Lessons From the Agentic Frontier: How the SOC is Winning in the AI Era
John Morgan, Fred Frey
RSAC 2026 Conference · Main Stage Keynote
The modern Security Operations Center (SOC) faces an unprecedented challenge: an overwhelming volume, sophistication, and speed of cyberattacks that consistently push human analysts to their limits, leading to burnout and missed threats. In this critical talk from RSA Conference, John Morgan and Fred Frey of Splunk Security introduce the concept of the **agentic SOC**, a paradigm shift where artificial intelligence (AI) agents collaborate with human analysts to automate responses, enhance investigations, and proactively prevent incidents. This vision, while promising, also acknowledges a significant paradox: the very agents designed to fortify security can simultaneously represent the biggest insider threat due to their non-deterministic nature and potential for catastrophic errors at machine speed.
AI review
A Splunk SVP and colleague deliver a polished but ultimately hollow vendor keynote dressed up as forward-looking research. The 'agentic SOC' framing is genuinely timely, and there are flickers of real substance around governance and trust models, but the talk never escapes its gravitational pull toward Splunk marketing. The demos are illustrative cartoons, not technical proof-of-concepts. The governance framework they call groundbreaking is a restatement of principles security engineers have applied to SOAR platforms for a decade. This is RSA Conference content — which is to say, it's…