FIRESIDE CHAT: The case for AI-Native SOCs built to take action, not just observe and alert

The raw attack surface isn’t just growing. It’s fragmenting. Logs from SaaS apps, cloud workloads, and third-party services flood security stacks already straining to keep up. Security teams are buried in alerts they can’t triage fast enough. Meanwhile, adversaries probe for gaps that form in the seams.

Related: Using threat intel to boost ROI

This operational sprawl has become the modern SOC’s weakest link — and, increasingly, its most fixable one.

That’s the case made by George Moser, Chief Growth Officer at Anomali,  who I spoke with recently. Moser frames this moment as a necessary reset: one in which AI-native security platforms shift the goal from passive visibility to predictive, autonomous mitigation. And do so in a way that scales across the real-world complexity defenders now face.

“We’re beyond the point where throwing humans at the problem works,” Moser told me. “We need actionable intelligence, and the ability to act on it instantly.”

Anomali’s platform combines a centralized data lake, enriched threat intelligence, and a growing layer of agentic AI that reasons across structured and unstructured inputs. It’s built to trigger automated actions — like disabling accounts or blocking IPs — based on playbooks that security teams have already defined and approved.

In one major financial institution, Moser said, this architecture helped reduce critical incidents by 90 percent and cut SIEM-related costs by more than half.

Moser doesn’t oversell it. Agentic AI is still early. But with bounded autonomy, real threat feeds, and tight controls, he sees it as a practical way to put guardrails on automation — keeping humans at the center while improving speed and precision at scale.

For a full drill down, please give a listen to the accompanying podcast.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

---

(LW provides consulting services to the vendors we cover.)

The post FIRESIDE CHAT: The case for AI-Native SOCs built to take action, not just observe and alert first appeared on The Last Watchdog.