teams, whether internal or outsourced to MDR providers, cannot realistically investigate the volume of alerts enterprises now face. Our analysis of more than 25 million alerts makes the risk clear: Real threats are often buried in the low-severity signals that never get investigated. AI SOC changes the model by making full forensic investigation possible across every alert, continuously improving detection based on real outcomes, and allowing human experts to focus on the incidents that truly require judgment and response.”
— Itai Tevet, CEO and Co-Founder, Intezer

Together, these capabilities shift security teams away from manual alert processing and toward supervising outcomes. Organizations that have outgrown their MDR can now investigate 100% of alerts at forensic depth, trust the evidence behind every verdict, close the loop between investigation outcomes and detection quality, and bring in expert analysts when it matters most.

The result is stronger security outcomes, broader alert coverage, and the ability to operate at enterprise scale without the constraints of a human-scaled model.

AI executes. Humans supervise.

RSA Conference is where the security industry sets its direction. This year, AI in the SOC is the conversation happening on every floor of Moscone. But there’s a meaningful difference between AI that helps analysts work faster and AI that takes on the investigative function entirely.

This announcement draws that line with data. 25 million alerts analyzed, 60% going unreviewed in enterprise environments, real threats hiding in the low-severity tier at a rate of more than one per week. These aren’t hypotheticals. They’re findings from production environments at scale where Intezer is not simply delivering better analyst productivity, but rather measurable improvements in enterprise security. 

For teams that have been thinking about what comes after MDR, this is the moment to see it working. 

Visit Intezer at Moscone South, Booth #555

The post AI SOC for teams outgrowing MDR appeared first on Intezer.

Intezer’s 2025 momentum reflects rapid adoption of AI SOC in global enterprise 

25 March 2026 at 09:47

Security operations is undergoing a fundamental shift.

As alert volumes continue to rise and environments grow more complex, enterprises are moving away from security models built on manual triage, fragmented automation, and are looking to decrease their reliance on outsourced MDR services. More enterprises are adopting AI SOC as the new model for running security operations, one that can triage and  investigate all alerts at machine scale while keeping internal teams focused on judgment and response.

That shift was reflected clearly in Intezer’s momentum over the past year.

In 2025, Intezer processed more than 25 million security alerts across live enterprise SOC environments, as adoption expanded across large and complex organizations looking for a more scalable way to run security operations.

A year of strong growth

Over the past year, Intezer achieved several major company milestones:

  • Multiplied revenue year over year
  • Achieved 126% net revenue retention
  • Expanded adoption across Fortune 500 organizations
  • Scaled the team across key functions to support a growing enterprise customer base

These milestones reflect more than company growth. They reflect a broader market transition toward AI SOC as enterprises look for ways to investigate every alert, reduce hidden risk, and operate beyond the limits of human investigation capacity.

Growing industry recognition

Intezer’s momentum is also being recognized by media, industry analysts and practitioners. Here is a sampling of recent coverage.

Reuters covered Intezer’s research team’s work on uncovering novel cyber attacks this past December, that were targeting Russian defense organizations.

Well known industry analyst Richard Stiennon recently included Intezer in the 2026 Cyber 150, an independently compiled list based on IT-Harvest data, and has also included Intezer in his new book, Guardians of the Machine Age.

At the same time, practitioners are taking notice. In his write-up on Intezer’s 2026 AI SOC Report, Darwin Salazar highlighted the report’s forensic depth, auditability, and practical value in a crowded AI SOC market.

Why this momentum matters

Traditional SOC and MDR models are constrained by human investigation bandwidth. As alert volumes increase, teams are forced to prioritize only a subset of alerts, often based on severity labels before full context is available. That leaves real risk hiding in uninvestigated alerts.

Enterprises are increasingly adopting AI SOC to remove that bottleneck.

Intezer investigates 100% of alerts at forensic depth across endpoint, identity, cloud, network, phishing, and SIEM sources, escalating only the incidents (less than 2%) that require human judgment. This allows security teams to stay in control while scaling operations far beyond what manual investigation models can support.

What the numbers show

The business results from the past year point to strong validation in the market.

Doubling revenue year over year signals accelerating demand.

126% net revenue retention reflects strong customer expansion and continued platform adoption.

Growth across Fortune 500 organizations shows that large enterprises are increasingly embracing this operating model.

And continued team expansion across key functions ensures Intezer can support customers as adoption grows.

Looking ahead

The market is moving toward a new SOC operating model, one where AI executes investigations at scale and human teams focus on decisions, response, and strategy.

Intezer’s momentum over the past year reflects that shift clearly. As more enterprises look to eliminate investigation bottlenecks and reduce cyber risk, AI SOC is moving from emerging category to operational reality.

Learn more about Intezer.

The post Intezer’s 2025 momentum reflects rapid adoption of AI SOC in global enterprise  appeared first on Intezer.

❌