Autonomous Security Is Real
RSAC panels signaled a move from monitoring to closed‑loop, autonomous security operations that detect and remediate threats in real time, with humans kept in the loop for high‑impact actions—a shift that could shorten dwell time but reshape SOC roles. The same discussions warned this automation will hollow out many entry-level positions, creating a future talent pipeline problem. (youtube.com)
Booz Allen used its RSAC 2026 stage to unveil Vellox, a five‑product "agentic" cybersecurity suite positioned to remediate and respond at machine speed, citing 2025 breakout times as part of its launch rationale. (openclawai.io) Splunk announced Detection Studio (GA where available) plus Federated Search to operationalize an "Agentic SOC" workflow that automates detection validation, triage, and remediation orchestration. (splunk.com) Bright Security’s Bright STAR—announced at RSA 2025—markets itself as a closed‑loop scanner reporting roughly 85% automatic remediation rates and “over 95%” time savings in some customer cases, while Microsoft previewed Security Copilot agents that automate high‑volume security tasks. (brightsec.com) Multiple industry datasets and conference analyses say dwell and breakout times collapsed in 2025, with reporting that breakout events were measured in hours (one analysis cited ~79 minutes) and vendor briefings claiming even sub‑30‑minute breakouts in some cases. (darkreading.com) Workforce panels and RSAC‑adjacent reporting flagged a paradox: automation reduces routine triage but risks hollowing out entry‑level SOC roles and aggravating the existing talent shortage, a concern highlighted in DarkReading and RSAC coverage and echoed by RSA Conference leadership. (darkreading.com) Speakers and RSAC content urged keeping humans in the loop for high‑impact decisions and investing in explainability, feedback loops, and upskilling so analysts become AI supervisors and validation engineers rather than pure alert triagers. (rsaconference.com)
