Security teams have heard similar promises before. Automation was going to fix the SOC. Then SOAR. Then ML. Then copilots. Now agentic AI.
Some of those helped. SOAR made repeatable work faster. ML improved detection and scoring. Copilots made analysts more productive. None of that should be dismissed.
But alert triage is still broken.
The reason is simple: those earlier systems could execute logic, but they could not think during the investigation.
They could follow instructions. They could apply rules. They could run enrichment. They could open tickets. They could summarize information a human had already found.
But when the investigation required new context, a judgment call, or a pivot, the intelligence still lived somewhere else. In the analyst’s head. In a rule someone wrote months earlier. In a playbook for something someone had already anticipated.
Agentic triage changes the workflow because the reasoning can now happen inside the investigation. AI can gather context, call tools, reason over evidence, decide what else to check, and adapt as the investigation unfolds.
That is the shift: intelligence moves from outside the workflow into the investigation itself.
The old model worked when the path was known
SOAR and playbooks work when the next step is predictable: pull this field, run this enrichment, check this reputation source, open this ticket.
But real investigations do not always work that way. The next step often depends on what you just found. A login looks suspicious only after you check the user’s history. A command-line alert looks noisy until one parameter changes the meaning. A benign-looking alert becomes interesting when you connect it to a recent phishing event, an unusual device, or a new process tree.
A static playbook has to pre-commit to the path. Real investigation depends on what you find next.
Earlier ML had a different limitation. It could score. It could classify. It could detect patterns. But it usually did not run the investigation. It could point to a signal, but it did not gather evidence, explain what mattered, and decide what to check next.
Copilots improved the analyst experience, but the human still had to drive. The copilot could help answer questions. It did not own the workflow.
Older automation was basically: think, act, stop.
Agentic triage is closer to: think, act, look again, act again.
That loop is where the investigation gets better.
Runtime intelligence is the change
A playbook follows the path someone wrote. Agentic triage can change the path when the evidence changes.
Three things had to come together for this to work.
First, the models got better at reasoning. They are not perfect, and they still need the right guardrails, but they are much better at connecting evidence, interpreting commands, and working through ambiguous signals.
Second, agents can use tools. They are not limited to what the model already knows. They can query connected systems, pull enterprise context, inspect evidence, and keep going.
Third, context engineering has become practical. Instead of hard-coding every branch or fine-tuning for every scenario, the system can bring the right context into the investigation at the right moment.
Together, those changes put intelligence inside the investigation loop.
The agent is not there to read an alert and write a nicer summary. It can ask: What else do I need to know? What data is missing? What would change the conclusion? Which system should I query next?
The old model needed someone to anticipate the investigation. The agent can discover the path as it investigates.
The knowledge barrier has changed
A lot of security judgment has always lived in the heads of experienced analysts.
A good analyst remembers strange command parameters. They know which parameters matter. They have seen enough attacks to recognize when something smells wrong. They understand when a signal is noise and when it deserves another look.
The problem is that most teams do not have enough of those people. And even when they do, they cannot apply that level of attention to every alert.
Modern models change the economics of that knowledge.
The kind of security knowledge that used to take years of experience to develop is now far more accessible through models and APIs. The model does not know everything. It will still make mistakes. But the investigation can now bring far more security knowledge to bear than most teams could realistically staff for every alert.
That is the practical version of thousands of analysts’ worth of knowledge available through an API.
Not perfect, but different enough to matter.
A ClickFix example makes this concrete
In one investigation, our AI analyst Darryl saw a partial PowerShell command and connected its parameters to ClickFix-style attack behavior. It did not know everything. It combined what was in the alert with broader security knowledge, investigation context, and follow-up checks.
A static playbook would have parsed the PowerShell command, extracted a few fields, checked reputation, and followed a predefined enrichment path. A human analyst might have recognized the pattern if they had seen it before. A very experienced analyst might have noticed that one parameter changes the meaning of the command.
But what happens when the analyst has not seen that exact pattern? Or when they have 150 other alerts waiting? Or when the PowerShell command is partial and the context is incomplete?
This is where agentic triage gets interesting. Darryl drew a connection between evidence and attack pattern – and had the ability to use that connection to guide the next step in the investigation.
That is much closer to what a good human analyst does.
It is also exactly the kind of long-tail knowledge most teams cannot depend on every analyst remembering, every time, under alert pressure.
Is AI “good enough?” It depends on the benchmark
Some will say “AI triage works,” and skeptics will say, “It will not beat my best analyst.”
Maybe not. At least not on every investigation. But that is the wrong benchmark.
Only a tiny fraction of organizations can afford the kind of elite analyst who can deeply investigate every alert and outsmart modern attacks across every domain. Most cannot. Most teams are dealing with alert volume, tool sprawl, shallow escalations, delayed investigation, and a constant tradeoff between speed and depth.
For those teams, the useful comparison is AI against the realistic alternative: a lean security team overwhelmed by too many alerts, not enough analyst hours, and no practical way to deeply investigate everything manually.
Then you end up with a rushed first pass, a static playbook, an MDR ticket with too little reasoning, or an alert that never gets investigated deeply at all.
Good enough means the system can handle a meaningful portion of high-volume investigation work deeply enough, quickly enough, and transparently enough to be tested against real analyst workflows.
Human accountability is the operating model
A great chef does not cook every dish. But they sample enough to know whether the kitchen is producing quality.
SOC leaders already understand this.
They do not give a new analyst unlimited trust on day one. They review the work. They inspect the conclusions. They ask what evidence was used. They correct mistakes. They train the person over time.
Agentic triage does not remove human accountability. It changes where humans add value.
AI should do the investigation work it can handle at scale. Humans should provide QA, context, judgment, and accountability.
Everything breaks eventually. AI models drift. Integrations fail. Every IT environment is different. Business context matters. Response actions carry risk. Someone has to verify investigation quality before the organization can rely on it.
AI analysts should earn trust the same way human analysts do.
Humans review the work. Question the conclusion. Inspect the evidence. Look at what was missing. Feed corrections back into the system.
Trust, but verify.
Why skeptical teams should care
Today, many analysts spend too much time reviewing large volumes of alerts to find the few that matter. That is a bad use of scarce human judgment.
If agentic triage has crossed a practical quality threshold, security teams can rethink what deserves manual attention.
Let the AI agent investigate at scale, gather context, produce a case, explain the reasoning, and escalate the few alerts that need human attention.
More alerts can get investigated deeply. Analysts can spend less time on first-pass triage. Escalations can bring more evidence. The team can get a more consistent baseline investigation. Leaders can evaluate the work by inspecting the case, evidence, and reasoning.
Why did you classify this as suspicious? What data did you use? What was missing? What would have changed the conclusion?
If the system cannot answer those questions, it has not earned trust.
Take the ride
Reading about autonomous driving is not the same as sitting in a Waymo.
Before you take a ride in a self-driving car, claims sound like claims. After you take your first ride, the questions change. You stop debating autonomy in the abstract and start judging the experience.
Did it work? Did it handle the road? Did it make safe decisions? Would I do it again?
Agentic triage needs the same moment.
Is the investigation output good enough to trust?
FAST from AirMDR lets security teams test that directly. Run an investigation. Inspect the evidence. Question the reasoning. Compare it to the alerts your team does not have time to investigate manually.
Do not believe another claim.
Look at the work.
Try FAST
