AI is rapidly transforming SOCs, promising to automate everything from threat detection and incident investigation to remediation. Yet as enterprises rush to embrace AI-powered security tools, a fundamental question of how much autonomy should organisations be willing to hand over to machines still remains.
The debate is becoming increasingly relevant as security teams worldwide struggle with an overwhelming volume of alerts, expanding attack surfaces, and a chronic shortage of skilled cybersecurity professionals. For many organisations, AI is no longer viewed as an experimental technology but as a necessity for managing modern security operations.
However, industry experts argue that despite advances in agentic AI, cybersecurity remains a field where human judgement cannot be completely removed from the equation.
“AI should optimise people, not eliminate them,” says Zubair Chowgale, Director of Sales Engineering for EMEA & APJ at Securonix. “If everything is left entirely to autonomous agents, there is always the risk of unintended consequences.”
His comments reflect a growing consensus across the cybersecurity industry. While AI can significantly accelerate threat investigations, reduce false positives, and automate repetitive tasks, security leaders remain wary of giving autonomous systems unchecked authority over critical infrastructure.
The emergence of so-called “agentic AI” has intensified the conversation. Unlike traditional automation, agentic systems can independently perform tasks, gather information, make decisions, and execute actions. Several cybersecurity vendors are now building virtual security analysts designed to augment human teams by conducting investigations, running searches, and summarising incidents.
The appeal is obvious. Security operations centres continue to face alert fatigue, with analysts often spending valuable time performing repetitive investigations rather than focusing on high-priority threats. AI-powered assistants can help reduce this burden by handling routine workflows and accelerating response times.
Yet organisations are increasingly discovering that the challenge extends beyond operational efficiency.
The rise of generative AI has introduced an entirely new category of cyber risk. Employees are routinely using public AI tools to generate content, analyse documents, and conduct research, often without fully understanding the implications for sensitive corporate data. This phenomenon, commonly referred to as “Shadow AI,” has emerged as a growing concern for CISOs and risk leaders.
“Human beings remain the weakest link,” says Chowgale. “Awareness is important, but organisations also need guardrails.”
Those guardrails are becoming essential as enterprises attempt to balance innovation with governance. Security teams are now being asked to monitor not only traditional cyber threats but also risks such as data leakage, model manipulation, AI misuse, and unauthorised sharing of sensitive information through public AI platforms.
As a result, conversations between enterprises and cybersecurity vendors have shifted significantly over the past two years. Questions that once focused on cloud adoption and data residency are increasingly centred around AI governance, model transparency, and data privacy.
According to Chowgale, organisations are paying close attention to how AI models are trained, where enterprise data is processed, and whether proprietary information is being exposed to third-party systems.
The shift reflects a broader reality where trust is becoming as important as technological capability in enterprise AI adoption.
India, meanwhile, is emerging as a particularly significant market in this evolution. While every geography faces distinct threat landscapes shaped by local regulations and geopolitical realities, India is witnessing rapid experimentation with AI-driven technologies across sectors.
The country’s large digital economy, expanding enterprise technology footprint, and growing cybersecurity maturity are creating both opportunities and challenges. Organisations are processing unprecedented volumes of security data, forcing security teams to seek greater levels of automation and intelligence.
At the same time, cybercriminals are adopting AI at an equally rapid pace. From more convincing phishing campaigns to automated reconnaissance and social engineering attacks, the offensive use of AI is evolving alongside defensive capabilities.
This dynamic is forcing enterprises to rethink long-held assumptions about cybersecurity. While AI can improve visibility and efficiency, experts caution that it cannot compensate for weak fundamentals.
“Threat actors often don’t hack in—they log in,” says Chowgale.
The statement underscores a persistent industry reality. Many successful cyberattacks continue to exploit compromised credentials, poor access controls, and basic security lapses rather than sophisticated technical vulnerabilities.
For all the excitement surrounding AI-powered security operations, identity security, access governance, employee awareness, and cyber hygiene remain the first line of defense.
The future of cybersecurity will undoubtedly be shaped by AI. Agentic systems, intelligent assistants, and automated investigations are likely to become standard features of the modern SOC. But as organisations navigate this transition, the goal may not be to create fully autonomous security operations.
Instead, the industry’s direction appears to be moving toward a hybrid model—one where AI handles scale, speed, and repetition, while humans continue to provide context, judgement, and accountability.
In an era increasingly defined by machine intelligence, cybersecurity’s most important safeguard may still be human oversight.