Today, AI technologies are developing extremely rapidly and are gradually becoming indelible parts in diverse areas. Therefore, the emergence of AI in cybersecurity tools makes absolute sense. This trend is already clearly observed in solutions like Microsoft Sentinel, Splunk, Vectra, or SentinelOne, where behavior analysis helps to notice suspicious activity in large volumes of telemetry quickly. At the same time, attackers are actively exploring AI capabilities: they create more convincing phishing messages, use deepfakes in social engineering, and build more elaborate and adaptive attack scenarios.
One of the most tangible advantages of using AI in SOC operations today is that it can take over a significant portion of daily technical tasks. Thanks to automated rules and automation platforms, analysts can update detections faster, verify coverage, avoid mistakes in manually written rules, and respond promptly to the emergence of new attack techniques. In large and heterogeneous infrastructures, where log volumes are constantly increasing, this support is especially noticeable.
However, the effectiveness of these approaches directly depends on how well the data is collected and how fully the system perceives the environment. If logs are incomplete or there are ‘blind spots,’ automated rules simply have nothing to work with. In addition, such solutions perform best with known attack techniques and scenarios—those that are well-documented and have characteristic digital indicators. They recognize new or atypical attacker methods much less effectively.
AI is most effective at detecting large-scale, repetitive, and behaviorally predictable threats, such as scanning, brute-force attacks, typical malicious actions, or known APT techniques. In contrast, ‘low-noise attacks,’ ‘living off the land,’ and social engineering attacks remain a difficult challenge. In such situations, the analyst plays a decisive role, capable of correlating events, assessing context, and noticing what does not fit standard patterns.
Thus, the use of AI in SOC significantly enhances an organization’s cyber resilience, but it still cannot replace humans. The highest effectiveness is achieved by a combination: automation acts as an accelerator of operational processes, while analysts provide depth, flexibility, and strategic vision in defense.
Olga is a recognized expert in IT and information security with 19 years of experience. Among other things, she specializes in information security systems design and implementation. Her profound knowledge of IT technologies and principles of building IT infrastructure put her in the position of the Chairperson of the Committee on IT and Cyber Security of the German-Ukrainian Chamber of Industry and Commerce. Olga is also the CEO of the Ukrainian IT company Silvery LLC.
