The AI SOC Agent Market Has a Measurement Problem
AI SOC agents are arriving in security operations centres faster than teams can evaluate them. Vendors promise dramatic reductions in analyst workload, faster triage times, and fewer missed threats. Some of those claims are real. Many are not. The problem is that most security teams lack a consistent framework for telling the difference. Gartner published guidance in 2024 identifying seven questions security leaders should put to any AI SOC agent vendor before procurement. Kyanite Blue Labs has taken that framework, tested it against real deployment patterns we observe across our managed services engagements, and added context specific to the UK and Australasian markets where our clients operate. What follows is not a buyer's guide in the traditional sense. It is a pressure-testing framework. If a vendor cannot answer these questions with specificity, that tells you something.
What Exactly Does the Agent Do — and What Does It Hand Back to a Human?
This is the foundational question, and it exposes the single most common source of confusion in the AI SOC agent space: the boundary between automation and augmentation. Some agents triage alerts autonomously and close low-fidelity noise without human review. Others surface enriched context to an analyst who still makes every decision. Both are legitimate architectural choices. Neither is inherently superior. The problem arises when vendors conflate the two, using terms like 'autonomous investigation' to describe what is actually a smarter notification. Ask the vendor to walk you through a specific alert lifecycle from ingestion to resolution. Where does the AI act independently? Where does it pause for human approval? What is the escalation logic when confidence is low? The answers will reveal whether the product is genuinely agentic or whether it is a well-marketed SOAR playbook with a language model bolted on. In practice, the teams that get the most value from AI SOC tooling are those running it alongside 24/7 managed detection and response capability. Sophos MDR, for instance, pairs AI-assisted triage with human analyst review, which means autonomous speed without the risk of unchecked automated decisions closing genuine incidents.
How Is Performance Actually Measured?
According to Gartner's 2024 analysis, most organisations deploying AI in security operations have no agreed definition of success before go-live. That is not a technology failure. It is a procurement failure. The metrics that matter for AI SOC agents are not the ones most vendors lead with. Mean time to detect (MTTD) and mean time to respond (MTTR) are useful headline figures, but they are easy to manipulate. A system that closes every low-priority alert immediately will show spectacular MTTR numbers while leaving your analysts drowning in the escalations it cannot handle. The questions worth asking include: What is the false positive rate on autonomous closures? What percentage of escalated alerts are confirmed true positives? How does analyst workload change in the first 30, 60, and 90 days post-deployment? What is the dwell time for threats that the system flags but does not close autonomously? If the vendor has no baseline data from comparable customer environments, that is a red flag. If they offer case studies, ask whether the customer environments matched yours in scale, sector, and alert volume.
How Does the Agent Handle Novel or Unknown Threats?
This is where AI SOC agents most frequently disappoint in production. Models trained on historical alert data perform well against known threat patterns. They perform considerably worse when adversary techniques drift outside that training distribution. The adversary landscape does not stand still. Ransomware groups iterate their tooling continuously. Phishing infrastructure rotates. Living-off-the-land techniques exploit legitimate system processes in ways that generate minimal telemetry. Ask the vendor specifically: how does the agent behave when it encounters an alert pattern it has not seen before? Does it default to closure, escalation, or does it flag uncertainty to the analyst? The answer to that question tells you more about production risk than any benchmark the vendor will show you. A system that confidently closes unknown-pattern alerts to maintain its throughput statistics is more dangerous than one that escalates aggressively. This is also why attack surface visibility matters upstream of the SOC. Tools like Hadrian continuously map your external-facing estate and surface exposures before they become incidents. Feeding that context into a SOC agent improves its ability to assess threat relevance — an alert against a system that Hadrian has already flagged as exposed carries different weight than one against an asset with no known vulnerabilities.
What Data Does the Agent Require Access To — and What Are the Governance Implications?
AI SOC agents are hungry for data. To triage effectively, they typically need access to endpoint telemetry, email headers, cloud activity logs, identity events, and network flow data. That access profile creates governance obligations that UK organisations in particular need to take seriously under UK GDPR. Ask the vendor: where does the data reside during processing? Is it sent to a cloud inference endpoint? Is there a UK or EEA data residency option? What data is retained, for how long, and for what purpose? Who has access to your telemetry within the vendor's infrastructure? These are not theoretical concerns. Security tooling is an attractive target for supply chain compromise precisely because it sits at the intersection of privileged access and sensitive data. Panorays, which Kyanite Blue uses to assess third-party risk for clients, consistently identifies security vendors as a high-risk supplier category — because a compromised security tool has access to everything the tool monitors. Demand a data processing agreement before deployment. Confirm sub-processor locations. If the vendor cannot produce that documentation on request, the conversation ends there.
