Fully autonomous security operations centers (SOCs) are flourishing on the cybersecurity market and trigger anxiety about a future with empty desks. In reality, however, top security vendors exhibiting at Infosecurity Europe 2026 actually agree on one thing: AI won't replace the SOC. It will replace the mind-numbing copy-pasting and routine ticket-taking. Speaking to Infosecurity, Brett Candon, VP of International at Dropzone AI, said AI is shifting the traditional multi-tiered SOC model into a leaner, smarter operation powered by accelerated ‘tier-1.5’ analysts and strategic engineers.
AI SOC: A Glass Box, Not a Black Box. Automation has promised to fix the SOC for over fifteen years, but vendors argue that true autonomy requires absolute transparency. Candon emphasized that AI must be treated as a supportive "glass box" rather than a mysterious black box. The goal, he noted, is to replace heavy manual investigation work while logging every procedural step so human analysts can easily audit the machine's rationale. Patricia Titus, Field CISO at Abnormal AI, agreed that human-in-the-loop validation remains a non-negotiable safety net. Organizations still need sharp minds to verify that the machine is performing accurately.
Intern Tier-1 and Professional Tier-1.5 SOC Analysts. Rather than eliminating entry-level professionals, this technological shift is entirely redefining their daily responsibilities. Instead of losing hours to repetitive data gathering, junior defenders are stepping straight into the role of what Candon called "tier-1.5 analysts," acting as supervisors and auditors of AI-driven investigations from day one. According to Candon, when AI handles tedious initial triage at machine speed, the human impact changes drastically. Job satisfaction has increased and employees feel like they are doing more useful tasks within the SOC.
Detaylar ve Etkileri
Emergence of A 'Cyber Defense Engineer' Role in AI SOCs. As analysts climb the value chain, Vega’s Shelmerdine anticipates the rise of an entirely new industry archetype: the cyber defense engineer. Advanced defenders are increasingly shedding the passive analyst title to think of themselves as active system builders. 'AI isn't going to replace the SOC, it's a cyber defense engineer who will,' Shelmerdine said. He described these modern professionals as engineers who control their SecOps platforms using advanced management protocols and natural language, effectively 'vibe coding their queries, their hunts, their dashboards, their reports, [and] their triage.'