An agentic security operations centre (SOC) model balances human and artificial intelligence to leverage trustworthy data, train reliable agents, manage automation effectively and counter the high failure rate of AI initiatives, according to Arctic Wolf.
Jason Oehley, regional lead at the cyber security firm, recently spoke to ITWeb about the company’s participation in the ITWeb Security Summit 2026, taking place in Johannesburg in June.
Oehley said many AI initiatives fail because of a lack of data, a lack of reliable AI and because projects are based on synthetic models.
ITWeb Security Summit 2026
Cyber security professionals can join hundreds of industry peers at ITWeb Security Summit Cape Town 2026 and ITWeb Security Summit 2026 in Johannesburg, where expert speakers will explore how organisations can stay resilient in the face of AI-driven attacks and an increasingly complex threat landscape.
“This means the initiatives are not designed to address real-world risk,” he added. “Organisations require huge amounts of data, teams to train AI and real-world scenarios to build trust. Without this, AI will act on its own and, if left to do so, increases the risk of hallucinations and erroneous data.”
Traditional SOCs are constrained by tiered teams, alert overload, fragmented tools and linear workflows. These limitations make AI-powered threats even more dangerous, as threat actors can leverage the technology to stay ahead of defences.
Threat actors already use AI to accelerate and scale attacks, increasing pressure on defenders. Security teams also need AI, but current solutions are often hard to trust and deploy. Hallucinations, weak reasoning and unreliable results reduce confidence, while data preparation, workflow adaptation, validation and ongoing governance add strain to already stretched teams.
This is why Arctic Wolf advocates the agentic SOC model. Unlike the traditional SOC, in which humans do the work, an agentic SOC is a model in which AI agents execute the primary workflows of detection, investigation and response, the company said.
An agentic SOC is defined by AI-led execution, continuous operation, parallel investigation, evidence-based reasoning, environment-aware decision-making and governed autonomy.
According to Arctic Wolf, this is not a feature added to the traditional SOC. It is a different operating model in which AI becomes the primary execution layer and humans provide direction, control and oversight.
Oehley explained that the company uses an authoritative and oversight AI model, which ensures the correct agents – either AI or human – are involved.
“The judge is to validate the outcome. Should there be additional confirmation needed, the judge would route this to a human for validation. This helps ensure a trusted AI model,” he added.
Oehley said many cyber security solution vendors claim to have released AI-powered defence products, but the AI is built on top of existing solutions and not fully integrated from the beginning.
Arctic Wolf plans to introduce its agentic SOC model at the summit and to explain to delegates why this represents a competitive advantage in a digital, AI-driven market.
Share
