Security Operations Centers (SOCs) are drowning in noise. The average company now generates close to a thousand alerts a day. For very large enterprises, the number surges past 3,000. Close to half (40% never get fully investigated. Some turn out to be critical.
This is outlined in Prophet Security’s new report, “State of AI in Security Operations 2025”. Based on a survey of 282 security leaders at large organizations, the study maps out the rising pressure on SOCs, the limits of human-led operations, and the rapid adoption of artificial intelligence as a lifeline.
The Alert Tsunami
Organizations run on a complex patchwork of tools. On average, 17 to 20 separate products generate alerts. Each one adds noise and complexity. The result: around 40% of alerts never get touched. And more troubling, around 60% of security teams admit to ignoring alerts that were later found to be critical, leading to exposure or disruption.
To cope, more than half of SOCs (57%) suppress certain detection rules, particularly around cloud and identity activity. That may ease workloads, but it also leaves gaps bad actors can exploit.
Pain Points in the SOC
The report identifies four major pain points. Triage and investigation take too long. Coverage is patchy, with gaps in 24/7 monitoring. Analyst burnout and turnover remain high. And automation often fails to deliver the promised efficiency.
Together, these issues create a cycle: more alerts, more fatigue, more ignored signals. Even large SOC teams (some with 50 to 100 analysts) struggle to keep pace.
AI Breaks Through
Security leaders are turning to AI to break the cycle. Data security and cloud security remain top priorities but AI for SOCs has entered the top three. More than half of organizations (55%) already use AI for alert triage, investigation, or remediation.
The direction of travel is clear. Security leaders expect AI to manage around 60% of SOC workloads within three years. Most believe it will handle over half of all tasks in that timeframe.
Current use cases focus on alert triage and investigation, detection engineering and tuning, and threat hunting. AI accelerates triage by enriching alerts with context, correlating signals, and prioritizing the urgent few. It also extends monitoring beyond the limits of human shifts, reducing reliance on overstaffed 24/7 teams and easing burnout.
Shifting the Metrics
The success of AI tools is measured against the fundamentals: Mean Time to Investigate (MTTI), Mean Time to Respond (MTTR), and coverage. Early adopters report faster investigations and shorter dwell times. Some AI platforms can also recommend or automate remediation steps, cutting response times further.
The impact is not just operational. By reducing fatigue and turnover, AI can make SOC work more sustainable for human analysts.
Barriers and Blind Spots
There are still obstacles. Privacy and regulation sit at the top, named by nearly a quarter of security leaders. Integration with existing tools comes next. Cost, lack of transparency, and fears of replacement round out the list.
Notably, accuracy is less of a concern than in previous years. Confidence in AI’s reliability is growing.
Still, Prophet Security warns of strategic risks. Suppressing detection rules to manage workloads is a dangerous compromise, especially for cloud and identity signals. Hiring more analysts alone will not solve the problem.
Instead, organizations must rethink detection engineering and adopt AI-native platforms built for the SOC, rather than bolt-on features added to general tools.
When evaluating AI solutions, leaders need to weigh not only accuracy but also coverage, quality of investigations, integration with workflows, speed to value, and the handling of sensitive data.
Human Impact
Behind the metrics are people. Alert fatigue goes beyond an operational problem. It causes stress, burnout, and turnover. That weakens SOC effectiveness and drains budgets. Cybersecurity teams are already stretched thin, often seen as cost centers rather than revenue enablers.
In that context, AI is not a luxury. It is becoming essential to sustain operations. Yet, as the report stresses, AI must be integrated thoughtfully. Missteps risk introducing new blind spots or compliance issues.
AI as a Partner
Prophet Security’s report paints a picture of a sector in transition. SOCs face rising threats, surging alert volumes, and scarce human resources. The traditional approach (more tools, more analysts) has reached its limits.
AI offers a way forward. It can cut noise, speed investigations, and extend monitoring. It can reduce fatigue and allow scarce human talent to focus on higher-order problems. Adoption is accelerating, with most security leaders expecting AI to manage the bulk of SOC work within a few years.
But it is not a simple swap of machines for people. The firms that succeed will be those that integrate AI as a partner, not just a plug-in. They will design smarter detection, protect privacy, and measure results against outcomes that matter.
For now, the SOC remains a place of strain. Thousands of alerts, too few people, and too much noise. AI is not a silver bullet, but it may be the closest thing to relief that SOCs have had in years.
Download the report for the full findings.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.