22 seconds: Thinking on a human scale is no longer enough
An agent-based SOC is not a project to be planned for the future. It is an immediate operational necessity, because a defense system that operates at human speed falls behind and can never catch up. Vincent Strubel, Director General of ANSSI, pointed out that our digital world was designed during a “30-year interlude of peace” that has now come to an end. Cyberspace is now a constant battleground, where state-sponsored actions, espionage, financial crime, and influence operations intermingle. Strubel even spoke publicly of a “defeat on the front of peripheral vulnerabilities.” Frontline agencies echo this sentiment. The Estonian agency refers to a “continuous pressure campaign” against NATO, consisting of DDoS attacks linked to sanctions, false bomb threats at hospitals, and influence operations. Finland traces the turning point to the invasion of Ukraine. The Netherlands highlights the most concrete reality: in a country where 30% of the territory lies below sea level, an attack on pumping systems could trigger a physical catastrophe. In response, ANSSI is relying on the ReCyF framework (in beta since March 2026), post-quantum preparedness, and the Cyber Resilience Act, which will require SBOMs to track software dependencies.
The State of the Threat: Industrialization at Breakneck Speed
- Phishing is no longer the primary attack vector. Mandiant demonstrated this at the FIC (M-Trends 2025, 500,000 hours of incident response, presentation by D. Grout / Google Cloud Security): less than 6% of compromises begin with traditional phishing. Attackers now favor infostealers—lightweight malware that steals credentials and resells them in 22 seconds, compared to 8 hours in 2022—as well as vishing. The typical scenario is well-known. The attacker purchases credentials, calls the help desk on a Friday evening, has their device re-enrolled, and thus bypasses MFA. The resulting data exfiltration amounts to several terabytes in just a few hours, sometimes without any ransomware involved.
- Disinformation completes the picture. The vast majority of deepfakes can no longer be detected with the naked eye; AI-generated audio now mimics emotions; and the “liar’s dividend”—which involves denying genuine evidence by attributing it to AI—reverses the burden of proof.
- Edge devices are the number one target. Firewalls, VPNs, and gateways are exploited within 24 to 48 hours after a CVE is published. Once the backdoor is installed in the firmware, applying the patch no longer makes a difference. The Finnish and Estonian agencies confirm this systematic targeting.
- Cybercrime is becoming industrialized. The Gendarmerie’s National Cyber Unit has identified four trends that are gaining momentum: massification, the separation of logistics from operations, off-the-shelf tools, and the blurring of lines between state actors, cybercriminals, and organized crime. The ecosystem is fragmented into specializations, ranging from access brokers to dropper developers to money launderers. Emotet has shown that neutralizing a single actor is not enough. Operation Endgame therefore targeted droppers on a “vertical” basis, rather than taking on entire groups.
IT/OT Convergence: A Broader Battleground
The idea of a protective air gap is a thing of the past. A ransomware attack (LockBit) targeting the IT systems of a healthcare company ended up shutting down the entire OT production system due to a lack of segmentation. The IT systems were back up and running within a few days, but the OT systems took several weeks to recover, on machines still running Windows XP. The Canadian Centre for Cybersecurity notes that attackers are now targeting physical disruption and strategic pre-positioning by hiding within native tools (Living off the Land). The underlying problem remains the fragmentation of detection silos, with IT tools on one side and rudimentary—or even nonexistent—OT monitoring on the other.
EDF Group’s CISO summarized at the FIC the three gaps that prevent a SOC from effectively protecting OT. The first is a time-related issue, since IT systems are updated every few months, whereas OT systems have a lifespan of 15 to 30 years. The second concerns responsibilities, as IT-related issues involve data breaches, while OT-related issues can have physical—and sometimes fatal—consequences. The third issue relates to authority, as a SOC analyst lacks the authority to shut down a production line. There is often a lack of an industrial CISO capable of translating cyber risk into business impact. The trade-off between security and availability must therefore be escalated to the Executive Committee, especially since NIS2 holds executives personally liable. The ReCyF framework, which remains technology-agnostic, allows for compensatory measures—precisely what constrained OT environments need.
Why the Current SOC Model Is No Longer Viable
All signs point in the same direction: a threat moving at breakneck speed, an expanded security perimeter at the OT, a SIEM business model that has become unsustainable with volumes rising 25 to 30% per year, and teams overwhelmed by alerts. The IBM Cost of a Data Breach 2025 report quantifies the contribution of AI. Organizations that make extensive use of AI in their SOCs save $1.9 million per incident and shorten the response cycle by 80 days, with the average time dropping to 241 days—its lowest level in nine years. At the same time, one in six incidents involves attackers who also rely on AI. Gartner anticipates that 40% of enterprise applications will incorporate AI agents by the end of 2026, up from less than 5% in early 2025, while warning that 40% of agent-based projects will be abandoned by the end of 2027 due to a lack of governance. The question remains: how to proceed, and in what order.
