What separates SOCs from achieving results through AI strategies does not start with CISOs who take ownership of AI initiatives and anticipate obstacles early, systematically breaking down existing partitions that get in the way.
The disconnect between AI’s promise and its implementation has dominated discussions on the site Forrester Security and Risk Summit 2025 last week. “We have our own agent of chaos today,” said Allie Mellen, chief analyst, during her keynote. “And that agent of chaos is – you guessed it – generative artificial intelligence.”
Her speech focused on the undeniable fact that many organizations and their cybersecurity teams find themselves trapped behind self-imposed barriers that limit their potential.
Closing the gap between winners and losers in agent-based AI
The gap between AI winners and losers in cybersecurity is not due to technology. It’s about organizational readiness.
Being leading organizations, including caravan, City of Las Vegas, Copperbelt Energy Corporation Plc, Induction automation, Sales powerand many others capture productivity gains, most businesses remain trapped behind barriers that have been built over many years. With opponents achieving a breakout in just 51 seconds According to CrowdStrike Global Threat Report 2025AND 80% security teams that prefer GenAI integrated into a broader security platform, dismantling old partitions is not only strategic, but existential. Above 70% of enterprises have experienced at least one AI-related breach only last yr, and – according to the latest findings of the SANS Institute – generative models are currently the principal focus.
However, the latest industry data presents a disturbing paradox. Carnegie Mellon’s AgentCompany benchmark shows that AI agents fail 70-90% of the time when performing complex enterprise tasks. Salesforce Research confirms that the internal agent failure rate exceeds 90% when using protective barriers. Already 79% of managers report a significant increase in productivity from implemented AI agents. The resolution is not about improving artificial intelligence, but about removing the organizational partitions that prevent its effective implementation.
“The SOC legacy as we know it cannot compete. It has turned into the modern firefighter,” warned CrowdStrike CEO George Kurtz during his keynote at Fal.Con 2025. “The world is entering an arms race for AI supremacy as adversaries use AI to accelerate attacks. In the era of AI, security comes down to three things: data quality, responsiveness, and law enforcement precision.”
Average enterprise SOC 83 security tools from 29 different vendorseach of which generates isolated data streams that prevent easy integration with the latest generation of artificial intelligence systems. System fragmentation and lack of integration are the biggest vulnerability in AI and the easiest problem to fix.
The math behind tool growth seems to be devastating. Organizations deploying AI through fragmented toolkits report significantly increased false positive rates. This corresponds to approx one in 4 notificationswith some teams having false alarm rates of 30% or more. Most enterprises, 74%, rely on cybersecurity ecosystems from multiple vendorswith 43% viewing the lack of cross-platform integration as a significant operational burden.
Eliminate management deadlocks with a single-agent architecture
Traditional security management was built for human-speed operations consisting of quarterly reviews, monthly audits, and day by day approvals. AI agents operate at machine speed, making thousands and thousands of choices per second. This speed mismatch creates a management crisis that paralyzes AI adoption.
Proper management is one of the most important challenges facing CISOs, and it often involves removing long-standing obstacles to ensure the organization can connect and contribute across the company. CrowdStrike, Palo Alto Networks, SentinelOne, Trellix and others are taking on this challenge at the architecture level of their platforms.
CISOs tell VentureBeat that improving governance is one of their most vital tasks to accomplish. You need a centralized platform that consolidates all telemetry data sources, preferably in a single agent model. SOC teams need the latest telemetry data to complete real-time correlation, detect scaling, and respond. For example, CrowdStrike’s Falcon platform consolidates streams of endpoint, cloud, identity and threat information into a unified telemetry pipeline, enabling SOC teams to make management decisions with machine speed and precision. From a management perspective, this architecture unlocks several key capabilities.
-
Politics as code for AI agents: Security controls (e.g., data retention policies, acceptable usage, privileged activity limits) might be coded once and consistently enforced wherever agents run, slightly than re-implementing them for each tool.
-
One source of truth for evidence and audit: AI-driven investigations, exception approvals and actions are supported by the same telemetry and log data structure, simplifying regulatory reporting and reducing audit findings.
-
Continuous monitoring of controls: Instead of sampling audits every quarter, the platform can repeatedly test whether identity, endpoint, and workload policies are actually effective in a live environment.
-
Closed-loop enforcement: Detected policy violations can robotically trigger compensatory checks – from token revocation to workload isolation – without waiting in queues for human approval when risk thresholds are exceeded.
-
Consistent, identity-focused management: Mapping activity to identities, slightly than simply devices or IP addresses, allows CISOs to implement least privileges, monitor internal risk, and limit what AI agents can do on behalf of humans.
These design goals mean fewer agents to manage and patch, fewer conflicting policies, and fewer blind spots in hybrid and multi-cloud environments. For CISOs, this implies something very specific: a defensible narrative to management and regulators that AI initiatives are not rogue automation, but operate inside a provable, monitored, and enforceable governance framework built on a coherent architecture, not a jumble of tools.
Changing the no culture forces CISOs to think strategically
Transforming a CISO from a security gatekeeper to a business enabler and strategist is the best step any security skilled can take in their profession. CISOS often mentions in interviews that moving from an application and data discipline specialist to a recent enabler with the ultimate goal of demonstrating how their teams help drive revenue was the catalyst they needed in their careers.
Andrew Obadiaru, CISO at Cobalt, conveys urgency: “Nothing is particularly new, maybe AI is newer and the speed at which it all happens is constantly increasing, but in 2025 we need to do better at all of this.”
“Tying my teams’ performance to the new revenue we’ve enabled through strategic thinking is the best decision I’ve made for my teams and my career,” the financial services company’s CISO told VentureBeat.
Pritesh Parekh, CISO at PagerDuty, emphasizes that “when proper safety is in place, we actually speed up operations by eliminating manual checkpoints and replacing them with automated guardrails.” This approach directly enables management of the machine speed that AI agents require, which coincidentally is the same management architecture that CrowdStrike and others are building into their platforms.
Organizations with unified security and IT operations tend to excel in management while also reporting 30% fewer serious security incidents compared to those with isolated teams. When your opponents manage to break in 51 secondsCultural silos turn out to be attack vectors.
The solution is easy. Integrate security teams into development and operations. Build automatic guardrails, not manual checkpoints. Enable AI agents to securely tap into unified data streams for easy response during real-time monitoring. In this manner, security stops being a gun that slows all the pieces down and becomes the intelligence that powers automatic defense.