In April of 2025, researchers published the AI 2027 report as part of the AI Futures Project,
a non-profit forecasting the future of AI. It was a wide-ranging scenario prediction for the
next three years in AI. This chapter looks at the most important development in cyber-
security, the rapid rise of SOC Automation, and makes predictions based on some of the
conclusions from the report.
Like most scenario planners, the authors started with today and projected forward
based on how we got here. The “intelligence” of LLMs is growing at 10X a year. That
makes it hard for anyone to predict the near future because humans are bad at grasping
exponential growth.
The entire AI 2027 scenario hinges on one thing: that the engineers responsible for
improving models at OpenAI, Anthropic, Google, Grok, Meta, and DeepSeek will use
existing models to assist them, as indeed they are already. This will progress until they
have created AI research assistants that are smarter than our smartest humans. By 2027
there will be “superhuman AI researchers.”
After that, AI intelligence grows so fast that superintelligence will appear to have
happened overnight. Alvin Toffler and Adelaide Farrell will be nodding their heads at the
level of disruption this will cause. “See, this is what we were talking about in Future Shock.”
The same trend is evident in cybersecurity. By 2027, there will be superhuman SOC analysts.
Rather than delve into the report’s predictions about misalignment — evil AIs wiping
out the human race — consider the implications for our comparably mundane world of
cybersecurity.
This scenario is based on the rapid increase in intelligence in AIs with superintelligence
only one year away.
As we go to press we learned of the first large technology company to say they had
eliminated their SOC team to be replaced with fully automated agents providing 100% triage of alerts.
It’s happening.
Of the 378 AI Security vendors tracked in the IT-Harvest Dashboard, 61 are in a category
I call SOC Automation. The concept is simple: alert triage will be handled by AI agents.
There have always been two sides to cybersecurity:
The protective side represented by firewalls, hardened configurations, multi-factor
authentication, and encryption — things that either stop attacks altogether or dramatically
increase the costs for the attackers.
The detective side is where the SIEM (Security Information and Event Management)
comes into play. Everything that can be is instrumented to report what is happening.
Logs and alerts are funneled into a centralized SIEM where they are prioritized based on
algorithms. SOC analysts use analytic tools to “hunt” down the causes of the tiny, tiny
fraction of alerts that they have time for and take actions to stop an ongoing attack or
clean up after an attack.
Note that the average age of the 50+ SOC Automation startups is three years. And
the average headcount (leaving out Torq, a pre-ChatGPT company) is 27 people. Note
also that the biggest post-ChatGPT company, Exaforce, announced a $75 million series
A investment from Khosla Ventures, Mayfield and Thomvest Ventures in April 2025.
You may think the Exaforce press release over-hypes their “Agentic SOC Platform
that combines AI agents (called “Exabots”) with advanced data exploration to give
enterprises a tenfold reduction in human-led SOC work, while dramatically improving
security outcomes.” But you would be wrong.
About the same time Torq acquired an Israeli startup that was still in stealth. Ofer
Smadari, CEO, said: “By integrating Revrod into Torq HyperSOC 2o, our most advanced
platform yet, we’re delivering the world’s first OmniAgent: a robust, collaborative,
AI-driven system that autonomously investigates, triages, and remediates threats with
near-human-level analysis and precision.”
When I wrote about the rise of SOC Automation in April of 2025, I predicted that
“by the end of the year, they will work so well that most of these vendors will experience
skyrocketing sales. Only those that attract enough investment will be able to scale to meet
the demand.” After writing that in a Substack post, the startups reached out to tell me I
was wrong. They were already getting sales. As of this writing, many are over $3 million
in ARR.
If a CISO can invest in SOC Automation and 10X their alert triage, let alone stop attacks,
they will pay. And if you argue that LLMs are not good enough to displace humans, what
happens to your argument in 12 months when the LLMs are ten times better? Thinking
exponentially can dramatically impact your scenarios.
The founders of AI Security companies are all thinking exponentially. The investors
too. This is going to be a scaling race. Strategic buyers are going to pay extraordinary
amounts to place their bets and not get left behind. Rapid advances in technology can
leave the biggest companies floundering for relevance.
Here are more predictions based on the concept of the intelligence explosion described
in AI 2027. Keep in mind that we are talking about the biggest technological shift in our
lifetimes; bigger than the internet, mobile computing, virtualization, and cloud computing.
So there are going to be outsize changes in the landscape.
By the end of 2026, 95% of all SOCs will use AI agents, including those of MSSPs. In
other words, most medium to large companies will see a dramatic decline in their security
spend and will no longer need a large percent of their security teams.
More than 50% of SMBs will subscribe to automated detection and remediation from
new suppliers.
Several of these companies will have billion-dollar valuations before the end of 2026.
Not a stretch considering that Protect AI, one of the AI Model Protection companies, was
reportedly acquired by Palo Alto Networks at a cost between $600 and $750 million.
One of these companies will be on track to have a billion dollars in revenue at the end
of 2027. That’s right. Faster growth than Wiz ever saw.
The costs for attackers will skyrocket. Only nation states will have the resources to
devise attack methods that will bypass AI defenses. It will be cheaper to infiltrate a target
with human spies than it will be to devise a cyberattack that can the AI defenses.
I have always found it a valuable exercise to recognize when massive change is on
the horizon and predict the impact. Everyone in the security industry should be evaluating
the advent of superintelligence and making plans to take advantage of it.
Comments ( 0 )