Beyond the Chatbot: Delivering an Agentic SOC for Real-World Defense

Peter Smith, Ravi Kiran Sharma (RK)

[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 2

Salesforce built an Agentic SOC — a network of specialized AI agents operating in Slack alongside human analysts — that takes a threat intelligence report and completes the full cycle from alert to threat hunting to containment to detection deployment in under ten minutes. The architecture rests on eight core primitives, an "AI constitution" governance framework, and a philosophy of treating agents as digital teammates rather than automation scripts. ---

AI review

Salesforce demoed a genuinely impressive Agentic SOC — nine specialized agents, alert to containment in under ten minutes, built on existing SOAR without ripping out infrastructure — but the talk leans heavily on the demo narrative at the expense of the engineering substance. The AI Constitution framing is useful governance vocabulary even if the primitives underneath it are underspecified.