How Does the Agent Integrate With Your Existing Stack — Without Creating New Gaps?
Integration claims from AI SOC vendors deserve close scrutiny. 'Integrates with your existing SIEM' can mean anything from a certified API connector with bidirectional data flow to a webhook that pushes alerts in one direction and never receives feedback. The integration question has two dimensions. The first is technical: can the agent ingest data from the sources that matter in your environment? The second is operational: does the agent's output feed back into the tools your analysts already work in, or does it create a separate pane of glass that gets ignored after the first month? For organisations running Sophos XDR, the extended detection and response architecture already aggregates endpoint, network, email, and cloud telemetry into a single data lake. Layering an AI SOC agent on top of that foundation is considerably more tractable than trying to connect an agent to a fragmented stack with five separate log sources and inconsistent data schemas. Ask the vendor for a technical integration diagram before any proof of concept begins. If they cannot produce one, the integration will take longer than they say and deliver less than they promised.
What Happens When the Agent Gets It Wrong?
Every AI system makes mistakes. The question is not whether your AI SOC agent will produce false negatives or incorrect closures. The question is how you detect those errors, how quickly, and what the blast radius is. Gartner's framework asks specifically about error handling and feedback loops. A well-designed AI SOC agent should log its reasoning for every decision, allow analysts to override and correct those decisions, and use that correction data to improve future performance. In practice, many systems do not expose reasoning at all, making audit impossible. For ransomware scenarios, the stakes of a missed alert are particularly high. Ransomware groups exfiltrate data before deploying encryption, often over days or weeks. An AI SOC agent that closes early-stage exfiltration alerts as benign data transfer gives attackers the window they need. BlackFog's anti-data exfiltration capability adds a specific control layer here, operating at the network level to block unauthorised outbound data movement regardless of whether the SOC agent identified the threat upstream. The broader point is this: no AI SOC agent should be your last line of defence. Defence in depth still applies. The agent is one layer, not the stack.
The Honest Assessment: What AI SOC Agents Can and Cannot Do Right Now
AI SOC agents are genuinely useful for specific, well-defined tasks. Alert enrichment, initial triage of high-volume low-fidelity signals, and correlation across large telemetry datasets are areas where current systems deliver measurable analyst time savings. A 2023 IBM Cost of a Data Breach report noted that organisations with AI and automation deployed in security operations identified breaches 108 days faster than those without — a statistic that vendors will quote at every opportunity. What current AI SOC agents cannot reliably do is replace experienced analyst judgement on ambiguous, high-stakes decisions. They cannot maintain consistent performance across novel attack techniques without retraining. They cannot operate safely without human oversight structures around them. The seven questions Gartner identifies are not a checklist to complete before signing a contract. They are a lens for having an honest conversation with a vendor about what their product actually does, where it fails, and whether your team has the operational maturity to deploy it safely. Kyanite Blue Labs advises clients to pilot AI SOC tooling within a structured 90-day evaluation with pre-agreed metrics, a control group for comparison, and a defined escalation path for the cases the system cannot handle. If you would like support building that evaluation framework, speak to the Kyanite Blue team.
Frequently Asked Questions
What is an AI SOC agent and how does it differ from a SOAR platform?
An AI SOC agent uses large language models or machine learning to autonomously investigate, triage, and in some cases close security alerts with minimal human input. A SOAR platform executes predefined playbooks based on rule-based logic. The key difference is adaptability: an AI agent can reason across novel scenarios, whereas SOAR requires explicit programming for each workflow. In practice, the boundary between the two is increasingly blurred by vendor marketing.
How do you measure whether an AI SOC agent is actually reducing alert fatigue?
Measure analyst-hours spent on manual triage before and after deployment, the false positive rate on alerts the system closes autonomously, and the percentage of escalated alerts that are confirmed true positives. MTTD and MTTR figures alone are insufficient. Establish a baseline in the 30 days before deployment and compare at 30, 60, and 90 days post-go-live using consistent methodology.
What are the main risks of deploying an AI SOC agent in a UK organisation?
The primary risks are governance-related and operational. On the governance side, AI SOC agents require broad access to sensitive telemetry, creating data residency and UK GDPR obligations that must be addressed before deployment. Operationally, the main risk is over-reliance: systems that autonomously close alerts can suppress early indicators of sophisticated attacks if not monitored carefully with defined human oversight structures.