Interviews | June 17, 2026
AI Augmented SOCs Will Need to Redefine Analyst Roles
Cymulate | Prophet Security | SentinelOne | Varonis
Q1. Organizations are deploying more AI systems, cloud-native architectures, and autonomous workflows. How does security validation need to change to keep pace with these fast-growing and far more dynamic environments than traditional infrastructure?
The security landscape has become dramatically more dynamic, distributed, and autonomous. Traditional validation approaches were built for relatively static environments, but today organizations are constantly changing infrastructure, deploying AI-driven applications, and operating at cloud speed. This requires a completely different validation mindset — one that is continuous, adaptive, and automated. Security teams can no longer rely on periodic assessments or manual processes. They need real-time validation that can rapidly identify exposures, validate defenses, and prioritize mitigation. AI becomes critically important in this new model, primarily because of speed and scale. The volume of changes, threats, and configurations is simply too large for humans alone to manage effectively. AI enables organizations to accelerate discovery, understand risk context faster, and respond or remediate issues in near real time.
Q2. How do you see the continuous security validation category evolving over the next few years? Where do you think the market is still missing the mark?
Historically, security validation was treated as a narrow and often difficult operational use case inside broader security programs. It was typically manual, point-in-time, and disconnected from day-to-day security operations. What AI changes is the ability to transform security validation into a true continuous engineering cycle — one that starts with exposure discovery, moves into automated validation, and then drives mitigation and optimization autonomously and at high speed. Over the next few years, I believe the category will evolve from “testing security controls” into continuously improving organizational resilience against real-world threats. Validation will become deeply integrated into security operations, exposure management, and remediation workflows.
Where the market is still missing the mark is that many organizations continue to treat validation as a compliance exercise or a standalone product category, rather than as a core operational capability that should continuously drive prevention, detection, and response improvements across the entire security stack.
Q3. What are Cymulate's plans at Black Hat USA 2026? How does you company plan on engaging with customers and other security stakeholders at the event?
At Black Hat USA 2026, our focus is on engaging security leaders in conversations around Agentic Cyber Defense Engineering and the practical challenges of building resilient security programs in an AI-driven world. We’ll be meeting with customers, partners, and practitioners to discuss how organizations can move beyond reactive security operations toward continuous validation, measurement, and improvement of their defenses.
We're particularly interested in hearing how security teams are adapting to a rapidly changing threat landscape and sharing perspectives on how Agentic Cyber Defense Engineering can help organizations continuously test assumptions, validate controls, and make security outcomes more measurable. Black Hat is one of the few events where the industry's most innovative thinkers come together, and we see it as an opportunity for meaningful dialogue, knowledge sharing, and collaboration on what the next generation of cyber defense should look like.
Q1. AI is increasingly automating Tier 1 and Tier 2 SOC workflows. Where do you see the real long-term differentiation emerging for platforms like Prophet Security? Is it going to be in detection accuracy, autonomous response, analyst augmentation, or something else entirely?
The real [differentiation] won't be detection accuracy or autonomous response in isolation — those are our short-term differentiation, but they are table stakes that every vendor will eventually match. The durable differentiation will be in the investigation and response to threat hunting to detection engineering feedback loop combined with vendor-neutral cross-stack reasoning.
Security platform vendors will claim "agentic AI SOC" features, but they're architecturally incentivized to optimize within their own telemetry. An enterprise running a heterogeneous stack — which is nearly all of them — gets structurally incomplete investigations when the AI can only natively see one vendor's data. A purpose-built, vendor-neutral platform will prioritize integrations with all security tools in a customer's environment.
The feedback loop is where compounding advantage lives. When investigation outcomes continuously drive detection tuning and feed threat hunting hypotheses, the platform gets materially better the longer it operates in a specific environment. That's an architectural property — it has to be designed in from the start, not bolted on. Prophet's closed loop between AI SOC Analyst, AI Threat Hunter and AI Detection Advisor is exactly this kind of structural differentiation that's hard to replicate by adding an "agentic" label to existing products.
Q2. What’s the most important leadership and cultural shift security teams need to make to successfully move from traditional alert-driven operations to an AI-augmented SOC where agents handle the majority of triage and investigation?
The most important shift is moving from "the analyst is the unit of scale" to "the agent is the unit of scale." That sounds like a simple reframing, but it changes how you staff the SOC, what you measure, and how you define the analyst role itself. For most security organizations, that's uncomfortable territory.
