Agentic AI affecting the world of the SOC

The increase in the deployment of agentic AI is having an impact on the security market, with the technology already driving vendor security information and event management (SIEM) investment decisions.

With agents able to independently carry out investigations and deal with bottlenecks that can cause problems in security operations centres (SOCs), there are increased opportunities to free human staff to work on governance and oversight.

“Agentic AI is changing the economics of SOC operations,” said Joe Turner, global director of research at Context. “Across our extensive EMEA distribution data and our global coverage spanning EMEA, META, APJ and LATAM, we are already seeing vendors reposition their SIEM portfolios around automation, identity telemetry and data context.”

The market watchers researched the impact of agentic AI globally, with the European market demonstrating a drive towards sovereignty against the backdrop of strong compliance regulations.

Context found that European SIEM revenues increased by 4%, with the mid-market 501–1,000 seat customer base increasing by 288%. Those customers, who do not have the resources to run a 24/7 SOC, have moved to unified platforms that provide the reassurance that they will meet compliance regulations.

Managed detection and response (MDR) is still one of the most popular segments, increasing in Europe by 18.9%, with under-500 seat organisations growing by 30%.

The adoption of AI agents is the most widespread in APJ, but there have been signs of the rapid implementation increasing risks. Meanwhile, in LATAM, the technology has been welcomed as an opportunity to overcome some of the barriers caused by legacy infrastructure, particularly in banking and ecommerce. However, the technology is being rolled out without a high skill level or confidence in national government’s cyber security posture.

“Agentic AI is fundamentally reshaping the SIEM market,” said Frank Vitagliano, CEO of the Global Technology Distribution Council (GTDC). “The market intelligence by Context highlights a move towards AI-driven detection and automation in the global cyber security market. This level of visibility is essential for decision-makers, who are looking to understand where security investment is heading.”

Context is working with the GTDC to encourage the development of standards across distribution globally.

Despite the attraction of giving AI agents more autonomy, there continue to be concerns about the security implications of deploying the technology, particularly in sensitive environments such as SOCs.

“Agentic AI can dramatically improve response speed, but without guardrails, it also increases the blast radius of mistakes,” said Bharat Mistry, field CTO at TrendAI, a business unit of Trend Micro. “Organisations must apply the same scrutiny to AI agents as they would to privileged human administrators.”

Agentic AI emerged as one of the main themes in the market over the course of last year and many in the industry expect the deployment of the technology to increase significantly this year as users move from pilots to wider projects.

As the popularity for AI agents continues to rise, the implications for teams working in a SOC that include both humans and agents is still a novel concept that has yet to be defined fully and therefore poses its own security risks.