At this year’s Gartner Security Summit, Kevin Schmidt delivered one of the more grounded takes on AI and automation in cybersecurity ops.
Instead of chasing the “autonomous SOC” fantasy, he laid out a realistic, phased approach:
- Manual – Humans triage everything. Burnout city.
- Semi-Automated – Playbooks help, but humans still drive.
- Augmented – AI copilots summarize & suggest. Analysts validate.
- Autonomous – AI agents operate with confidence scoring. Humans are “on the loop,” not always in it.
His key message? Context is king. If your AI doesn’t understand your environment, it’s just guessing—no matter how fancy the model.
🧠 What stood out:
- By 2027, 25% of SOC tasks could be 50% more cost-efficient via automation.
- You must start measuring performance on day one—before bringing in tools.
- Upskilling matters as much as tech. Your AI is only as good as the humans behind it.
📌 Takeaway: You can’t leapfrog to “autonomous” if your playbooks are duct-taped together. Build maturity first. And remember, this is about freeing up your analysts—not replacing them.
Who else caught this session? Curious how your team is approaching the SOC automation journey.
#GartnerSEC #AI #SOC #Cybersecurity