What's missing from agentic SOC: internal context.
The capability is real and the security products are doing good work. As an industry though, we still have something important to figure out before we hand defense to autonomous agents.
I believe every other organization right now is running behind agentic SOC and agentic SOAR. The pitch is good. The capability is genuinely exciting. And on most days, I'm one of the people building toward this future.
The volumes alone justify the rush. The average SOC sees around 4,500 alerts a day, and a large share of them go uninvestigated. No amount of headcount fixes that. Automation does. Which is why Gartner expects 70% of large SOCs to pilot AI SOC agents by 2028, but only 15% to actually succeed. That gap is what this post is about.
The question I keep coming back to
Is your agent trained on your internal context? Does it know how your applications behave on a normal Tuesday at 2am during batch processing? Does it know which authentication patterns are your Toronto team finishing timesheets versus a credential stuffing attempt?
A human analyst with six months of context picks this up. They learn your environment, your topology, the services that get touchy at end of quarter. An agent trained on generic security knowledge does not know any of that. It's making decisions on a map that isn't yours.
The priority problem
The failure mode I worry about isn't the dramatic one. The agent isn't going to take a catastrophically wrong remediation action. The risk is much quieter.
Take Mythos and the other newer "smarter" AI models. They're getting really good at finding things. A dependency audit might surface a package from 2007 with a known CVE that's been sitting in your stack for years. The model finds it. It flags it. And then it classifies it as low priority.
Why low? Because the CVE is old, public exploit kits don't widely use it, and the CVSS base score is moderate. In most environments the blast radius is limited.
But your environment isn't most environments. Maybe that package sits on a service that touches your most sensitive data store. Maybe a motivated attacker who has done their homework on you already knows this. The agent doesn't, because it doesn't have your graph. That's how a real risk gets quietly classified as low, sits in a queue, and waits for someone to get unlucky.
Why defense is different
Attackers only need to have one lucky day. Defenders need to have all the luck, every single day. An agentic system that consistently underweights a class of risk gives attackers a reliable angle into your environment. And because the agent is acting autonomously, the blind spot is invisible. With a human analyst you'd at least see the misclassification in a queue. With an agent it may never surface, until it's too late.
What we actually need to build
None of this is a complaint about specific security products. The products are doing good work and they will get there. The point is that as an industry we have to do the unglamorous second half of the work. Roughly:
- Asset inventories that are actually accurate and continuously updated.
- Application behavior baselines that reflect real usage, not assumed behavior.
- Data hygiene that catches stale labels, retired identities, and ownership drift before the agent acts on them.
- Internal risk weights specific to your topology and data sensitivity.
- A graph that connects services, data, identities, and findings so blast radius is computable per finding.
- Feedback loops so when the agent is wrong, you find out within days, not after the post-incident review.
None of that ships in a demo. All of it is what turns a generally smart agent into one that's trustworthy in your environment.
The work ahead
Right now, agentic AI adoption is reportedly outpacing governance by roughly eight to one. That's the gap I worry about most.
I think the security products will get there. I think we will get there as an industry. The capability curve is steep and the people working on this are sharp. But "we'll get there" and "let's deploy this autonomously today" are two very different statements, and conflating them is the actual risk.
We have a long way to run. And in defense, where attackers only need one lucky day, that distance matters.
