As AI reshapes the cybersecurity landscape, Security Operations Centers (SOCs) are under growing pressure to defend against threats that now move at machine speed. Traditional security models, built around fragmented tools, manual workflows, and alert-heavy operations, are struggling to keep pace with increasingly autonomous and AI-enabled attacks. In response, enterprises are beginning to rethink the SOC itself — not as a reactive function, but as an intelligent, adaptive, and continuously learning security operation.
In this interaction with Express Computer, Robert Pizzari, Group Vice President – Asia at Splunk discusses how Splunk is building what it calls the “Agentic SOC” — a model that combines high-fidelity data, AI-native automation, and human oversight to create faster, more resilient security operations. He explains why the future of cybersecurity will depend not just on AI itself, but on how effectively organisations unify data, context, and decision-making across the enterprise.
Some edited excerpts:
How does Splunk define the Agentic SOC, and what makes it a leap beyond today’s AI-assisted security?
Splunk defines the Agentic SOC as a unified system that integrates data, tooling, and AI around the analyst. It represents a transition from analyst or human-led manual tasks to AI-augmented collaboration in order for the SOC to continuously adapt and meet unprecedented challenges in an era where AI-driven threats have surged. This is like a modern baseline for what it means to be truly secure.
The foundation of the agentic SOC is high-fidelity data, analysed at machine speed, with intuitive SOC tooling and human-led AI and automation. Where today’s tools generate more alerts, in an Agentic SOC, data across multiple environments, from network to business applications, comes together with shared context. This allows teams to have oversight and control over detection, investigation and responses to threats.
Armed with AI agents, AI agents can help with enrichment, correlation and action while the SOC stays in control. This frees up human experts’ time for high value strategic initiatives, ultimately enabling SOC to move at machine speed and at scale.
The Agentic SOC is not a future roadmap, it is a present direction that Splunk has already been delivering against, with concrete innovations such as the Splunk Enterprise Security available today.
The Agentic SOC balances scaling, automation, and user experience. Where do organisations struggle most, and what is Splunk’s targeted solution?
Security teams are doing continuous work under immense pressure. But the friction also exists in real time involving fighting with exploding data volumes, fragmented tools, noisy alerts, and data sprawl that creates operational pain which then also add to the cost-to-value problem. Without clarity, noise replaces confidence. More data does not equate to more insight.
The impact on the defenders is measurable: 98% of CISOs cite high alert volume as a top source of SOC stress, and 94% flag high false alert volume. More than a talent problem this is a sign that security needs a fundamentally better way to operate in the AI era.
Splunk’s solution addresses this across three pillars:
Simplify the analyst experience: SIEM, SOAR, UEBA, threat intelligence, and detection engineering unified in a single product experience under Splunk Enterprise Security Premier Edition.
Scale security operations without limits: risk scoring, automated triage, out-of-the-box detection content, playbook authoring, and threat intelligence enrichment, all AI-native.
Surge ahead of attackers with AI and automation: specialised agents that automate the heavy lifting, so analysts focus on the threats that require human judgment.
The result is a SOC that’s faster, more resilient, and built for the AI era.
How are Splunk’s investments in autonomous prevention and self-healing helping analysts move faster than adversaries today?
Adversaries are already using AI. Cisco Talos research shows that AI-enabled attacks today can automate reconnaissance, exploit development, credential harvesting, and lateral movement at scale, all at velocities no human team can match. The same AI agents posing new security challenges are also the most powerful tool in a defender’s arsenal.
Splunk’s investments in the Agentic SOC are specifically designed to close that speed gap, with capabilities currently rolling out:
Detection Studio: Eliminates the fragmented detection lifecycle. Maps coverage against MITRE ATT&CK in real time, significantly reducing mean-time-to-detect (MTTD).
Exposure Analytics: Provides a ‘Security Truth Layer’ which is a continuous asset discovery and contextual risk scoring using existing ingested data, at no additional cost.
Federated Search: Allows analysts to search and correlate data across S3, Iceberg, cloud lakes, and SaaS without upfront ingestion, reducing cost while accelerating time-to-insight.
Malware Threat Reversing Agent: Delivers instant insight into malicious scripts, step-by-step breakdowns and IOC extraction in seconds.
Triage Agent, Guided Response Agent, Automation Builder Agent: These agents autonomously enrich and prioritise alerts, execute SOC playbooks, and translate natural language into functional SOAR workflows.
The broader Cisco platform further strengthens this with Zero Trust Access extended to AI agents, DefenseClaw for secure agent deployment, and Cisco AI Defense for end-to-end runtime guardrails. The outcome: detection 64% faster, incident resolution 55% faster, and a 46% reduction in false positive rates.
How does the Agentic SOC elevate the security analyst’s role from a tactical defender to a strategic business enabler?
The Agentic SOC does not replace analysts. It elevates them in a structured manner. Today, analysts are very close to data, typing searches, reviewing logs, manually building detections and playbooks under time pressure that leaves no room for strategic work. The Agentic SOC breaks that cycle, it allows AI to handle noise and routine tasks so that analysts focus on the threats that require contextual judgment, deception-spotting, and risk-weighing.
This reshapes the entire experience hierarchy inside the SOC. Junior analysts operating with AI augmentation can execute at Tier 2-equivalent levels because AI accelerates execution for everyone, democratising expertise across the team.
Success becomes about how well analysts supervise agents, tune automation, and guide decisions with long-term business impact. Experience is measured in the ability to steer a system that learns alongside its human counterparts. The role of security has shifted from reactive response to strategic enablement, and Splunk’s solutions are purpose built to deliver on that vision.
In a market saturated with AI claims, what makes Splunk’s vision for the Agentic SOC unique, and how does your roadmap prove it?
The real differentiator isn’t the AI, it’s the data. Most vendors bolt AI onto security as an afterthought. Splunk’s advantage starts at the foundation: the Cisco Data Fabric. When data complexity turns into understanding, risk turns into control and that’s the gap Splunk is built to close. This is a shift from providing AI on top of fragmented data. Splunk brings AI directly to the data, inside the platform, with security, scale, and context built in.
The second differentiator is unified TDIR. Splunk Enterprise Security Premier is a useful collection of modern tools with a unified security engine. We have taken the ES that the market knows and trusts, the market-defining SIEM, and integrated it with our leading SOAR, UEBA, threat intelligence, and detection engineering into one single product experience. Splunk offers an operating model, which is a key difference.
The third is agentic AI that works the way your SOC works, not generic LLM offerings, but agents built with the intention to improve security workflows. Every action is transparent, auditable, and under analyst control.
How do you see the impact of Agentic AI?
Agentic AI is moving from concept to competitive advantage faster than most organisations anticipated. By 2026, leading enterprises will resolve most high-severity incidents autonomously, cutting time-to-detect and time-to-restore from days to minutes. This exhibits a shift from reactive, human-led workflows to always-on, machine-executed security operations.
The deeper impact lies in how work itself is restructured. Agentic AI introduces a clear division of labour where autonomous agents manage scale, speed, and repetitive decision-making and human analysts focus on strategy, threat hunting, and complex judgment. This is an evolution that builds a fundamentally different operating model. According to Splunk’s CISO Report 2026 (surveying 650 CISOs globally, including India), among organisations that have partially or fully adopted agentic AI, 39% strongly agree it has increased reporting speed and 82% highlight faster correlation and response times. These numbers highlight a measurable business impact.
To put the scale of what is coming in context, by 2028, over 1.3 billion AI agents are expected to be operating inside organisations globally. The teams that will lead are those who learn earliest how to work alongside it.