Build the agentic SOC to combat AI-powered attackers

Ahmed El Saadi, group VP at Splunk for the Middle East, Africa, Türkiye, Romania and CIS.

---

Companies can combine cyber security technology solutions to build an AI-powered SecOps platform capable of countering threat actors who use AI to accelerate attacks, according to Splunk, a Cisco subsidiary and unified data analytics platform.

The cyber security firm will participate in the ITWeb Security Summit 2026 in Johannesburg, using the forum to highlight technologies available to companies grappling with Africa’s digital transformation and its extensive attack surface.

Ahmed El Saadi, group VP at Splunk for the Middle East, Africa, Türkiye, Romania and CIS, is scheduled to present during track six on 2 June, which focuses on next-generation cyber security.

El Saadi will explain the rationale and value of unifying SIEM (security information and event management), SOAR (security orchestration, automation and response) and UEBA (user and entity behaviour analytics) into a single AI-powered SecOps platform.

Speaking to ITWeb ahead of the summit, El Saadi said the topic is relevant because the threat landscape is changing faster than most companies can adapt.

“Attackers are already using AI to increase speed, scale and sophistication, while defenders are still dealing with fragmented tools, alert overload and a persistent skills gap. In that environment, security AI cannot be treated as a future concept; it must become a practical capability that helps teams move faster, reduce noise and make better decisions. The unified SOC is central to that, because AI delivers the greatest value when it is grounded in connected data, shared context and co-ordinated workflows,” he said.

Splunk will emphasise that cyber resilience is no longer just a technical priority – it is a business imperative, El Saadi said.

“Business leaders need to know that AI can be a powerful force multiplier for security teams, but only if it is built on the right data foundation, integrated operations and clear governance. Organisations do not need more disconnected tools; they need better visibility, stronger alignment between security and IT, and smarter automation that helps their people focus on the threats that matter most. Above all, resilience comes from being able to see more, know more and act faster,” he said.

See also

AI only as secure as the information behind it: OpenText

Splunk lists AI, supply chain risks and the global skills gap as three of the biggest issues facing the security industry.

El Saadi said the use of AI by bad actors is accelerating, as is the ability to use AI to detect exploits and hone attack vectors.

“This is one of the reasons why the use of AI in cyber defence has seen such enormous growth in recent years. While rigorous domestic upskilling in cyber security skills will play an important role in organisations' defence posture, so too will their ability to leverage AI to more effectively use the cyber security resources at hand.”

On supply chain security, El Saadi said any company’s security is only as strong as its weakest link.

“Organisations simply cannot afford to overlook the security posture of their third-party suppliers. For many, though, simply assessing vendor risk through questionnaires will not be enough. More rigorous, ongoing methods are needed, including technical control evaluations, risk information sharing and automated data analysis with AI.”

He added that cyber security remains the biggest barrier to AI adoption. According to Cisco’s 2025 Cybersecurity Readiness Index, only 5% of organisations in SA are fully cyber ready – highlighting a significant trust and preparedness gap.

At the same time, gaps in infrastructure, network performance and skills continue to limit scale while cyber threats are rising.

According to Splunk, AI will accelerate Africa’s digital economy, but only if cyber security, infrastructure and skills evolve together to enable safe, scalable adoption.