Traditional SOC operations are built around human throughput. More alerts means hiring more analysts. Quality is gated by individual skill and bandwidth. KPIs like alerts-closed-per-analyst-per-day made sense in that world. In an AI-augmented SOC, those metrics actively work against you; they create incentives to keep humans in the loop on work agents should own, and they make the ROI of AI invisible.
Leaders need to stop measuring inputs and start measuring outcomes: detection coverage, accuracy of autonomous dispositions, reduction in attacker dwell time. These are things the agent-analyst system produces together, and optimizing for them requires accepting that you won't have perfect visibility into every individual decision the agent makes.
The analyst role has to be explicitly redefined, not left to evolve organically. In an AI-augmented SOC, analysts become supervisors and adversaries — reviewing agent reasoning, identifying systematic errors, and stress-testing conclusions. That's a fundamentally different job than triage, and most analysts haven't been hired or trained for it. Organizations that invest in that transition perform well. Those that assume analysts will naturally adapt without role clarity end up with expensive tools that humans second-guess into irrelevance.
The hardest piece is trust calibration. Security leaders are trained skeptics, but excessive skepticism means shadow-reviewing every agent decision, which defeats the purpose entirely. The cultural work is building a principled trust model: what classes of decisions can agents close autonomously, what requires human review, and how does that boundary evolve over time as accuracy is demonstrated.
Q3. What is Prophet's main messaging going to be at Black Hat USA 2026? What do you want attendees to take away from your company's participation at the event?
Black Hat is where the agentic AI SOC conversation gets honest. RSA 2026 flooded the market with point agents — an AI agent for triage, a separate one for detection tuning, another for threat hunting, each solving a narrow slice of the problem. Security teams are now being asked to stitch those together and call it a strategy. Prophet's message at Black Hat is a direct challenge to that approach.
A collection of point agents isn't a scalable solution. It's a new kind of tool sprawl. You still have silos, you still have manual handoffs between systems, and you still have analysts doing the integration work that vendors didn't. The promise of autonomous security operations doesn't materialize with agents operating as disconnected AI tools.
Prophet Agentic AI SOC Platform has a different answer: a unified platform where multiple agents - investigation agents, detection agents, threat hunting agents, and incident response agents aren't separate agents bolted together — they operate in a unified agentic AI SOC platform and are designed to reinforce each other. Detection agents feed on what the AI SOC Analyst investigates. Threat hunting agents drive new detections and feed investigation agents. The loop closes automatically, without human intervention.
The takeaway Prophet wants attendees to leave with: point agents are the new point solutions. If you're building an agentic AI SOC by assembling a collection of them, you've replicated the problem you were trying to solve. Prophet Agentic AI SOC Platform was built as an integrated system from day one and represents a fundamentally different bet.
Q1. How is the increasing use of AI-driven attack techniques changing customer expectations of endpoint and workload protection? Where do you see the biggest gaps between what enterprises think they are protected against versus what is actually happening?
One of the single largest changes in AI-driven attacks is the combination of intrusion speed and an ability to tailor intrusion actions to a specific environment. These shifts require defenders to be prepared to make critical decisions almost instantly and is driving a push to decisionmaking at the lowest levels. It also is re-emphasizing the criticality of endpoint solutions as they are the action arm of AI-driven security. While market predictions over the last few years spoke of the commoditization of the endpoint market, AI has deeply undercut this narrative and made it more relevant than ever as it can provide real-time actions to enable AI-driven defenses.
Q2. From a customer perspective what capabilities are now considered table stakes across endpoint, cloud, and identity security? Where do you see true differentiation emerging over the next few years?
It's more critical than ever for solutions to work well together, integrate seamlessly, and be able to roll into larger decision making technologies. Additionally, identity has seen an explosion across types and is now also including "agent identity" as a new element to the identity detection plane. True differentiation will come from security technologies that can provide actionability instead of just visibility. Finally, sustainability and ease of use are more important than ever in this highly dynamic environment.
Q3. How does SentinelOne plan on using Black Hat USA 2026 to engage with customers, partners, and the broader security community? Are there any key initiatives or announcements you’re bringing to the show?
SentinelOne will continue to bring both our philosophy for autonomous security and intelligence, as well as our specific technological approaches for improving any organization's analysis engines, to Black Hat. We will demonstrate our continued AI evolution as it expands to include AI for security, AI as security, and how our established technologies evolve to integrate these expanding areas.
