Subscribe to get the latest updates and resources
Agentic SOC. Human-in-the-loop. Domain-specific AI models. There is no shortage of new buzzwords in the market right now. The reality, though, is that the industry is still learning what these models look like in practice and what the best approach will be over time.
What matters most is not the label, but how AI is being used today to improve outcomes for partners and their customers.
At Cynet, AI in security operations is not a future concept or a market narrative. It is something we have been building, applying, and refining for years. We have invested not only in the underlying AI technology, but also in the operational model around it: how AI supports analysts, how analysts improve AI, and how both work together to drive better security outcomes.
In this post, we’ll share a practical model for modern security operations where AI reduces the operational burden, analysts focus on the threats that require judgment and expertise, and the feedback loop creates the speed and consistency needed to keep up with a constantly changing threat landscape.
CyOps is Cynet’s 24×7 team of cybersecurity experts. By leveraging CyAI, Cynet’s proprietary AI detection engine, CyOps helps protect environments by combining automation, analyst expertise, and continuous operational feedback.
Much of this is the work of our Data Science team, led by Timea Kovacs, who architected and built the AI components powering CyOps. As she describes it: “My team is advancing Cynet’s agentic AI track by integrating the platform, human operations, and AI, building new and upcoming components that put the workflow on ‘steroids.’”
This model is important because AI is not being used here as a bolt-on feature. It is part of how the operation works. CyAI automatically detects and remediates the majority of threats, reducing the burden on analysts and allowing them to focus on more sophisticated threats, deeper investigations, and high-confidence alerts that require expert review. Both analysts and automated inputs improve the entire system over time.
Contrary to the headlines, the goal is not to replace the analyst with AI. Instead, we’re allowing skilled defenders to spend less time on repetitive work and more time where they can create the most value today and as new threats emerge.
CyOps has handled tens of thousands of attacks with a combination of humans and AI. We’ve distilled it all into a model with three connected layers: Volume, Value, and Velocity.
These are how AI and analysts work together in real environments every day, not abstract ideas.
The first job of AI in security operations is to reduce volume.
Modern security teams are dealing with constant alert noise, large amounts of telemetry, growing attack surfaces, and an increasingly compressed response window. This matters even more now because threat actors are using AI to accelerate every stage of their operations. It helps them move faster, experiment more broadly, and create more opportunities to gain access. As attackers apply AI across the attack lifecycle, defenders must do the same.
We’re seeing this play out in real time with AI models like Anthropic’s Mythos Preview and GPT-5.4-Cyber, capable of discovering and exploiting vulnerabilities faster than any human can patch (my colleague MacKenzie Brown wrote more about this on LinkedIn).
That is why heuristic and AI-driven detections are so critical. They allow us to identify suspicious or malicious activity based on behavior, not only on known indicators such as hashes or previously cataloged threats. In practice, this means we can detect exploit activity even before it is tied to a specific CVE, because we are focused on what the activity is doing, not just whether it matches something already named.
This is where CyAI plays a central role. It automatically handles most of the repetitive detection and remediation work, including alert summaries, automated triage of alerts, and correlation with other suspicious activities to visualize attack paths and reduce false positives. It also decrypts and analyzes malicious payloads, significantly reducing the burden on human analysts. By doing so, it allows CyOps to focus on the threats that are more complex, more ambiguous, or more impactful.
The second role of AI is to increase value.
Reducing alert volume matters, but it is not enough on its own. AI should also help both partners and analysts understand incidents more quickly and respond more effectively across thousands of customers.
At Cynet, AI goes beyond summaries to recommended response. Today, CyAI remediates 90% of threats automatically and provides step-by-step remediation playbooks based on years of CyOps investigations and platform telemetry. Both make incidents easier to understand and help partners get faster clarity on what happened and what needs attention.
Inside CyOps, the impact is even broader. AI helps analysts understand alerts faster, organize information more effectively, and investigate with better context. It also helps them with threat hunting and finding attacks that would take hours manually. That’s how they deliver more precise recommendations and move more confidently from detection to response.
DFIR investigations are a good example. When analysts need to work through large volumes of data, AI helps digest that information much faster, reducing time to resolution and allowing the team to stay focused on the evidence, relationships, and actions that matter most.
Cybersecurity is one of the industries that benefits from AI because it amplifies the value of human expertise. AI can summarize, correlate, surface patterns, and accelerate understanding. But it is CyOps analysts who bring attacker mindset, operational context, and judgment to the final investigation and response.
Our analysts regularly analyze emerging threats and feed those insights back into future detections and shared intelligence for the wider community. That is why the strongest model is not AI instead of humans, but AI making experienced humans more effective.
The third layer is velocity.
Velocity is what happens when humans and AI make each other better over time. CyAI improves as it collects and analyzes more real-world activity at scale. CyOps improves as AI helps analysts move through alerts and investigations with more speed and context. And the feedback from those investigations helps reinforce future detections and recommendations.
CyAI uses multiple feedback mechanisms to learn on its own. It takes first-layer detections, examines them more closely, automatically flags possible false positives, and uses that feedback to retrain the system every day. It also collects new data to adapt to real-world threats.
Recently, we launched CyOps Recommendations, which allows analysts to validate, refine, and enrich AI-generated alert insights. These updates sync across the Cynet console and notification emails, and automatically feed back into future detection and response. The result is a system that learns not only from what it sees, but from how experienced defenders interpret it.
That feedback loop is what drives real velocity. AI helps analysts work faster with greater clarity. Analysts, in turn, help make AI more effective by contributing investigation outcomes, threat analysis, and operational insights. Both make defenders faster today and better over time.
The reality is that things are changing quickly with new models, new terminology, and new expectations. It is impossible to predict exactly what the future of AI in security operations will look like.
What matters is being ready to adapt in a way that is practical, intelligent, and grounded in real value.
That readiness does not come from following the latest buzzword. It comes from years of working with AI in real operations, building the systems and procedures needed to implement it effectively, and learning where it creates meaningful value and where human expertise remains essential.
That is the position Cynet is in today.
We have been using AI in security operations for years, and we will continue to do so in ways that protect partners and their customers, enable analysts to work more effectively, and help us stay ahead of the threat landscape. The Volume, Value, Velocity model wins because it improves security outcomes today, while evolving our approach along with the technology, adversary, and market tomorrow.
That’s the “flywheel” or “force multiplier” every partner on the front line deserves.
Search results for:
