As AI compresses threat response windows to mere seconds, the security operations center is undergoing a fundamental transformation — and the agentic SOC is emerging as a solution that combines autonomous, machine-speed investigation and containment with essential human governance.
The industry is confronting a hard reality: AI is now a force multiplier for attackers as much as defenders, and the window to respond effectively is shrinking fast. But the answer may very well lie in an autonomous SOC built on tightly integrated AI — paired with human governance that can shut it all down when needed. Now, CrowdStrike Holdings Inc. is expanding its collaboration with IBM Corp. to integrate CrowdStrike’s Charlotte AI with IBM’s Autonomous Threat Operations Machine, or ATOM, for coordinated, machine-speed investigation and containment, according to Daniel Bernard (pictured, left), chief business officer at CrowdStrike.
“We’re really excited to be working with the folks over at IBM and going and actually remapping the SOCs of today to something autonomous and ready for tomorrow,” Bernard told theCUBE. “What we see happening in the market is a broader need to revolutionize how the SOC operates. Together we’re delivering that — our technology, their expertise and also their technology, too, on top of it, so we can make these SOCs ready for the agentic era.”
Bernard and Mark Hughes (right), global managing partner of cybersecurity services at IBM, spoke with theCUBE’s Dave Vellante at the RSAC 2026 Conference, during an exclusive broadcast on theCUBE, News Media’s livestreaming studio. They discussed the agentic SOC transformation, AI governance, and the evolving partnership between CrowdStrike and IBM. (* Disclosure below.)
Agentic SOC demands visibility, governance and a fail-safe switch
The number one problem IBM’s clients face is visibility and contextualization across sprawling, legacy-heavy environments — particularly as they now also need to account for agents they are utilizing themselves, Hughes explained. IBM has deployed its SOC orchestration technology alongside CrowdStrike to more than 100 clients, with key roles increasingly handled by digital workers, he added.
“A lot of the traditional jobs that were being done by humans — Layer 1 analysts, Layer 2 analysts even — are now being completely overtaken by those digital workers,” Hughes said. “Those digital twins that come in … now really take the role of where the person used to do that work of the analysis and looking at alerts.”
The challenge of securing AI is both a defensive and strategic imperative, meaning that security teams are being asked by their boards to become AI accelerants — not blockers, Bernard said. Enterprises fall into two camps today: those that allow everything and those that allow nothing, and neither extreme works, he added.
“This is fundamentally a detection-and-response problem all over again,” he said. “You need to have a human somewhere in the loop so that it can be governed appropriately, and you need to have a fail-safe switch to be able to shut all this stuff down. If you have those things, you can at least put your head on the pillow at night and know that these are the fundamentals to start really seeing the outcomes in a way that is secure.”
Companies are quickly learning that the old rules no longer apply. Rather than simple automation, an agentic SOC represents a fundamental transformation of security workflows, Hughes explained. Clients are increasingly asking where certain steps in the legacy process have gone, only to learn that those steps no longer exist — agents are now handling them entirely.
“[It’s] very different from what we have today and what we’ve had for the last few years,” Hughes said. “Still … found on the same principles we’ve been working with, but now completely reimagining that workflow in a way that makes it less of a separate thing, but powered by really foundationally strong tools that can actually do that job.”
Here’s the complete video interview, part of News’s and theCUBE’s coverage of the RSAC 2026 Conference:
(* Disclosure: TheCUBE is a paid media partner for the RSAC 2026 Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or News.)
Photo: News
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
