At Information Security Buzz, we deliver the latest cybersecurity news and insights, engaging with various companies to understand their goals, objectives, and contributions to advancing cybersecurity. In this interview, we spoke with Kamal Shah, Co-founder and CEO of Prophet Security, to explore the company’s mission and discuss how their AI-driven SOC Analyst addresses the evolving landscape of cybersecurity threats.
1. Tell me about Prophet Security and what inspired your team to build an AI SOC Analyst, and what exactly does it do within a security operations center?
The number one customer feedback we got at my last two companies was that we were generating too many alerts and too many false positives. Alert fatigue has been a problem that has plagued the security industry for the past decade and organizations are struggling to operationalize new security tools.. So, when chatGPT came out in November 2022, the first question in our mind was whether Gen AI was the answer to solving this massive challenge.
This foundational shift in technology powers our AI SOC Analyst (also known as an AI cybersecurity assistant by Gartner) that automates the manual, tedious tasks required to triage, investigate and respond to alerts.
2. Can you describe the main challenges Security Operations (SOC) teams face without AI SOC Analysts?
The first challenge is alert fatigue. Companies, on average, have between 60 and 75 security tools, and they generate an overwhelming number of alerts. Most of them are false positives or expected activity. Investigating this endless stream of alerts and separating signal from noise is an intractable problem. Some teams resort to turning off detections or completely ignoring low- and medium-severity alerts, which creates security gaps and exposes the organization to unnecessary risk.
The second challenge is missing detections. Organizations want to add more detections to address emerging threat vectors, particularly in cloud and identity, but are hampered by their security team’s capacity to triage and investigate new alerts.
Another growing concern is team morale.
Manual, repetitive tasks such as retrieving and correlating data to investigate alerts often lead to low morale, burnout, and attrition. Organizations also have to constantly hire and train junior analysts, which creates an additional burden.
3. Why are traditional SOC methods no longer sufficient to combat modern cybersecurity threats?
The fundamental issue with traditional SOC methods lies in their inability to keep pace with the speed, scale, and sophistication of AI-powered cybersecurity threats. Traditional SOCs have historically depended on manual processes with ineffective automation to identify and respond to security events through in-house SOC or an MDR/MSSP. Fighting AI with manual processes is a losing battle. To effectively combat today’s threats, organizations need to evolve their security operations and leverage AI to fight AI.
4. How does integrating AI analysts into security operations transform the way organizations approach threat detection and response?
Integrating AI into security operations represents a transformative shift in how organizations approach threat detection, investigation, and response. Simply put, an AI augments human analysts and leverages multiple AI technologies like Machine Learning (ML), Large Language Models (LLMs), and agentic architectures to automate manual, repetitive tasks traditionally handled by human analysts.
Instead of replacing human analysts, AI augments their capabilities. AI excels in automating tasks like threat detection, alert triage and investigation, and incident response, while humans contribute intuition, experience, and judgment. This collaboration creates a more robust defense mechanism against cyber threats.
5. Haven’t we tried to automate security operations with SOAR tools?
AI SOC Analysts differ significantly from traditional approaches to automation. Security Orchestration, Automation, and Response (SOAR) tools are static in nature and require significant upfront efforts to codify playbooks and build out integrations to various security tools. By contrast, AI SOC Analysts leverage Gen AI to dynamically create and execute investigation plans and require no upfront investment from security. Their architectures allow them to plan, reason, and make decisions independently, functioning as proactive digital assistants.
AI SOC Analyst is also very different from a Security Copilot. An AI SOC Analyst is proactive and works independently 24×7 to perform its objectives (i.e. triage and investigate an alert). By contrast, Security Copilot is reactive and requires questions from analysts.
6. What makes the current moment pivotal for adopting AI in security operations?
Several factors make the current moment pivotal for adopting AI in security operations.
The increasing volume and sophistication of cyber threats and the challenges faced by traditional SOCs create an urgent need for more effective and efficient security solutions. It is no longer a “nice to have”, it is a “must have” for most organizations.
