AI adoption in SOCs cuts alert fatigue but integration lags

A report produced by Gurucul and Cybersecurity Insiders has revealed that the adoption of artificial intelligence within Security Operations Centres is delivering measurable improvements in investigation times and alert management while highlighting ongoing challenges with integration and operational use.

The 2025 Pulse of the AI SOC report surveyed 739 cybersecurity leaders globally and provides an overview of how AI is being adopted in SOC environments, alongside the persisting difficulties faced by security teams amid evolving threats and operational pressures.

Identity and alert concerns

The report found that identity and human risk are at the forefront of concern for security leaders, with 78% ranking social engineering and phishing as the most significant threat, and 73% highlighting identity-based attacks as a priority. Despite this, 67% of respondents stated that they lack adequate visibility into user access behaviour and lateral movement, undermining incident detection capabilities.

Alert volume has also continued to rise, with 88% of those surveyed reporting an increase in the past year, and nearly half experiencing spikes of over 25%. High alert volumes are contributing to alert fatigue for 76% of SOCs, according to the survey results.

Workforce pressures and manual processes

Human capital remains strained, with 73% of respondents reporting analyst burnout and staffing shortages. The reliance on manual detection, triage and investigation remains pronounced, as 64% indicated they still largely use manual processes for these crucial activities.

AI adoption and its impact

The survey indicates that adoption of AI-powered SOC tools is increasing rapidly, with 87% deploying, piloting or evaluating such solutions. However, only 31% are currently using AI technology across core detection and response workflows, pointing to a gap between adoption initiatives and full implementation.

Where AI tools are operationalised, they are providing tangible benefits. The report found that 60% of adopters have reduced investigation times by at least 25%. Additionally, SOCs are reporting faster triage of threats and a reduction in analyst fatigue as a result of automation and AI assistance.

CISO priorities appear to align closely with the capabilities provided by AI integrations. The report states that 72% are making faster investigations a top priority, 65% are aiming to reduce alert noise, and 61% are investing in increased automation for their operations.

Industry perspectives

Holger Schulze, Founder and CEO of Cybersecurity Insiders, said: "AI-powered SOCs are no longer just theory; they're cutting investigation times, reducing false positives, and lowering analyst burnout. Leaders are unifying identity and behavioral analytics as a force multiplier, turning fragmented data into decisions in seconds and getting ahead of threats instead of chasing them."

Saryu Nayyar, CEO of Gurucul, said: "The findings confirm what we see every day with our customers: SOCs are overwhelmed by the scale, speed and sophistication of modern threats, and AI has moved from hype to a proven catalyst for growth. But adoption must be strategic. AI in the SOC delivers real, measurable results when it's integrated deeply into detection, investigation, and response workflows, not just bolted onto existing tools."

The report summarises that whilst adoption of AI in SOC environments is increasing and delivering benefits such as faster incident investigation and reduced alert fatigue, there is a recognised need for more comprehensive integration and operational use to address the ongoing challenges faced by security teams.