AI-Driven SOCs: What PwC Is Seeing and What Security Leaders Should Do

Show Notes

AI is reshaping the security operations center (SOC), shifting it from a manual, reactive function into a faster, intelligence-driven environment. For organizations dealing with alert fatigue and limited analyst capacity, AI is becoming a practical tool for improving how threats are identified and managed.

In this UC Today discussion, Kristian McCann speaks with Morgan Adamsky, Principal at PwC, to explore how enterprises are operationalizing AI in the SOC. 

Adamsky brings a pragmatic perspective, focusing on how AI can be deployed responsibly. Her insights center on aligning technology with people and process, ensuring AI enhances rather than complicates decision-making in high-pressure environments.

From Hype to Operational Reality

Traditionally, analysts have had to manually review large volumes of data, often taking significant time to identify real threats. AI is changing that by rapidly surfacing anomalies and prioritizing potential risks, helping teams respond faster.

Adoption, however, varies widely. Many organizations are still taking a “bolt-on” approach, adding AI into existing workflows. More advanced organizations are rethinking the SOC entirely, treating AI as a “force multiplier” and designing operations around it from the outset.

This gap highlights different levels of maturity. While some are experimenting, others are investing in deeper transformation, a move Adamsky suggests will deliver greater long-term value, particularly as attackers also leverage AI to accelerate their efforts.

Challenges remain. Organizations must integrate AI across the full security lifecycle, ensure outputs can be trusted, and train teams to use it effectively. As Adamsky notes, the human factor is still a key hurdle in scaling adoption.

Building a Smarter, Safer SOC

To manage these challenges, organizations are introducing clearer boundaries between AI and human decision-making. AI can handle tasks like initial triage, but critical actions such as containment or shutting down systems typically require human validation.

This human-in-the-loop approach helps maintain trust while still benefiting from automation. It ensures that AI supports, rather than replaces, human judgment in high-stakes scenarios.

Adamsky also outlines what effective implementation looks like. This includes combining threat intelligence, vulnerability data, and network activity into a unified view. AI then helps identify patterns and surface meaningful insights, enabling more informed decisions.

She also points to three priorities: faster vulnerability management, stronger third-party risk oversight, and preparing for breaches. The latter reflects a growing recognition that incidents are increasingly likely, making readiness essential.

From Experimentation to Transformation

The discussion makes clear that incremental adoption is not enough. While bolt-on AI can deliver short-term gains, long-term success requires rethinking the SOC as a whole, with AI embedded across workflows.

At the same time, core cybersecurity fundamentals still matter. Practices like patching, testing, and incident planning remain critical, but must now operate at greater speed to keep up with AI-driven threats.

For security leaders, the focus should be on both technology and people. That means investing in tools while also upskilling teams and adapting processes to fully leverage AI.

Ultimately, organizations that treat AI as foundational rather than optional will be better positioned to keep pace in an increasingly automated threat landscape.