AI is changing the economics of both software development and cyberattacks. Organizations are shipping code faster than ever, increasingly with the help of AI agents and tools that generate, modify, and deploy software with limited human review. At the same time, attackers now have access to those same capabilities. AI can analyze unfamiliar code, identify weaknesses, and accelerate exploit development in ways that dramatically compress the time between vulnerability disclosure and exploitation.
For security operations teams, this isn't just another technology shift. It challenges one of the core assumptions that modern SecOps has been built around: that defenders have time. Time to investigate an alert, gather context, determine impact, and decide how to respond. As exploitation timelines continue to shrink, the traditional model of collecting context after an alert fires becomes increasingly difficult to sustain.
The response isn't simply to add more automation. It's to rethink how security operations works. In an AI-driven world, the teams that succeed will be the ones that can continuously understand their environment, monitor new classes of activity, and investigate incidents at machine speed. Underlying all three is a single requirement: context.
The industry often talks about AI as though it benefits attackers and defenders equally. I don't think that's true. Attackers gain speed, but defenders gain something more valuable: the ability to reason over the full context of their environment. AI is fundamentally a context engine, and defenders possess information that attackers never will—the relationships between workloads, identities, data stores, cloud resources, code, and business functions. The challenge is making that context available before it's needed.
Preparation: Context Must Exist Before the Incident
Most security teams still operate reactively, and historically that made sense. In fact, much of modern security operations—and many SIEM-driven workflows—were built around that assumption. Detect an alert first, then gather the context needed to understand impact and determine a response.
In the AI and Cloud era, that process is becoming a liability.
The first major change AI forces on security operations is that context can no longer be gathered during an investigation. It has to exist beforehand. Security teams need a continuously updated understanding of their environment: what workloads are running, what identities they use, what data they can access, how they connect to one another, and what business purpose they serve.
This challenge becomes significantly harder as AI-powered applications proliferate. New agents, services, and AI-assisted workflows are appearing faster than most organizations can manually inventory them. Maintaining an accurate understanding of the environment becomes impossible through manual processes alone.
The practical implication is that every workload should be explainable on demand. An analyst should be able to immediately understand what a service does, what it can access, who owns it, and what the impact of compromise would be. Building and maintaining that level of understanding at cloud scale increasingly requires AI itself, supported by a data model that makes the relationships across the environment explicit and easily traversed by AI agents.
Monitoring: The Attack Surface Has Expanded
The second shift is in what security teams need to observe.
AI applications introduce a new layer of activity that doesn't fit neatly into traditional monitoring approaches. In the past, security teams primarily focused on infrastructure, workloads, and user behavior. Now they also need visibility into the interactions happening between users, applications, and models. At Wiz, we think of visibility across three layers: the model layer, the workload layer, and the cloud layer
At the model layer, organizations need visibility into inputs and outputs. Prompt injection attempts, sensitive data exposure, model misuse, and other AI-specific attack techniques often become visible first through invocation logs. Whether organizations choose to inspect requests inline or analyze logs afterward is less important than ensuring the visibility exists.
At the workload layer, runtime monitoring remains as important as ever- and the value of context is even higher. A suspicious process execution, outbound connection, or metadata service request may not be meaningful in isolation; Combined with evidence of prompt manipulation or unusual model activity, however, the same signal can become highly relevant. The challenge is no longer collecting telemetry; it's understanding events within the broader context of the workload generating them.
The cloud layer is where this becomes especially important. AI agents increasingly interact with databases, SaaS applications, APIs, and cloud infrastructure using machine identities and delegated permissions. As a result, many of the most important signals appear not in the model itself, but in the actions taken on its behalf. An AI agent modifying sensitive data, accessing resources outside its expected scope, or receiving elevated privileges may indicate behavior that warrants investigation even if the underlying actions appear legitimate on the surface.
Security teams therefore need visibility across all three layers—and, more importantly, the ability to connect them. A prompt injection event, a suspicious process execution, and an unexpected database modification may appear unrelated when viewed in isolation. When connected through a graph of workloads, identities, permissions, data stores, and cloud resources, they become part of a coherent narrative. The underlying data model matters because it determines whether AI agents can reason across the environment or merely analyze isolated events.
Response: Keeping Pace with Automated attacks
Today, much of an analyst's time is spent gathering information rather than making decisions. Investigations often require pivoting across multiple tools to collect cloud logs, runtime telemetry, asset inventories, source code, identity relationships, and forensic artifacts before a conclusion can even begin to emerge. The bottleneck is rarely access to data- it's assembling the relevant context quickly enough to understand what happened.
This is where AI has the potential to create a meaningful advantage for defenders.
An attacker operates from the outside in. Even with AI assistance, they are limited to the information they can discover or obtain. Defenders operate from the inside out. They have access to the complete environment: asset inventories, identity relationships, data access patterns, historical activity, source code, infrastructure definitions, and organizational context.
Because AI agents perform best when given rich context, defenders are uniquely positioned to benefit from them.
Effective AI investigation agents can analyze cloud events, runtime activity, invocation logs, source code, and forensic evidence simultaneously. It can determine not only whether something suspicious happened, but whether a workload behaved in a way that is inconsistent with its intended purpose.
That distinction is important. Security teams are often overwhelmed by alerts that appear suspicious but turn out to be expected behavior. The question shifts from "Did something unusual happen?" to "Did something happen that this workload was never designed to do?"
Answering that question requires context, but it is also where defenders possess their greatest advantage. Attackers may be able to automate exploitation, but they cannot easily replicate the internal understanding organizations have about their own environments.
These capabilities are not on the horizon. AI agents are already moving beyond static analysis and actively collecting evidence as part of live investigations. Rather than waiting for an analyst to retrieve logs, inspect code, or examine infrastructure definitions, AI Agents perform those tasks automatically, assembling the information needed to reach a conclusion. Human analysts remain responsible for judgment, escalation, and response, but they spend less time gathering facts and more time acting on them. Wiz's Blue Agent is one concrete example of this already in practice: when a threat is detected, it automatically investigates, collects forensic artifacts, and delivers a verdict—with a transparent explanation of every step—before a human analyst has even opened the alert.
The New SecOps Playbook
Security operations is entering a period of transition. The workflows, assumptions, and tooling models that evolved around slower-moving environments are being challenged by a world where software is created faster and attackers can move at machine speed.
The organizations that adapt successfully will be defined by how effectively they operationalize the context they already have, not just the tools they deploy.
The future SOC will not be defined by the number of alerts it processes or the amount of automation it deploys. It will be defined by how effectively it can understand its environment and apply that understanding during an investigation. AI will become foundational to security operations not because it replaces analysts, but because it enables defenders to reason over complex environments at a scale and speed that humans cannot achieve on their own.
