Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
What separates the SOCs that get results from their AI strategies from those that don’t is that CISOs take ownership of AI initiatives, anticipate obstacles early on, and systematically tear down outdated walls that stand in their way.
The discrepancy between the promise and implementation of AI dominated discussions at Forrester’s 2025 Security and Risk Summit last week. "We have one Chaos agent from us today," Allie Mellen, a senior analyst, said during her keynote. "And this agent of chaos is – you guessed it – generative AI."
Her keynote focused on the fact that many organizations and their cybersecurity teams are trapped behind self-imposed barriers that limit their potential.
Closing the gap between agent AI winners and losers
The gap between AI winners and losers in cybersecurity has nothing to do with technology. It’s about organizational readiness.
While leading organizations including caravan, City of Las Vegas, Copperbelt Energy Corporation Plc, Inductive automation, SalesforceWhile companies and many others are achieving efficiency gains, most companies remain trapped behind barriers that have built up over decades. With opponents capable of breaking out in just a few minutes 51 seconds accordingly CrowdStrike’s Global Threat Report 2025And 80% For many security teams that favor integrating GenAI into a broader security platform, dismantling legacy walls is not only strategic, but also existential. More than 70% of companies experienced at least one AI-related breach According to recent findings from the SANS Institute, generative models are now the main target.
However, the latest industry data presents a troubling paradox. Carnegie Mellon’s AgentCompany benchmark shows that AI agents fail 70 to 90% of the time when it comes to complex business tasks. Research from Salesforce confirms that the failure rate of its internal agents exceeds 90% when security measures are applied. Still 79% of managers report significant increases in productivity of deployed AI agents. The solution lies not in perfecting AI, but in removing the organizational walls that prevent its effective use.
"The old SOC as we know it cannot keep up. It has transformed into a modern firefighter," warned CrowdStrike CEO George Kurtz during his keynote Fal.Con 2025. "The world is in an arms race for AI superiority as adversaries use AI as a weapon to accelerate attacks. In the age of AI, security comes down to three things: the quality of your data, the speed of your response, and the precision of your enforcement."
Average Enterprise SOCs 83 security tools from 29 different providerseach of which generates isolated data streams that defy easy integration into the latest generation of AI systems. System fragmentation and lack of integration represent AI’s greatest vulnerability and most remediable problem for businesses.
The mathematics of tool proliferation proves disastrous. Organizations using AI in fragmented toolsets report significantly increased false positive rates. This corresponds to approx every fourth warningwith some teams facing upwards of 30% false positives or more. The majority of companies, 74%, Rely on multi-vendor cybersecurity ecosystems43% cite the lack of cross-platform integration as a significant operational burden.
Eliminate governance deadlock with a single-agent architecture
Traditional security governance is designed for and requires human-speed operations consisting of quarterly reviews, monthly audits, and daily approvals. AI agents operate at machine speed and make millions of decisions per second. This speed imbalance creates a governance crisis that cripples AI adoption.
Proper governance is one of a CISO’s biggest challenges and often involves removing longstanding barriers to ensure the organization can connect and contribute across the enterprise. CrowdStrike, Palo Alto Networks, SentinelOne, Trellix and others are taking on this challenge at the architectural level of their platforms.
CISOs tell VentureBeat that great governance is one of their most important responsibilities to get things right. What is needed is a centralized platform that consolidates all telemetry sources, ideally in a single-agent model. SOC teams need the latest telemetry data to perform real-time correlation, scaling detection and response. Crowd Strikes Falcon platformFor example, consolidates endpoint, cloud, identity and threat data streams into a unified telemetry pipeline, enabling SOC teams to make governance decisions with machine speed and precision. From a governance perspective, this architecture unlocks several important capabilities.
-
Policy-as-Code for AI agents: Guardrails (e.g. data residency rules, acceptable usage, privileged action boundaries) can be coded once and consistently enforced wherever agents operate, rather than having to reimplement them per tool.
-
A single source of truth for evidence and testing: Investigations, exemptions, and AI-driven actions are all supported by the same telemetry and log structure, simplifying regulatory reporting and reducing audit findings.
-
Continuous control monitoring: Instead of performing quarterly checks, the platform can continuously test whether identity, endpoint and workload policies are actually effective in the live environment.
-
Closed loop enforcement: Detected policy violations can automatically trigger compensating controls – from revoking tokens to isolating workloads – without having to wait on human approval queues when risk thresholds are exceeded.
-
Consistent identity-centric governance: By mapping activity to identities, not just devices or IPs, CISOs can enforce least privilege, monitor insider risk, and limit what AI agents can do on behalf of people.
These design goals mean fewer agents to manage and patch, fewer conflicting policies, and fewer blind spots in hybrid and multi-cloud environments. For CISOs, this means something very concrete: a defensible narrative to the board and regulators that AI initiatives are not rogue automation, but rather operate within a provable, monitored and enforceable governance framework based on a coherent architecture rather than a tangle of tools.
Changing the culture "NO" forces CISOs to think strategically
Transforming a CISO from security gatekeeper to business enabler and strategist is the best move a security professional can make in their career. CISOS often notes in interviews that transitioning from app and data disciplinarian to new growth enabler with the ultimate goal of showing how her teams help drive revenue was the catalyst her career needed.
Andrew Obadiaru, CISO at Cobalt, captures the urgency: "Nothing is particularly new, maybe AI is newer and the pace at which everything advances is ever increasing, but we have to do everything better in 2025."
"Tying my teams’ performance to new revenue enabled through strategic thinking is the best decision I’ve ever made for my teams and my career." a CISO at a financial services company told VentureBeat.
Pritesh Parekh, CISO at PagerDuty, emphasized The "When security is implemented correctly, we actually accelerate business by eliminating manual checkpoints and replacing them with automated guardrails." This approach directly enables the machine speed governance that AI agents require. This happens to be the same governance architecture that CrowdStrike and others integrate into their platforms.
Organizations with unified security and IT operations tend to have excellent governance and reporting 30% fewer significant security incidents compared to those with isolated teams. When opponents make a breakthrough 51 secondsCultural silos become attack vectors.
The solution is straightforward. Integrate security teams into development and operations. Create automated guardrails, not manual checkpoints. Enable AI agents to securely access unified data streams for immediate response while conducting real-time monitoring. In this way, security is no longer the department that slows everything down, but becomes the intelligence that drives automated defense.