THE agentic SOC—Rethinking SecOps for the next decade, published on 9 April 2026 by Rob Lefferts and David Weston, argues that security operations must move from reactive incident handling to anticipatory, autonomous defence. It notes that attacks such as ransomware are disrupted in an average of three minutes and that tens of thousands of attacks are contained every month, with a 99.99% confidence rating backing the approach.
The piece describes a two‑layer model: a deterministic disruption layer that blocks high‑confidence threats in real time, and an operational layer where AI agents assist investigators, coordinate responses, and learn from outcomes. It also highlights internal testing where live agents automate 75% of phishing and malware investigations, and mentions predictive shielding extending autonomous defence further.
Finally, it outlines a three‑stage journey for SOC maturity—unifying the platform, accelerating operations with generative AI and task agents, and deploying agentic automation—emphasising that human judgement remains essential even as automation expands.