What sets apart successful SOCs in implementing AI strategies from those that struggle lies in CISOs taking ownership of AI initiatives and proactively addressing potential obstacles, such as legacy barriers that hinder progress.
The conversation surrounding the disparity between the promises of AI and its actual delivery was a central theme at Forrester’s 2025 Security & Risk Summit. Allie Mellen, a principal analyst, highlighted the disruptive nature of generative AI as a significant challenge faced by many organizations and their cybersecurity teams.
Addressing the Disparity in AI Success in Cybersecurity
The key factor that separates successful AI implementations in cybersecurity from unsuccessful ones is not technological superiority but rather organizational preparedness.
While leading organizations like Carvana, City of Las Vegas, Copperbelt Energy Corporation Plc, Inductive Automation, and Salesforce reap the benefits of AI efficiencies, many enterprises are hindered by longstanding barriers. With adversaries breaching defenses in a matter of seconds and the majority of security teams favoring integrated GenAI solutions, dismantling legacy obstacles is not just a strategic move but a vital necessity.
Recent findings from the SANS Institute reveal that over 70% of enterprises experienced AI-related breaches in the past year, with generative models emerging as primary targets. Despite the high failure rates of AI agents on complex tasks, executives report significant productivity gains from deployed AI agents, highlighting the need to focus on eliminating organizational impediments rather than perfecting AI technology.
CrowdStrike CEO George Kurtz emphasized the inadequacy of legacy SOCs in the modern cybersecurity landscape, likening them to firefighters. He underscored the escalating arms race for AI dominance as threat actors leverage AI to accelerate attacks, stressing the importance of data quality, response speed, and enforcement precision in the AI era.
Enterprise SOCs grapple with an average of 83 security tools from 29 different vendors, leading to fragmented data streams that hinder seamless integration with AI systems. The proliferation of tools results in elevated false-positive rates, with organizations facing a significant burden due to lack of cross-platform integration.
Overcoming Governance Challenges with Unified Architectures
The conventional security governance framework, designed for human-paced operations, faces a crisis when confronted with the rapid decision-making capabilities of AI agents. To navigate this governance dilemma and facilitate AI adoption, CISOs must address longstanding roadblocks and embrace unified architectures.
Companies like CrowdStrike, Palo Alto Networks, SentinelOne, and Trellix are reimagining security governance at the platform level by consolidating telemetry sources within a single-agent model. This approach enables SOC teams to leverage real-time correlation and response capabilities, enhancing governance precision at machine speed.
-
Implementing Policy-as-Code: Encoding guardrails for data residency and acceptable use ensures consistent enforcement across AI agents, eliminating the need for redundant implementations.
-
Establishing a Single Source of Truth: By integrating investigations, exception approvals, and AI-driven actions within a unified telemetry pipeline, organizations simplify regulatory reporting and enhance audit compliance.
-
Enabling Continuous Control Monitoring: A shift towards continuous testing of identity, endpoint, and workload policies enhances the effectiveness of security controls in real-time scenarios.
-
Automating Closed-Loop Enforcement: Automatic triggers for policy violations enable swift responses, such as revoking tokens or isolating workloads, without human intervention.
-
Promoting Consistent Identity-Centric Governance: By mapping activities to identities, CISOs can enforce least privilege principles, monitor insider risks, and restrict AI agent actions based on user identities.
Unified architectures reduce the complexity of managing multiple agents and policies, minimizing blind spots across hybrid and multi-cloud environments. This streamlined approach provides CISOs with a defensible narrative for board and regulatory stakeholders, demonstrating that AI initiatives operate within a monitored and enforceable governance framework.
Embracing a Strategic Approach to Security Culture
The evolution of CISOs from security gatekeepers to strategic business enablers marks a significant milestone in their professional growth. By aligning security objectives with revenue-driving initiatives, CISOs can transform their teams into valuable assets that contribute to organizational success.
Andrew Obadiaru, CISO at Cobalt, emphasizes the ongoing need for excellence in all aspects of cybersecurity in 2025, highlighting the importance of continuous improvement and adaptation in the face of evolving threats.
Security leaders recognize the transformative power of enabling business growth through strategic security measures. Pritesh Parekh, CISO at PagerDuty, underscores the role of security in accelerating business operations by replacing manual checkpoints with automated guardrails, aligning with the governance architecture essential for AI agent operations.
Organizations that integrate security and IT operations exhibit superior governance capabilities and report fewer security incidents compared to siloed teams. With adversaries capable of breaching defenses within seconds, fostering a culture of collaboration and automation is imperative to strengthen cybersecurity defenses.
By integrating security teams into development and operations, implementing automated guardrails, and enabling AI agents to leverage unified data streams for real-time monitoring and response, organizations can transform security from a hindrance to a proactive defense mechanism.
