The agentic SOC is coming. Most of what's being sold isn't it.

Every vendor with a SIEM has rebranded their chatbot as an "AI agent" this year. I've sat through enough of these demos to get specific about what bothers me.

A real agentic SOC, the way that phrase ought to be used, is a system that can take an alert, decide whether it matters, gather what it needs to be sure, take a containment action, and write up what it did — without a human in the loop for the routine 80% of cases. That's what agentic means in the rest of the AI world. An agent has a goal, a memory, tools, and the authority to act.

What's being demoed in most security keynotes is none of those things. It's a chat interface that summarises an alert when you ask it to. The agent is you. The security analyst is still doing every step of the workflow; the AI is just narrating it back to them in cleaner English. That's a co-pilot, and it's fine. But it's not agentic, and it doesn't deliver the economics that the agentic framing implies.

The economics matter, because that's what's being sold. When a CISO buys an "agentic SOC platform," they're not buying better dashboards. They're buying the implicit promise that they can run their L1 with three people instead of twelve. That promise is the entire reason these products command the prices they do. And almost none of the products on the market today can actually deliver it, because almost none of them have the authority to act, the containment surface to act on, or the judgment loop to know when to escalate to a human.

Let me unpack each.

Authority. Most "agentic" tools today live in a role with read-only access to your stack. They can summarise the alert; they cannot disable the user, isolate the host, revoke the session, or block the IP. Which means at the moment a decision needs to be made, control hands back to the analyst. That's not an agent. That's a smart inbox.

Containment surface. The few tools that do have write authority discover quickly that real-world IT environments are messy. Half the laptops are unmanaged, half the cloud accounts are owned by ex-employees, and the only person with the password to the legacy ERP is on holiday. An agent that can isolate a host in your EDR is useful for the 40% of your fleet that has EDR. For the rest, it's still humans running playbooks. Vendors don't say this part out loud.

Judgment loop. This is the hardest one. A real agent has to know when it's wrong, when to ask for help, and when to stop. SOCs are a particularly nasty environment for this because the cost of a false negative (a missed real attack) is enormous and the cost of a false positive (auto-isolating the CFO's laptop on a Friday) is career-ending. The current generation of LLM agents is genuinely bad at calibrated uncertainty. They will confidently triage a phishing alert as benign because the email sender is in the address book. Real attacks look exactly like that. We've already seen this in lab tests.

So when does a real agentic SOC arrive? I'd guess the first products that genuinely deserve the label show up in the next 18–24 months, and they'll come from one of two places. Either an EDR vendor extends authority into a model with proper guardrails, because they already own the containment surface and have clean telemetry. Or a cloud-native security platform builds it for cloud workloads only, where the environment is uniform enough that the agent can actually act with confidence. Both are tractable. Neither will be the "platform-agnostic agentic SOC" that's being sold today.

What I'd tell a CISO buying right now: don't pay agentic SOC prices for co-pilot value. Buy the co-pilot, get real productivity from it (because you genuinely will save L1 analyst time), but keep the headcount you have, because you still need them. When somebody shows you an agent that can actually close out a Sev-3 phishing alert end to end without a human touching it, and shows you the audit log of the last 1,000 times it did so with the false-positive and false-negative rates documented — then you're looking at the real thing.

We'll get there. The technology underneath is real. I just don't want any of my peers cutting their L1 team in 2026 on the strength of a demo, then watching a real attack walk past a chatbot that summarised it in cleaner English.

—

Zuhair runs Wattlecorp Cybersecurity Labs. Still hiring L1s.