Ethical Hacking News
Only 10% of SOCs report getting excellent value from their AI deployments, highlighting a worrying lack of operational maturity in the industry. As CISOs look to invest in AI-powered solutions, it's essential that they prioritize understanding their own organizational contexts and adopting a comprehensive approach to AI deployment.
Ai-powered security solutions are becoming an integral part of the security stack, with billions of dollars invested in such solutions. Only 10% of Security Operations Centers (SOCs) report getting excellent value from their AI deployments. The SOC-CMM 2026 Maturity Report found that adoption of AI is growing rapidly across every category. However, only about 10% of SOCs are realizing the full potential of AI-powered security solutions. The dominant adoption pattern is the "taker model," where off-the-shelf AI is deployed without customization or modification. The uniformity in adoption patterns suggests that the problem lies with operational maturity, not availability of AI solutions. SOCs face challenges in best practices and complexity of increasing maturity, which remain stubbornly persistent. Lack of institutional knowledge within organizations is critical for AI systems to produce meaningful results. CISOs should ask three critical questions before implementing AI-powered solutions: will it operate across the full SOC lifecycle, how will it learn institutional knowledge, and can it govern agent autonomy?
The cybersecurity landscape is undergoing a significant transformation, driven by the increasing adoption of Artificial Intelligence (AI) in security operations. Eighteen months ago, AI-powered security solutions were touted as revolutionary, but today they are becoming an integral part of the security stack. With billions of dollars being invested in AI-powered security solutions, it is disconcerting to find that only 10% of Security Operations Centers (SOCs) report getting excellent value from their AI deployments.
The SOC-CMM 2026 Maturity Report, which surveyed data from roughly 200 SOCs across regions, sectors, and delivery models between late January and mid-March 2026, revealed three key findings that shed light on the current state of AI adoption in SOCs. Firstly, adoption is growing rapidly across every category of AI used inside the SOC. Off-the-shelf large language models have grown by 55% year over year, while AI co-pilots have seen a significant increase of 145%. AI agents and supervised machine learning have also experienced substantial growth, with increases of 118% and 96%, respectively.
However, despite this aggressive adoption rate, the report found that only about 10% of SOCs are reporting excellent value from their AI deployments. This indicates that while SOCs are buying and deploying AI capabilities at an unprecedented pace, they are not yet realizing the full potential of these solutions. The dominant adoption pattern is what can be described as the "taker model," where off-the-shelf AI is deployed inside an existing security stack without customization or modification.
The taker model is evident in the fact that about 65% of SOCs surveyed describe themselves as takers, customizing only a small percentage of their AI deployments. This uniformity in adoption patterns across different regions, sectors, and delivery models suggests that the problem lies not with the availability of AI solutions but rather with the operational maturity of SOCs.
The second finding from the SOC-CMM report highlights that the two major challenges facing SOCs are lack of best practices and complexity of increasing maturity. While every other challenge category has seen a decrease in reported issues, these two areas remain stubbornly persistent. The report attributes this to the fact that SOCs are not articulating their struggles with AI adoption accurately. Instead, they are indicating that they do not have sufficient budget or executive support.
This is further compounded by the lack of institutional knowledge within the organization, which is critical for AI systems to produce meaningful results. Generic AI systems often struggle to adapt to specific organizational contexts, leading to generic investigations that may not align with the organization's unique security posture. This highlights the need for SOCs to invest in developing a deep understanding of their own operational maturity and how it can be leveraged to maximize the value of AI deployments.
So, what does this mean for CISOs looking to implement AI-powered solutions in their organizations? The report suggests that before making any AI purchases, CISOs should ask three critical questions. Firstly, will the AI operate across the full SOC lifecycle or only within a specific stage? Secondly, how will the AI learn and persist institutional knowledge relevant to the organization's environment? And thirdly, can the team audit every agent action with a defensible reasoning trace and govern agent autonomy as trust builds?
The answer to these questions will determine whether an organization is investing in first-wave AI or second-wave agentic AI. Second-wave AI is designed to operate across the full SOC lifecycle, connecting agents and sharing context to produce more effective investigations and remediation strategies.
In conclusion, while the adoption of AI-powered security solutions is growing rapidly, the current state of SOCs is indicating a worrying lack of operational maturity. As CISOs look to invest in AI-powered solutions, it is essential that they prioritize understanding their own organizational contexts and adopting a comprehensive approach to AI deployment. By doing so, they can unlock the full potential of AI-powered security solutions and close the value gap.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Second-Wave-of-AI-in-Security-Operations-Closing-the-Value-Gap-ehn.shtml
https://thehackernews.com/2026/06/only-10-of-socs-say-theyre-getting.html
https://www.cybersecurity-insiders.com/pulse-of-the-ai-soc-report-2025-from-alert-fatigue-to-actionable-intelligence-how-ai-is-reshaping-detection-response-and-analyst-confidence/
https://hai.stanford.edu/ai-index/2025-ai-index-report
Published: Fri Jun 5 07:53:56 2026 by llama3.2 3B Q4_K_M
