Agentic AI and the next evolution of AI-native SOC
2025.12.04
1st part of our blog series on the lessons learned from the Palo Alto Networks EMEA Tech Summit
At this year’s Palo Alto Networks EMEA Tech Summit in Barcelona, the company communicated one dominant message: cybersecurity operations are entering the era of Agentic AI—autonomous, decision-making AI systems capable of running key SOC processes without human input.
This shift aligns strongly with the direction of our own InfoSec division initiatives, especially in building AI-supported analyst workflows, automated context creation, and real-time correlation across complex environments.
From AI Assistance to Agentic AI
Palo Alto emphasized that the future of SOC is no longer about AI “helping” analysts—it is about AI acting as an independent security agent.
Agentic AI systems can:
- interpret alerts and events on their own,
- follow and map full attack chains,
- make decisions without predefined playbooks,
- automatically execute actions such as isolating endpoints, blocking users, or adjusting network rules.
What Agentic AI actually does in practice
- automated isolation of affected endpoints
- immediate blocking of the impacted user’s access
- on-the-fly adjustment of network rules
- full incident handling carried out without human involvement
This vision is materializing through Cortex XSIAM and the XDR engine, now redesigned as AI-native platforms from version 3.0 onward.
Agentic SIEM: A New SOC Model
One of the Summit’s strongest claims was that traditional log-centric SIEM platforms may become obsolete within five years. Palo Alto’s roadmap for XSIAM 3.0 focuses on three pillars:
1) AI-native execution: offloading tasks from humans to AI wherever speed and precision matter.
2) Unified data model: continuous correlation of network, endpoint, identity, cloud, and application data into a single context.
3) End-to-end automation: detection, classification, prioritization, and remediation handled with minimal human intervention.
The Autonomous SOC Vision
The long-term picture presented is an SOC where:
- AI manages operations autonomously,
- analysts handle only the highest-risk escalations,
- visibility covers the entire attack surface in real time,
- defense workflows can run without human involvement.
Such a system is faster, more consistent, and capable of processing far more data than any traditional SOC team.
Palo Alto’s direction strongly mirrors broader industry trends—and closely resonates with our own development path for AI-driven SOC capabilities.
This article is the first part of a multi-section series. The next installment will cover Cortex Cloud and emerging “code-to-cloud-to-SOC” automation models.
Read the full article on our International subsidiary’s website by clicking on the logo:
