Johannesburg, 20 Mar 2025
AI has an increasingly important role to play in cyber security, but the technology is not yet mature enough to be trusted in crucial roles such as security operations centre (SOC) analysts.
This is according to Martin Potgieter, co-founder and Technical Director at Nclose – an Integrity360 company, who was speaking ahead of the ITWeb Security Summit in Cape Town and Johannesburg.
Potgieter says: “There have been some interesting developments in the AI space, and there’s also a lot of hype. There are literally dozens of companies starting up now with a view to supplementing or possibly replacing SOC analysts. However, there’s a great deal of functions AI-powered SOC analysts should not be tasked with in today’s landscape – it’s just too risky.”
Potgieter notes that giving AI agents autonomous power in the SOC would be akin to putting an AI agent in a 911 call centre. “In an SOC, you still need skilled, experienced humans to make key decisions because the impact of a mistake could be huge,” he says.
He cites potential pitfalls and challenges of relying too heavily on AI-driven security tools, such as AI hallucinations or the potential for attackers to ‘trick’ AI. “And understanding that AI is learning from what it sees, when there's a new type of attack that it hasn't seen before, it might discount it when in actual fact it should pay more attention and dig a little deeper,” he says.
Potgieter believes AI has significant value for its detection capability, for gathering contextual information and for high-level investigation purposes. He says: “If we're talking generative AI, then it's learning based on what it's seen previously, so there is certainly some value in having AI analysing hundreds of alerts that have had a similar outcome. AI can free up much needed time and support skilled human SOC analysts, but the ultimate decision still needs to be made by a human.
“At Nclose, we're not quite at the point where we have the confidence in AI to make key decisions,” Potgieter says. “But we do have it helping analysts with context, and we also use it in the detection engineering space.”
Nclose is a Gold Sponsor of the ITWeb Security Summit 2025 in Cape Town and Johannesburg. Potgieter will present a talk on the ‘Rise of the AI SOC Analyst: Hype vs Reality in Cyber Defence’ at the Cape Town event, which will be staged at the Cape Town International Convention Centre on 27-28 May. The Johannesburg event will be held at the Sandton Convention Centre from 3-5 June, where Richard Ford, Chief Technical Officer at Integrity360, will present a talk.
For information and to register, visit https://www.itweb.co.za/event/itweb-security-summit-cpt-2025/
Share