SecOps Strain Grows as AI Adoption Outpaces Trust and Integration

/ AI, Cyber Security, DevSecOps

The News

Crogl, in partnership with the Ponemon Institute, released The State of SecOps and the Deployment of AI in the SOC report, surveying 649 IT and security practitioners across North America. The report found that organizations receive an average of 4,330 security alerts per day but investigate only 37%, while 62% have adopted AI in the SOC, yet only 44% consider it highly effective at reducing threats.

Analysis

Alert Volume and AI Adoption Are Outpacing Operational Capacity

Security operations centers are facing a scale problem that mirrors broader trends across application development and IT operations. The volume of alerts, averaging over 4,000 per day,  highlights the growing attack surface created by distributed, cloud-native, and AI-enabled applications. At the same time, the fact that only 37% of alerts are investigated suggests that human-driven workflows are no longer sufficient to keep pace with modern threat environments.

This aligns with our industry data, where increasing system complexity and accelerated deployment cycles are creating operational bottlenecks across domains. As organizations push more applications into production and integrate AI into workflows, the security layer inherits that complexity. The result is a widening gap between detection and response, where visibility exists but actionability is constrained by time, tooling, and staffing limitations.

The reported average of 16 cyberattacks per year, with half involving malicious insiders, further reinforces that the challenge is not just external threats but internal visibility and governance across increasingly interconnected systems.

AI in the SOC Shows Promise but Falls Short of Expectations

AI adoption within SecOps is clearly underway, with 62% of organizations already deploying AI capabilities. However, the effectiveness gap is significant. While 67% report that AI helps resolve alerts faster, only 44% believe it is highly effective at reducing threats. This suggests that AI is improving efficiency at the margins but has not yet fundamentally transformed security outcomes.

From an application development perspective, this reflects a familiar pattern seen across AI adoption more broadly. Organizations are moving from experimentation to accountability, where AI must deliver measurable operational value rather than incremental improvements. In the SOC, this means transitioning from AI-assisted triage to AI-driven decision-making and remediation.

The gap between speed and effectiveness also points to integration challenges. AI may accelerate alert handling, but without deep integration into workflows, identity systems, and policy enforcement layers, its ability to reduce overall risk remains limited. This reinforces the idea that AI must be embedded into operational systems, not layered on top of them.

Market Challenges and Insights

The report highlights a critical tension between AI acceleration and governance risk. While organizations are investing in AI to handle scale, they remain cautious about how that AI is deployed and managed. The finding that 61% of respondents are concerned about vendors using their security data to enrich AI services underscores a broader trust issue that extends beyond SecOps into enterprise AI adoption as a whole.

Workflow integration emerges as the most significant barrier, cited by 50% of respondents. This reflects the fragmented nature of security tooling, where alerts, logs, and telemetry are often distributed across multiple systems. Without a unified control plane, AI struggles to operate effectively across these silos. This mirrors challenges seen in observability and platform engineering, where tool sprawl and lack of integration limit operational efficiency.

Additionally, the imbalance between alert volume and investigation capacity suggests that prioritization remains a key challenge. AI can help filter and triage alerts, but without reliable context and accurate correlation across systems, teams risk either missing critical threats or over-indexing on false positives.

Implications for Developers and Security Teams

For developers and platform teams, these findings reinforce that security is becoming an embedded, continuous function within the application lifecycle rather than a downstream process. As AI-driven development accelerates code velocity and expands attack surfaces, security tooling must integrate directly into CI/CD pipelines, runtime environments, and observability systems.

Developers may increasingly be expected to build with security-aware architectures, where telemetry, identity, and policy enforcement are designed into applications from the start. At the same time, security teams will likely rely more heavily on AI to manage scale, but will need to balance automation with governance and oversight.

The effectiveness of AI in the SOC will likely depend on its ability to operate within unified platforms that combine detection, context, and response. Without this integration, AI risks becoming another layer of tooling rather than a force multiplier for security operations.

Looking Ahead

The Crogl and Ponemon findings suggest that SecOps is entering a transition phase similar to other areas of IT: from tool-driven processes to AI-assisted and eventually autonomous operations. However, the path forward is constrained by trust, integration, and governance challenges.

As organizations continue to adopt AI in the SOC, the focus will likely shift toward platforms that can unify data, enforce policy, and provide explainable, auditable decision-making. The ability to balance speed with control will be critical, particularly as regulatory and compliance pressures increase.

In the near term, enterprises may continue to see incremental gains from AI in alert triage and response efficiency. Longer term, the market may move toward more autonomous security operations models, but only if organizations can close the gap between AI capability, operational integration, and trust.

Author

  • With over 15 years of hands-on experience in operations roles across legal, financial, and technology sectors, Sam Weston brings deep expertise in the systems that power modern enterprises such as ERP, CRM, HCM, CX, and beyond. Her career has spanned the full spectrum of enterprise applications, from optimizing business processes and managing platforms to leading digital transformation initiatives.

    Sam has transitioned her expertise into the analyst arena, focusing on enterprise applications and the evolving role they play in business productivity and transformation. She provides independent insights that bridge technology capabilities with business outcomes, helping organizations and vendors alike navigate a changing enterprise software landscape.

    View all posts