Trust challenge in AI SOCs

TechRadar Pro ran an analysis by Kirsty Paine on March 20, 2026 that framed the governance question around agentic AI in SOCs and argued that visibility and accountability features are becoming adoption gatekeepers. (techradar.com)) A May 29, 2025 arXiv paper titled “A Unified Framework for Human‑AI Collaboration in Security Operations Centers with Trusted Autonomy” proposes a five‑level autonomy taxonomy explicitly mapped to SOC analyst tiers to calibrate trust and set escalation thresholds. (arxiv.org)) NIST’s AI Risk Management Framework (AI RMF 1.0, released January 2023) and the Generative AI Profile (NIST‑AI‑600‑1, published July 26, 2024) include Appendix C guidance on human‑AI interaction and call for testing, evaluation, verification, and validation (TEVV) in operational settings. (nist.gov)) Google Cloud’s security team published Gemini in Security work and announced an “alert triage agent” that autonomously performs dynamic investigations and returns a verdict, signaling vendor roadmaps toward codified agent roles inside SOC workflows. (cloud.google.com)) Splunk’s December 16, 2025 security predictions advised SOC leaders to pair agentic AI with role‑based audit trails and human oversight controls, recommending instrumented logs for every automated action to support governance and post‑incident review. (splunk.com)) A concise executive brief format suitable for Director‑level reviews aligns with the literature: 1) Observability scorecard listing false‑positive rate, explainability coverage, and TEVV pass rate; 2) Decision‑authority map showing autonomy level per task mapped to analyst tier and SLA; 3) Audit & escalation ledger with count of automated actions, percent human‑verified, and mean time to human escalation—each element echoed in TechRadar’s call for surfaced reasoning, the arXiv autonomy taxonomy, and NIST’s TEVV guidance. (techradar.com))