Skip to main content

Agentic SOC: hype or control? What AI Is really changing about your security

AI is now part of every board meeting, every vendor pitch, and every strategic discussion. If you're responsible for security in your organisation, you're feeling pressure from both sides: leadership wants to know what you're doing with AI, while you're focused on keeping your environment secure in a landscape that's becoming faster and more complex by the day.

23 June 2026

In the first episode of our podcast Beyond the Breach, Thomas Verwer, CEO & Founder of Nedscaper, sat down with two experts from the Microsoft ecosystem, Philip Hebly and Ronny de Jong, to discuss exactly that. This conversation didn't come out of nowhere. We've been working together within the Microsoft ecosystem for years, from our earliest projects through to our recent recognition as Microsoft Security Partner of the Year. That journey has reinforced one important lesson: security doesn't improve through more tools. It improves through better decisions about how technology is used.

This isn't a discussion about some distant future; it's a practical conversation about what's changing right now and what it means for your organisation.

 Listen to the full episode here.

 

Agentic SOC: already more reality than hype

The question on the table was straightforward: is an agentic SOC, where AI agents actively participate in security operations—just hype, or is it becoming reality?

The answer was remarkably consistent. For a large part, it's already reality. But only in the areas where it genuinely solves a problem.

One of the most practical examples isn't the most impressive-sounding. Large organizations often receive thousands of reports of suspicious emails every month, all of which need to be investigated. This is exactly the type of repetitive work where AI agents can add value today, not by replacing your team, but by creating capacity.

What we're seeing in practice is clear: organisations that start with targeted use cases are accelerating their operations. Organisations waiting for a fully autonomous AI solution are standing still.

What this means for you: don't view AI as a strategy in itself; view it as a solution to a specific operational challenge. The first benefits almost always come from eliminating repetitive, manual tasks that are currently consuming your team's time and attention.

 

Humans still need to stay in control

Automation can take over tasks, but it can't take over accountability.

Machines can identify anomalies faster and more consistently than humans in many situations, but the attacker who successfully compromises your organization is still a person. Someone who understands how your processes work and knows how to exploit them. That cat-and-mouse game cannot be fully automated.

This is where the difference between tooling and effective security becomes clear. Technology can identify signals and patterns, but someone still needs to determine whether they matter, assess the impact, and decide on the appropriate response.

That's why our approach focuses on combining technology with what we call the human touch: automation handles the heavy lifting, while analysts provide context, prioritisation, and accountability.

What this means for you: don't judge your security programme solely by its detection capabilities. Ask what happens next.  When does an alert become an escalation? Who gets called when something serious happens? And does that person truly understand the situation, or are they simply passing alerts along?

 

AI is also creating a new attack surface

There's another side to the AI conversation that receives less attention but deserves equal focus.

AI doesn't just strengthen your capabilities; it expands your attack surface. Historically, people decided which information to access and share. AI agents can now autonomously retrieve, combine, and use information. That creates new opportunities, but also new risks.

In practice, we're seeing organizations forced to confront a challenge they've often postponed for years: data governance. Where is sensitive information stored? Who has access to it? What happens when AI gains access to that information without the context a human would normally apply?

Questions like these suddenly become much more important. As a result, data classification and labeling, topics that rarely generate excitement, are becoming critical requirements for secure AI adoption.

What this means for you: if your data isn't under control, accelerating AI initiatives shouldn't be your next step. Start by establishing visibility and governance, then scale AI from a position of control.

 

Why a platform approach reduces complexity

One theme kept coming up throughout the conversation: complexity almost always leads to higher risk and higher cost.

Most organizations build their security environments incrementally. New tools are added to solve specific problems, and each decision makes sense at the time. Over the years, however, that often results in a fragmented security landscape that's difficult to manage and even harder to understand. Every integration creates a dependency. Every dependency creates another potential point of failure.

That's one of the reasons platform-based security approaches continue to gain momentum. Not because every individual component is necessarily the strongest standalone solution, but because an integrated platform provides better visibility, simpler management, and greater control.

For organizations already invested in Microsoft technologies, this is often a logical next step. Instead of layering new solutions on top of existing infrastructure, you're building on capabilities that are already part of your environment.

What this means for you: the question isn't simply which security tool is best; the question is whether your overall security ecosystem works effectively together. In many cases, the biggest security improvement doesn't come from adding something new. It comes from reducing complexity.

 

The Nedscaper perspective: practical, human, and Microsoft-first

We deliberately take a different approach than much of the cybersecurity market. Too often, security is sold through fear or promises that sound too good to be true.

The reality is that defending against cyber threats is rarely dramatic. It comes down to analysing data, connecting the dots, and making informed decisions. That's exactly why a practical approach works, one that builds on technology already in your environment and is supported by people who know what they're looking at.

That's why we believe in a practical approach built on technology organizations already use, supported by people who understand what they're seeing and how to respond. Our decision to focus entirely on the Microsoft platform is part of that approach, not because it's the easy option, but because it's scalable, aligns with existing investments, and provides a strong foundation for adopting innovations like AI in a controlled way.

Being named Microsoft Security Partner of the Year was an important milestone, but we don't see it as a finish line. We see it as validation that this approach works.

 

Final thoughts

AI is changing security from both sides. Attackers are becoming faster and more scalable. Defenders now have access to many of those same advantages.

The organizations that benefit the most won't necessarily be the ones deploying new AI tools the fastest. They'll be the organizations that have strong foundations, understand their risks, and make deliberate decisions about where AI adds value. Let AI handle repetitive work, keep humans in control, and make sure your data is in order before you accelerate. That's not hype; it's something you can start doing today.

In the first episode of Beyond the Breach, we explore these topics in greater depth through real-world examples and lessons we've learned alongside Microsoft over the years. We discuss what works, what doesn't, and the challenges organizations are facing right now.

 

Book a free security consultation

Want to understand what all of this means for your Microsoft environment and identify opportunities to strengthen your security today? Schedule a free security consultation with us. We'll help you understand where risk currently exists in your environment, where operational capacity is being lost, and how to gain greater control using the technologies you already own. No buzzwords. No generic roadmaps. Just a clear understanding of where you stand today and what steps make sense next.

Podcast Beyond the Breach

From Microsoft Partner to Security Partner of the Year

Listen to the first episode of Beyond the Breach for the full conversation on agentic security, platform-based thinking, and the role of AI in your security strategy.

Relevant posts