The 365× Gap Between Agentic AI and Reality: 95% of Security Centers Cannot Deploy It

AI article illustration for ai-jarvis.eu
Agentic artificial intelligence could speed up work in security centers up to 365 times. However, according to a new study by MSSP Security Consulting, 95% of security operations centers (SOCs) worldwide are unable to deploy it. The problem isn't money or a lack of technology — the biggest obstacle is the total unpreparedness of people, processes, and infrastructure for automation that would escape human control.

Listen to this article:

What the 365× gap means in numbers

The MSSP Security Consulting report, published at the end of May 2026, analyzed the state of agentic AI automation in more than 500 security operations centers — from small corporate SOCs to large managed security service providers (MSSPs). The conclusion is alarming: the gap between what agentic AI can offer and what SOCs can actually deploy is 365-fold.

In other words: the potential is enormous, the reality is negligible. Agentic AI systems — autonomous security agents that detect threats, investigate incidents, and perform remediation without human intervention — could reduce incident response time from hours to seconds. Yet only 5% of SOCs worldwide today have at least the basic conditions for their deployment.

Why so many centers fail

The study identifies four main barriers:

  • Tool fragmentation: A typical SOC uses 20–50 different security tools that don't communicate with each other. Agentic AI, however, needs a unified data environment to function.
  • Lack of trust: Security teams are afraid to let AI "off the leash." Automated remediation without human oversight is unacceptable for most organizations — and that is the very essence of agentic AI.
  • Talent shortage: People who could design, deploy, and manage agentic security systems are extremely rare. There is an estimated global shortage of 4 million cybersecurity professionals.
  • Regulatory uncertainty: Especially in Europe, GDPR and AI Act concerns are slowing the deployment of fully autonomous security systems. Who bears responsibility when an AI agent makes a wrong decision?

Attackers already use AI. Defenders fell behind

The situation is worsened by the fact that cybercriminals are not waiting. This year, Google Threat Intelligence Group confirmed the first zero-day vulnerability discovered using artificial intelligence, which criminal actors subsequently used to prepare a massive exploitation campaign. Attackers abuse advanced language models to find weaknesses in software at speeds that human teams cannot match.

"The current model of security operations is no longer viable given today's volume and speed of attacks," says Tom Findling, CEO of the startup Conifers AI, which today announced the launch of the world's first end-to-end agentic SOC. "Every function within the SOC must become agentic and collaborate as one coordinated system."

Conifers AI and the first agentic SOC in practice

Conifers, a startup backed by SYN Ventures and PICUS Capital, today (May 26, 2026) introduced the CognitiveSOC™ platform — the first unified agentic AI system that covers the entire lifecycle of security operations: from threat hunting through detection engineering to automated remediation. The platform integrates with more than 60 existing tools (EDR, identity, cloud, email, ITSM) and can be deployed in 2–4 hours.

The key difference from previous solutions: Conifers doesn't aim to replace existing tools but to connect them through an "agentic fabric," which allows individual security functions to communicate in real time. And crucially — every action of the AI agent is transparent, with an auditable decision chain. Organizations set their own rules for what AI can and cannot do, and autonomy expands gradually as trust grows.

What this means for Czech companies

For Czech organizations, the topic of agentic AI in cybersecurity is exceptionally timely. The Czech National Bank launched its own AI center built on NVIDIA chips this year, intended to assist with supervision of the financial sector. This signals that even Czech institutions take AI in security seriously.

But the reality in ordinary Czech companies aligns more with the 95% unprepared group in the MSSP Security Consulting report. Most Czech SOCs, if they exist at all, operate on the "person at the screen" model — security analysts manually go through alerts, switch between consoles, and resolve incidents through trial and error. Automation ends with basic playbooks in SOAR tools.

The EU AI Act further adds another layer of complexity — "high-risk" AI systems, among which autonomous security agents could fall, require human oversight and detailed documentation. Which is in direct contradiction to the philosophy of agentic AI.

How much it costs and where to start

MSSP Security Consulting in its report recommends a gradual approach: not to start by attempting a fully autonomous SOC, but to deploy agentic elements progressively into individual functions — for example, starting with automatic alert classification (triage), then adding automated investigation, and only finally moving to automated remediation.

In terms of pricing, platforms like Conifers operate on a subscription model based on organization size — for a mid-sized MSSP, this typically means tens of thousands of dollars per month. For smaller Czech companies, the path is rather through managed service providers (MSSPs) who invest in agentic AI centrally and offer it as part of a package — similar to how they offer SIEM or EDR as a service today.

What exactly does "agentic AI" mean in the context of cybersecurity?

Agentic AI refers to artificial intelligence systems that not only analyze data and suggest solutions, but plan steps, make decisions, and execute actions on their own — for example, block a suspicious IP address, isolate an infected machine, or launch a detailed forensic investigation. Unlike chatbots that merely answer queries, agentic AI acts. In a SOC environment, this means autonomous agents that hunt for threats 24/7, investigate them, and intervene immediately when necessary.

Why is the gap 365× and not, say, 100×? How is it calculated?

The 365× figure comes from comparing the theoretical throughput of agentic AI (how many incidents it could process per unit of time) and the current real throughput of an average SOC, which is limited by human analysts. A typical security analyst handles 10–20 alerts per hour. Agentic AI can analyze thousands — hence the multiplier. The study also takes into account response speed, false positive rates, and the ability to proactively hunt for threats.

Does agentic AI in a SOC make sense even for small Czech companies with fewer than 50 employees?

For small companies, it makes no sense to build their own agentic SOC — the costs would be disproportionate. The solution is outsourcing to an MSSP provider that uses agentic AI for multiple customers at once, spreading the costs. In the Czech Republic, the first managed security service providers are already experimenting with agentic AI, albeit to a limited extent. For a smaller company, the key is to choose an MSSP that invests in modern technology and can guarantee faster incident response than competitors relying solely on human teams.

Add AI Jarvis as a preferred source on Google
X

Don't miss out!

Subscribe for the latest news and updates.