What differentiates SOCs that get results from their AI strategies is those CISOs that take ownership of AI initiatives and anticipate obstacles early, systematically demolishing legacy walls that stand in the way.
The gap between the promise and delivery of AI dominated the discussion at Forrester’s 2025 Security and Risk Summit last week. "Today we have a chaos agent of our own," Eli Mellon, a leading analyst, said during his keynote. "And that chaos agent is – you guessed it – generative AI."
His keynote address focused on the fact that many organizations and their cybersecurity teams are stuck behind self-imposed barriers that limit their potential.
Agentic AI closing the gap between winners and losers
The difference between AI winners and losers in cybersecurity isn’t about the technology. It’s about organizational readiness.
While Carvana, the City of Las Vegas, Copperbelt Energy Corporation PLC, Inductive Automation, Salesforce, and many other leading organizations are achieving efficiencies, most enterprises remain stuck behind barriers that have been in place for decades. With adversaries achieving a breakout in just 2 minutes 7 seconds, and 80% of security teams preferring to integrate GenAI into a broader security platform, dismantling legacy walls is not just strategic, it’s existential. According to recent SANS Institute findings, more than 70% of enterprises experienced at least one AI-related breach in the past year alone, with generic models now the primary target.
However, the latest industry data presents a troubling paradox. Carnegie Mellon’s AgentCompany benchmarks show that AI agents fail 70 to 90% of the time at complex enterprise tasks. Research from Salesforce confirms that its internal agent failure rates exceed 90% when security guardrails are implemented. Yet 79% of executives report meaningful productivity gains from deployed AI agents. The solution lies not in perfecting AI, but in removing the organizational walls that prevent its effective deployment.
"As we know, legacy SOCs can’t compete. It has been transformed into a modern day firefighter," warned CrowdStrike CEO George Kurtz during his keynote at Fal.Con 2025. "The world is entering an arms race for AI superiority as adversaries weaponize AI to intensify attacks. In the AI age, security depends on three things: the quality of your data, the speed of your response, and the accuracy of your enforcement."
Enterprise SOCs contain an average of 83 security tools across 29 different vendors, each generating different data streams that make easy integration with the latest generation AI systems challenging. System fragmentation and lack of integration represents AI’s biggest vulnerability and organizations’ most solvable problem.
The mathematics of equipment dispersion proves disastrous. Organizations deploying AI across fragmented toolsets have reported significant increases in false-positive rates. This equates to approximately one in four alerts, with some teams experiencing over 30% false alarms or even higher. The majority of enterprises, 74%, rely on multi-vendor cybersecurity ecosystems, with 43% citing the lack of cross-platform integration as a significant operational burden.
Breaking governance deadlock with single agent architecture
Traditional security governance was created for and involves human-paced operations composed of quarterly reviews, monthly audits, and daily approvals. AI agents operate at machine speed, making millions of decisions per second. This velocity mismatch creates a governance crisis that paralyzes AI adoption.
Getting governance right is one of CISOs’ toughest challenges and often involves removing long-standing barriers to ensuring their organization can connect and contribute to the business. CrowdStrike, Palo Alto Networks, SentinelOne, Trelix and others are taking on this challenge at the architectural level of their platforms.
CISOs told VentureBeat that achieving excellence in governance is one of their most important tasks to get right. Having a centralized platform that consolidates all sources of telemetry, ideally in a single-agent model, is needed. SOC teams need the latest telemetry data to accomplish real-time correlation, detection scaling, and response. CrowdStrike’s Falcon platform, for example, consolidates endpoint, cloud, detection and threat intelligence streams into a unified telemetry pipeline, enabling SOC teams to make governance decisions at machine speed and accuracy. From a governance perspective, this architecture opens up many important capabilities.
Policy-as-code for AI agents: Guardrails (for example, data residency rules, acceptable use, privileged action limits) can be encoded once and applied consistently wherever agents operate, rather than having to be re-enforced per device.
Single source of truth for evidence and audit: Investigations, exception approvals and AI-powered actions are all supported by a single telemetry and log fabric, simplifying regulatory reporting and reducing audit findings.
continuous control monitoring: Instead of sampling controls quarterly, the platform can continuously test whether identity, endpoint, and workload policies are truly effective in a live environment.
closed-loop enforcement: Detected policy violations can automatically trigger compensatory controls – from revoking tokens to isolating workloads – without waiting in human approval queues when risk thresholds are exceeded.
Persistent identity-centric governance: Mapping activity not just to devices or IPs, but also to identities, allows CISOs to enforce least privilege, monitor insider risk, and control what AI agents do on behalf of humans.
These design goals equate to fewer agents to manage and patch, fewer conflicting policies, and fewer blind spots in hybrid and multi-cloud environments. For CISOs, this translates into something very concrete: a defensible narrative to boards and regulators that AI initiatives are not rogue automation, but rather operating within a proven, monitored, and enforceable governance framework built on a coherent architecture rather than a tangle of tools.
changing the culture of "No" Forces CISOs to think strategically
A CISO’s transformation from security gatekeeper to business enabler and strategist is one of the best steps any security professional can make in their career. CISOS often comment in interviews that the transformation from an app and data disciplinarian to an enabler of new growth, with the ultimate goal of showing how their teams help drive revenue, was the catalyst they needed for their careers.
Andrew Obadiyaru, CISO at Cobalt, understands the urgency: "Nothing particularly new, maybe AI is new, and the speed at which all this is happening is increasing, but we need to do better at all this in 2025."
"Linking our teams’ performance to the new revenue we enabled by thinking strategically has been the best decision I’ve made for my teams and my career," a CISO at a financial services firm told VentureBeat.
Pritesh Parekh, CISO at PagerDuty, emphasizes this "When security is done right, we are actually accelerating business by removing manual checkpoints and replacing them with automated guardrails." This approach directly enables the machine-speed governance that AI agents require, which coincidentally is the same governance architecture that CrowdStrike and others are building into their platforms.
Organizations with integrated security and IT operations excel in governance, as well as report 30% fewer critical security incidents than organizations with siled teams. When opponents achieve a breakout in 2 minutes 7 seconds, cultural silos become vehicles for attack.
The solution is straightforward. Integrate security teams into development and operations. Create automated guardrails, not manual checkpoints. Enable AI agents to securely tap into integrated data streams for instant response while monitoring in real-time. This way, security stops being the department that slows everything down and becomes the intelligence department that powers automated defense.