Prophet Security Report Highlights Urgent Need for AI in SOCs

The 2025 State of AI in Security Operations report reveals how automation is shifting the SOC from repetitive alert triage to higher-value investigations and strategic defense.
Sept. 10, 2025
4 min read
valentinrussanov / E+ via Getty Images
Security analysts face mounting alert volumes and rising fatigue, underscoring the urgent need for AI-driven tools to accelerate investigations and strengthen SOC effectiveness.
Security analysts face mounting alert volumes and rising fatigue, underscoring the urgent need for AI-driven tools to accelerate investigations and strengthen SOC effectiveness.

Security Operations Centers (SOCs) are facing unprecedented strain. The newly released State of AI in Security Operations 2025 report from Prophet Security highlights an industry under siege by data overload, talent shortages and an escalating “alert problem.”

The survey of nearly 300 security leaders found that 40% of alerts go uninvestigated and 60% of teams have experienced breaches tied to ignored alerts. With average alert dwell time hovering near an hour, traditional approaches are faltering against increasingly agile adversaries.

Against this backdrop, Grant Oviatt, Co-founder and Head of Security Operations at Prophet Security, discussed the report’s findings with SecurityInfoWatch and what they mean for security teams.

Alert fatigue and analyst burnout

Oviatt emphasized the toll alert overload is taking on SOC teams. Analysts are often trapped in a cycle of triaging and investigating repetitive alerts, most of which are false positives. “SOC team members morale is at an all time low, many analysts feel like they’re a hamster on a wheel constantly triaging, investigating alerts, many of them false positives, which leads to burnout and attrition,” he said.

The average analyst tenure, once two years, has now dropped to just 12 months.

He sees artificial intelligence (AI) as a critical turning point. Instead of analysts spending hours on low-value tasks, AI can take on the scale and speed of investigations. “The analyst’s role is not to echo the machine, but to guide and challenge it,” Oviatt explained.

He added that AI serves as a force multiplier, investigating at scale, surfacing hidden patterns and accelerating response. Analysts contribute the judgment, contextual awareness and adversarial mindset that machines lack.

“Together, this partnership elevates investigations from quick pattern matching to meaningful, outcome-driven security decisions,” he said.

Balancing compliance and AI adoption

One of the report’s more surprising findings is that data privacy and regulatory compliance, not job loss fears, are the biggest barriers to AI adoption in the SOC. Oviatt echoed this, stressing that transparency and trust must come first.

“Security teams should look for solutions that are transparent, providing clear reasoning for the investigations they perform and clear logs for auditability,” he advised. Starting with read-only access and gradually expanding permissions as confidence grows can help teams build trust. Enforcing governance controls around data residency, anonymization, and retention is equally important. Keeping humans in the loop for high-impact decisions ensures compliance without sacrificing efficiency, he said.

Measuring ROI to gain executive buy-in

For many security leaders, demonstrating ROI is critical to sustaining investment in AI-enabled SOC tools. Oviatt pointed to tangible KPIs that resonate at both the technical and business levels: mean time to triage an alert, backlog size, percentage of alerts investigated, analyst throughput per shift, and false positive rates.

“Security leaders should communicate results in terms that fellow executives understand: reduced risk of breach, faster recovery, and reclaimed analyst capacity or hours saved,” Oviatt said. This translation from metrics to business outcomes is essential for ongoing executive support.

6 Key Takeaways From the Survey

The following six takeaways from Prophet Security’s 2025 survey capture the most pressing challenges SOC teams face and the emerging role of AI in addressing them.

  • Alert overload: Large enterprises face an average of 3,181 alerts per day, while organizations overall average 960 alerts. Nearly 40% of alerts go uninvestigated, creating significant risk exposure.

  • Fatigue and dwell time: Average alert dwell time is 56 minutes — long enough for attackers to exploit vulnerabilities. Overwhelmed SOC teams face morale issues, burnout, and higher turnover.

  • AI as a priority: AI for Security is now a top-three priority for security leaders, alongside data and cloud security. About one-third of organizations are already implementing AI-driven SOC solutions.

  • Adoption barriers: The top obstacle to AI adoption is data privacy and regulatory compliance (24%), followed by integration complexity. Concerns about AI accuracy or job loss ranked relatively low.

  • Trust in AI: Security leaders are increasingly confident in AI’s ability to triage alerts and surface patterns, with many already using AI for investigations.

  • Looking ahead: Within three years, AI is expected to handle ~60% of SOC workloads, making AI-augmented operations a strategic necessity.

Preparing the future SOC workforce

Looking ahead, the Prophet report predicts that AI will handle roughly 60% of SOC workloads within three years. Oviatt believes this will fundamentally reshape the workforce.

“As AI assumes the role of an augmented workforce handling the repetitive and high-volume tasks, the human role in SOCs will evolve,” he said. Analysts will be expected to focus on threat hunting, complex investigations and strategic risk management. These are areas where human context and creativity remain irreplaceable, according to the report.

This shift reframes workforce strategy from “alert triage” to “threat strategy,” with AI as a force multiplier rather than a replacement. For junior analysts, AI can accelerate development into higher-impact roles. For senior analysts, it creates space for deeper, long-term investigations.

A strategic imperative

The State of AI in Security Operations 2025 report frames AI adoption not as a passing trend but as a strategic imperative. With alert fatigue worsening and breaches tied to ignored signals, security leaders face a pressing choice: either adapt their SOCs with AI augmentation or risk falling further behind attackers.

“As AI assumes the role of an augmented workforce handling the repetitive and high-volume tasks, the human role in SOCs will evolve,” Oviatt said. “Analysts should be upskilled to focus on threat hunting, complex investigations, and strategic risk management — areas where judgment, context, and creativity are essential.”

About the Author

Email

Rodney Bosch

Editor-in-Chief/SecurityInfoWatch.com

Rodney Bosch is the Editor-in-Chief of SecurityInfoWatch.com. He has covered the security industry since 2006 for multiple major security publications. Reach him at [email protected].

Sign up for SecurityInfoWatch Newsletters
Get the latest news and updates.

Related

UltraViolet Cyber Acquires Black Duck’s Application Security Testing Services
Even Security Leaders Are Breaking AI Rules: CalypsoAI Report
Streamlined, Open Design for Superior Security Screening
Sponsored
The technology behind the R&S®QPS
Sponsored

Voice Your Opinion!

To join the conversation, and become an exclusive member of SecurityInfoWatch, create an account today!