Q1. What are the most dangerous new attack patterns you’re seeing against enterprise data in AI environments? How should security leaders rethink data protection in this new reality?
Varonis Threat Labs uncovered Reprompt, a family of vulnerabilities demonstrating how easily an AI assistant can be turned into a data exfiltration engine. Reprompt works by chaining together three behaviors that, on their own, look like normal product features. First, there’s parameter-to-prompt injection. Many AI assistants accept input through a URL parameter, where the “q” parameter pre-fills a prompt. That’s convenient for users, but it also means an attacker can embed instructions directly into a link. When the victim clicks it, the model executes those instructions as if the user typed them. Second is the double-request technique (the“Reprompt”). Safety controls often apply only to the first request. By instructing the model to repeat an action twice, we found that attackers can bypass those safeguards on the second pass and extract data that should have been filtered. The third piece is where this becomes operationally dangerous: chain-request exfiltration. After the initial trigger, the attacker’s server feeds follow-up instructions to the model in the background. Each response drives the next request, allowing data to be pulled out incrementally and invisibly over time.
What makes this different from earlier prompt injection techniques is persistence and control. In some cases, the attacker maintains access even after the user closes the session. The actual data extraction isn’t visible from the initial prompt, which makes detection extremely difficult. For defenders, Reprompt means you can’t rely on static security controls or one-time validation. Security must evaluate how data is accessed across the entire interaction, including follow-up actions the AI takes after the initial request. AI systems should be treated as privileged actors with broad reach into sensitive data, and controls need to account for how that access behaves over time, not just when it’s granted.
Q2. What are the biggest disconnects you see between how security leaders think their data is protected versus the actual risks—especially around non-human identities, cloud data sprawl, and over-permissioned AI access?
Organizations are under pressure to move fast with AI. The more data AI can access, the more intelligent and useful it becomes. Yet even as enterprises race to adopt AI, most have connected only 3% of their data to it. It’s not that they don’t want the benefits of AI. It’s because they are concerned about what will happen. But teams aren’t waiting for permission. While security works to protect AI and the data that fuels it, employees are spinning up shadow AI tools and sharing their credentials, making it increasingly difficult to distinguish between human users and agents. In many environments, AI activity blends in with legitimate user behavior, breaking a core assumption in security: that user activity reflects human intent.
At the same time, the traditional model of exploitation is changing. The application layer once introduced friction. Exploiting misconfigurations required manually navigating interfaces in a slow, iterative process that rarely exposed the full data blast radius. AI removes that friction, aggregating access across APIs, service accounts, and integrations, and connecting directly to data at machine speed. What once took days now takes minutes, turning AI into a powerful data discovery engine while application-layer control points steadily weaken.
Compounding this, AI systems are often over-permissioned by design, resulting in powerful agents operating with minimal guardrails and making real-time decisions about what data to access and use.
The core challenge is visibility. Organizations lack a clear understanding of what sensitive data is actually reachable and exploitable by AI workloads. As AI collapses the distance between identity and data, risk is defined by what can be accessed in practice, not just what is allowed on paper. Without continuous visibility and testing, organizations remain blind to their true data risk surface.
Q3. What are your company's plans at Black Hat USA 2026? Any new product demos, thought leadership sessions, or special experiences attendees shouldn’t miss?
At Black Hat, we will be showing how Varonis helps IT and security teams do three things: protect data automatically, secure AI from end-to-end, and stop AI threats in their tracks.
We will be showing how Varonis provides visibility and security controls for AI systems and the data that powers them. Varonis Atlas focuses on securing AI systems: how they behave, how they interact with users and tools, and how they can be tested and hardened. Underneath that, the Varonis Data Security Platform focuses on the data layer: what data is sensitive, where it lives, who has access to it, and whether that access is appropriate in context.
Varonis will show how attacks work in the wild and what it takes to stop them. Attendees can try their skills at our all-new Entra AI GHOST CTF, which takes players on a beach-themed, data exfiltration challenge. The CTF is available to play in our booth at Black Hat and in the Cloud Village at DEFCON, where we’ll have limited-edition swag and some surprises along the way. A big part of the conversation will center on monitoring and controlling agentic AI. As AI systems act across tools and services, governing data and interactions becomes critical. That’s an area we’ve been focused on heavily, including capabilities to control and observe how data flows across chained operations. We’re also tying this into the broader AI ecosystem, with integrations for top AI tools like Claude and Microsoft 365 Copilot and many more, that reflect how developers are building AI applications today.