According to Gartner, AI-enhanced attacks were ranked as the #1 threat to enterprises for the third quarter in a row. Attackers are increasingly using generative AI in business email compromise (BEC) phishing attacks, with 40% of phishing emails generated by AI, according to a recent study by VIPRE. One study by Zscaler found a 60% increase in AI-generated phishing attacks from 2023 to 2024.
As cybercriminals use AI technologies to amplify their attacks, attempting to defend against them using traditional methods is an insurmountable challenge.
AI’s ability to automate tasks, analyze vast amounts of data, and adapt to evolving threats offers a compelling solution to these challenges. Organizations that embrace AI in their security operations stand to gain a significant advantage in protecting their assets and data.
7. How do AI SOC Analysts collaborate with human analysts? Will AI take away SOC analyst jobs?
AI SOC Analysts and human analysts will most definitely collaborate, and Prophet AI SOC Analyst is designed to collaborate with human analysts, not replace them. Prophet AI handles the tedious and repetitive tasks of triaging and investigating alerts, freeing human analysts to focus on high-impact security tasks requiring human judgment and expertise.
This collaboration enhances the efficiency and effectiveness of the SOC, allowing organizations to respond to threats more quickly and effectively.
8. How does an AI SOC Analyst adapt to an organization’s changing security needs or emerging, sophisticated threats that evolve over time?
AI SOC Analysts adapt to changing security needs and new threats through continuous learning and feedback from analysts.
Continuously adapts to an organization: AI SOC Analysts learn from analyst feedback and adapt their responses accordingly. For example, an analyst can provide contextual feedback such as “Nord VPN is allowed in an organization” and Prophet AI will incorporate this feedback in current and future investigations.
Integrating with existing tools and workflows: Effortless integration with a wide range of security tools and platforms is essential for AI SOC Analysts to ensure rapid adoption by security teams.
9. What tangible benefits can CISOs and SOC managers expect after an AI SOC Analyst?
For CISOs, AI SOC Analysts can significantly reduce risk by investigating alerts in minutes, separating the signal from the noise, prioritizing critical alerts for their security teams, and accelerating response.
CISOs no longer have to ignore low—and medium-severity alerts and can add more detections without worrying about SOC team capacity, further lowering risk and achieving greater ROI from their existing security tools.
Lastly, their teams no longer have to spend time on manual processes or false positives, freeing up their time to focus on other security tasks and deliver greater impact with the existing team.
For SOC managers, AI SOC Analysts will measurably improve several SOC metrics:
Dwell time, or the time it takes for an alert to get picked up, essentially goes to zero since AI SOC Analysts start working immediately after an alert is fired.
Mean time to investigate (MTTI) and mean time to respond (MTTR) are dramatically lowered with an AI SOC Analyst as each alert is investigated within minutes.
SOC managers will also benefit from improved morale and lower team attrition, as their analysts no longer have to spend time on repetitive and mundane tasks. Instead, security teams can focus on higher-impact tasks such as proactive threat hunting or red teaming. AI SOC Analyst also accelerates the onboarding process of new analysts, enable them to deliver immediate impact to their organization.
10. What should customers consider when evaluating AI SOC Analysts or similar tools?
When evaluating AI SOC Analysts or similar tools, customers should examine solutions across five key criteria:
- Coverage: What percentage of the customer’s alerts can the AI SOC Analyst investigate?
- Accuracy: What percentage of the alerts did the AI SOC Analyst accurately investigate?
- Quality: How complete and explainable are the investigations completed by the AI SOC Analyst?
- Workflow: How seamlessly does the AI SOC Analyst integrate with customer existing tools and processes?
- Time to value: How quickly does the AI SOC Analyst integrate into the customer’s environment?
To learn more about Prophet Security and the services they offer, visit their website – https://www.prophetsecurity.ai/
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
