Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver

Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the security stack. The data shows SOCs are buying, deploying, and standing up AI capabilities at the fastest

The article reports that while AI-powered SOC platforms, agentic tools, and co-pilots are now widely budgeted and deployed, only about 10% of security operations centers believe they are getting excellent value from these AI investments. It highlights a 'second wave' expectation, where organizations need AI that integrates better with existing processes, governance, and human workflows instead of remaining a primarily marketing-driven capability. From a CyberSE.AI perspective, this gap between deployment and realized value represents a governance and operating-model risk: poorly governed AI in SOCs can lead to alert fatigue, misplaced trust in models, and unclear accountability for decisions. Organizations should treat AI SOC adoption as a CISO-level governance program—defining roles, risk tolerances, auditability, and measurable outcomes—rather than a standalone tooling upgrade.