Artificial Intelligence for Security: From Copilots to Agents

The Journey So Far

Artificial Intelligence (AI) is transforming Security Operations Centres (SOCs), ushering in a new era of enhanced threat detection, improved efficiency, and proactive cyber defence. As organisations and industries continue to boom, the requirement for speed and scale is on everything including cyber security.

AI has seen a revolution in terms of growth and interest, what sparked the initial interest was the advent of ChatGPT and the mainstream concept of Large Language Models (LLMs). Whilst these earlier versions and models are miles away from the level we often see today, they took the world by storm, writing code, performing in-depth analysis and sometimes reasoning information very well.

Due to the sensitive nature of cyber security, the mainstream adoption of ChatGPT and similar offerings did not launch as well as anticipated. The need for confidential ‘chats’ meant that security teams were limited in the ways they could adopt such technology.

With the availability of models growing and software offering the ability to “self-host” your LLM’s in a self-managed environment meant that organisations could utilise LLM’s in a more controlled fashion. During which time, the launch of Microsoft Security Copilot was announced, marking one of the first key chat-based and security focused solutions to hit the mainstream market.

Microsoft Security Copilot offered a unique promise in that Microsoft had trained this version of Copilot on security data. This meant that organisations could now submit security events and alerts to then have conversations about further investigation guidance, response steps and strategic risk mitigation advice.

In the CrowdStrike world, Charlotte AI also launched, offering very similar capabilities.

The industry quickly learned that we needed:

• Training data

• Better models

• A more automated mechanism versus chatting

• Better prompting techniques

• Ability to be autonomous

AI Agents

The hype of “agentic-AI” became mainstream, in the security industry, this meant for a second go at “SOAR”, with the promised ability to create workflows of LLMs, providing them instructions and programmatic input, connections to tools via APIs and file systems.

Currently there are loads of options for organisations looking to get started with AI agents, platforms such as n8n and CrewAI make it very easy to get going, including the ability to:

• Bring your own model

• Self host

• Test with version control

• Connect tools via APIs

• Connect knowledge to prime the LLM

• Perform RAG operations during the workflow runtime

The SOAR era promised lots of automation potential, however fell over due to the level of time required to invest to realise investment, along with the investment cost itself. AI Agents are expected to be the new era, providing much lighter design and implementation.

We’ve already seen workflows that can triage security alerts without any human interaction, providing a confidence rating to allow human analysts to review, known as “human in the loop”. This really sets the scene for what AI in a SOC might look like in the future.

What’s Next for AI in Security?

The key focus of everyone currently is DeepSeek and the positive impact that may have on adoption due to its cost versus other models, including its efficiency. We will continue to see a battle of cost for more efficient models.

Agentic AI will continue to rumble, providing lower barriers for adoption through workflow building platforms like n8n. AI agents will enable security teams to perform basic tasks such as:

• Alert quality review

• Analysis of events for recommendations

• Creation of basic SIEM queries

• Trending of alerts

We will expect to see a lot more human in the loop solutions, with the world still not ready to relinquish full control to AI, having AI in the middle is a great way to get going.

To see more about what Precursor Security are doing with Artificial Intelligence, Large Language Models and Agentic AI, sign up to our upcoming webinar here: https://marketing.precursorsecurity.com/webinar-ai-in-a-soc/

‍