Fast Answers, New Problems with AI in the SOC

securonix logo
Securonix
Mar 26, 2026
Securonix

AI is moving into security operations fast, but the gap between a strong demo and something you can trust in production is still bigger than most teams want to admit. That gap is where risk starts. Eddie frames that early by pushing back on the idea that AI is about reducing headcount and arguing that the teams getting the most value are using it to amplify their best people instead.

In this episode of Breach Ready Radio, I sit down with Eddie Kim, Principal Advisor in AI Modern Data Strategy at AWS, for a practical conversation about what it really takes to make AI useful inside security teams. We get into the difference between an assistant and an agent, why trust changes the moment a system can take action, and why clear boundaries, logging, limits, and auditability are the real bar for live environments.

We also dig into what breaks as organizations move from one agent to many. Specialization is powerful, but coordination, explainability, governance, and failure handling all get harder in a mesh environment. Eddie walks through why production readiness is not just about model quality. It is about infrastructure, observability, session handling, tool connectivity, and knowing how the system behaves over time at scale.

The conversation gets especially practical when we talk about what leaders should actually measure. Not agent counts. Not token spend. Outcomes. Faster response times. Fewer false positives. More incidents closed with the same team. Less burnout. Better work. That is the difference between real value and an expensive demo.

We close on the leadership challenge. Security teams cannot afford to show up late. Eddie makes the case for partnering early with the business, reading past the marketing speak, and asking harder questions before trusting any vendor claim. If you are sorting through AI promises in the SOC right now, this episode will give you a better lens on what matters and what to push on.

Timestamps

0:00 Intro and Eddie’s background

0:47 From Microsoft and Oracle to AWS

4:17 The biggest thing people get wrong about AI

8:14 Assistant vs agent

10:12 What has to be true before an agent is safe

12:03 Strands, Agent Core, and production readiness

13:33 What changes when one agent becomes many

17:01 What is exciting and risky about agent meshes

19:14 What leaders should actually measure

21:16 Advice for security leaders and how to cut through the hype

22:59 AWS, Securonix, and closing thoughts

#Cybersecurity #SecurityOperations #SecOps #AI #BreachReadyRadio #Securonix #BreachReady #AWS #Podcast

Copyright © 2026 OpsMatters™. All rights reserved.