Agent-based SOC: Proven Maturity, Deployment Possible
- Multi-agent architectures are already in production. Two independent demonstrations proved this at the FIC. The first, presented by Google Cloud Security, had three agents working on a complete phishing case: triage, investigation—including querying threat intelligence via the MCP protocol—and then drafting a context-specific awareness message, all without human intervention for false positives. The second demonstration, RemedIAte (Thalès), went a step further, featuring natural-language queries of the SIEM via RAG, CTI enrichment linked to MITRE ATT&CK, the generation of Sigma and Yara rules from unstructured reports, and context-based prioritization of CVEs, with non-exploitable ones taking a back seat. The MCP protocol, designed by Anthropic and now an open standard, serves as the glue binding these architectures together and enables gradual and reversible integration.
- NDR provides the foundation. An agent-based SOC is only as good as the quality of the signals it receives. At the network level, an agent-based AI like Gatewatcher GAIA applies the same logic of triage, context analysis, investigation, and response recommendations, leaving the final decision to the analyst. Two factors are truly critical. First, integrated threat intelligence, featuring several million contextualized IOCs and automatic distribution of rules to the SIEM, EDR, XDR, and firewall via STIX/TAXII. Second, native coverage of IT, OT, and IoT environments, with dynamic dependency mapping. The entire solution is part of a sovereign European ecosystem (Open XDR Platform).
- The data pipeline needs to be rethought. The quickest win is to insert a qualification layer between the log sources and the SIEM. We normalize the data, enrich it with threat intelligence, filter out the noise (three-quarters of the content in a Windows 4624 event is useless), and route it based on use case—the hot SIEM for detection and cold storage for compliance. In practice, ingested volumes drop by 40 to 60 percent. For an organization that processes 500 GB per day—representing an annual ingestion cost of 300 to 600 K€—a 50 percent reduction translates to savings of 150 to 300 K€ per year, and the system pays for itself in just a few months.
- AI safety must come first. An agent-based roadmap that neglects model protection from the outset is bound to fail. Thalès demonstrated at the FIC that the success rate of an LLM escape drops from 75% to 14% once the proper safeguards are in place, following tests involving prompt injection, Base64 encoding, role-playing, and RAG poisoning. ANSSI is leading the SEPIA project (evaluation methods with CESTI) and contributing to two related national initiatives: INESIA (the AI Evaluation and Security Institute, led by the SGDSN) and the PANAME project (an open-source library for model privacy auditing, led by the CNIL). Shadow AI, on the other hand, is measurable. According to IBM (2025), 97% of organizations affected by an AI incident had no access controls and 63% had no governance policies, resulting in an average additional cost of $670,000 per incident. The AI Act is already in effect, but its harmonized standards will not be in place until the end of 2027. It is therefore best to implement basic governance measures without delay: an inventory of uses, an access policy, blocking controls, and alignment with the OWASP Top 10 LLM.
Self-positioning grid
The goal is not to reach Level 4 across the board, but to identify the most critical gaps in four key areas.
Axis | Level 1: Reactive | Level 2: Structured | Level 3: Increased | Level 4: Agent-based |
Detection | Static rules, no prioritization | Standardized pipeline, CTI enrichment, SIEM correlation | AI-refined rules, CVE prioritization, fewer false positives | Autonomous agents, continuous hunting, automatic timelines |
Answer | Manual triage, no playbook | SOAR Playbooks, MTTD/MTTR Tracking | Clôture auto des faux positifs, rapports IA, MTTD < 1h | Orchestrated multi-agents, true-positive analyst, traceable decisions |
OT | No OT supervision | Mapping process initiated, Purdue model, person in charge identified | Unified IT/OT NDR, risk translated into business impact, BISO in place | Converged SOC, Comex Arbitrage, NIS2 OT Compliance |
Gov. AI | No policy, unmapped practices | Shadow AI Inventory, Access Policy Published | AI red teaming, OWASP Top 10 LLM, scheduled audits | AI Security in CI/CD, AI Act Compliance, Human-Machine Governance |
The Next Walk
This return to the FIC begins at 22 seconds and leads to agent-based architectures that have already been proven in production. Progress is made in stages, with each stage paving the way for the next. An audit of the service provider’s AI posture establishes the contractual framework. Human-machine governance and a well-structured IT infrastructure are key to the pilot’s success. The agent-based pilot, conducted within a controlled environment, demonstrates its value. Scaling up occurs only afterward, once the model has been validated. The IT/OT project moves forward at its own pace, dictated by industrial cycles and internal buy-in.
One scene from the FIC sums up the issue well. The deputy CISO of the Dutch Ministry of Infrastructure and Water explained, very calmly, that in a country where 30% of the territory lies below sea level, a cyberattack on pumping systems is by no means a science-fiction scenario but poses a real risk of physical disaster. The agent-based SOC is operational: the FIC demos proved it. But Gartner warns that 40% of agent-based projects will be abandoned by the end of 2027—not due to a lack of technology, but due to a lack of governance. This is not a minor distinction: it is precisely what sets apart those who will succeed in this transformation from those who merely collect tools. Integrating AI into the SOC changes the operational model—not just the tools.
