How confident are you in letting AI agents take autonomous actions after a SIEM or XDR alert? Are you using them today? If not, what’s holding you back?

1.3k views1 Upvote7 Comments

Sort by:

Chief Product Officer in IT Services3 days ago

It's better to take a phased approach rather than shifting completely to autonomous actions right away. Start with automating repeatable tasks—like blocking known malicious IOCs detected on the network. Once that’s in place, you can move on to handling things like unauthorized scans or connection attempts. Often, the way an organization operates requires fine-tuning of SIEM and XDR tools to fully understand the business context and avoid false positives.

CISO| Legal & Regulatory APAC lead in Media9 days ago

From My experience, teams are cautiously optimistic about letting AI take autonomous actions after SIEM or XDR alerts due to False positive. Some already use it for low-risk tasks like isolating endpoints, but full automation is often held back by fear of false positives, lack of trust, or compliance concerns. Its better to have Human in the loop

CMO in Software10 days ago

Our customers are selectively using AI agents for niche use cases and majority are taking an augmented approach.

CISO in Software10 days ago

We still require human assisted actions.

CISO in Education16 days ago

AI tools have a certain error rate. Research your tool's range, and if you can afford those errors, go ahead. I generally check other non-AI tools as well, and if it matches, then I trust it.

Content you might like

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

Yes65%

No35%

Are you concerned about network security for your remote workers?

Not concerned at all8%

Slightly concerned49%

Moderately concerned26%

Significantly concerned14%

It’s our top priority1%

View Results

Have you used or evaluated any AI-driven SOC platforms? Do you think there are sufficient advantages to using an AI SOC analyst at this stage, or are you in ‘wait-and-see’ mode until solutions like this mature?

How are global companies typically structured when they have a global CISO and additional CISOs responsible for different regions? In these organizations, how are policies, approval processes, and compliance with local regulations managed across different regions?

How confident are you in letting AI agents take autonomous actions after a SIEM or XDR alert? Are you using them today? If not, what’s holding you back?

Sort by:

Content you might like

Do you have a person at your company specifically focused on payments (e.g., VP of Payments)?

Are you concerned about network security for your remote workers?

Have you used or evaluated any AI-driven SOC platforms? Do you think there are sufficient advantages to using an AI SOC analyst at this stage, or are you in ‘wait-and-see’ mode until solutions like this mature?

How are global companies typically structured when they have a global CISO and additional CISOs responsible for different regions? In these organizations, how are policies, approval processes, and compliance with local regulations managed across different regions?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Navigating the Future: The Evolution of GenAI in Legal

GenAI in Legal: Transformative Strategies and Challenges

Improving Software Developer Experience

CIOs and AI fears: What concerns do CIOs have about AI?

Take Your Insights On-the-Go