When Anthropic mapped a year of AI-enabled cyber threats onto MITRE ATT&CK last week — 832 malicious accounts, with results now in Verizon’s 2026 DBIR — it confirmed something defenders have felt building for a while: adversaries aren’t just using AI to assist anymore. They’re using it to operate at machine speed.
That’s the reality behind what I’ve been calling the SOC after Mythos. The real disruption from frontier AI isn’t that it replaces the SOC — it’s that it exposes every weakness in how the SOC operates today. Fragmented context, stale asset understanding, and slow validation loops were survivable when attackers moved at human speed. They aren’t anymore.
The bottleneck is shifting from finding to validating. AI can surface possible weaknesses faster than ever, but a technical finding without context is just noise. The teams that come out ahead won’t be the ones with the most AI — they’ll be the ones who can connect those findings to real assets, identities, and business services, then act with confidence. That means network, identity, cloud, and the SOC working as one system, not three.
Same fundamentals. Faster clock.
I wrote about what that shift means, and what it asks of defenders next
Read it on splunk.com
