By David O. , Chief Information Security Officer - iCIMS, United States
For two decades, security leaders have been sold a vision:
The promise has always been the same, with promises of fewer breaches, fewer false positives, less manual effort, and more time to focus on high-value activities. Yet here we are in 2025 — still facing rising threats, still drowning in alerts, and still struggling with a cybersecurity workforce gap that now exceeds 4.8 million professionals worldwide (a 19% increase from the previous year).
Organizations with staff shortages are twice as likely to experience a material security incident. Budgets and teams are shrinking even as attacks grow in sophistication. Despite decades of these “next-gen” tools, the reality is we haven’t achieved the integrated security platform we were promised. And while SIEM and SOAR were designed to reduce manual correlation, what happened is the opposite — we’re processing more data than ever, which still demands significant time and skilled personnel.
The Gap Between Promise and Reality
SIEM promised visibility. SOAR promised automation. The truth is, we are seeing limited adoption, which has been uneven and limited. These systems require a high level of expertise which is expensive, hard to find, and increasingly rare. As a result, many organizations have turned to service providers and managed SOCs to consolidate top talent rather than building it all in-house.
In my experience, most organizations utilize SOAR primarily for narrow tasks such as messaging, integrated look-ups, or ticket routing, rather than full end-to-end automation. A handful of large, well-funded organizations have figured this out — but for most, these tools remain siloed, underutilized, or overwhelming.
Meanwhile, vulnerabilities, breaches, and attack sophistication continue to rise. Established companies — even those with the best tools — are still getting breached. Traditional approaches, such as SIEM and SOAR, have not met expectations and, in some cases, have increased complexity.
Enter AI: A Bridge Between Visibility and Action
This is where AI in cybersecurity — and specifically Agentic AI Security — comes into play. The technology has matured beyond static playbooks and rigid scripts. We’re now talking about AI systems that can dynamically reason, contextualize, and orchestrate across tools — acting as connective tissue rather than yet another silo.
The numbers alone tell a story: the global market for AI in cybersecurity is projected to grow from $19.2 billion in 2022 to $154.8 billion by 2032 (23.6% CAGR). This growth reflects more than hype; it reflects genuine demand for solutions that can actually close the gap between data and action.
Agentic AI Security can:
But let’s be clear: AI will only succeed if it’s business- and context-aware — and that’s still a moving target we’re all chasing. Without the proper context, even the most advanced AI models will fail to deliver business value. The opportunity is real, but so are the prerequisites: clean data, integrated systems, and intentional strategy.
The Vision: What “Good” Could Finally Look Like
For years, vendors have painted a picture of the “good state”, but now with the advancements of Artificial Intelligence we are closer than ever before. Here are some short term wins I can imagine being presented by AI soon:
With Agentic AI Security, we are closer than ever before. As cybersecurity teams adopt accurate AI-centric solutions, we will see measurable gains in improved scalability, workload prioritization, SLA attainment, risk reduction, and healthier work-life balance for cybersecurity professionals.
This isn’t just about doing things faster or automating a single decision within one workflow. It’s about doing them at scale, across multiple workflows, with the same team spending less time analyzing data, while simultaneously improving outcomes. The future vision of how security teams use the SIEM and SOAR will change, and AI might finally make it possible.
Grounding the Vision in Today’s Problems
AI doesn’t have to solve everything to be valuable. Even now, AI in cybersecurity can tackle some of the most persistent challenges:
If you’re considering AI, start with specific use cases. Validate the solution, measure the impact, and then expand. Don’t try to “boil the ocean” on day one. This approach builds credibility, delivers quick wins, and earns trust from your team.
Being Intentional with AI: It’s Not Plug-and-Play
We have to be intentional. AI is not a plug-and-play solution — not yet. While AI can enable defenders, it also allows attackers to become more sophisticated. Generative AI has lowered the barrier to entry for adversaries, who can now automate phishing, reconnaissance, and even exploit development.
Meanwhile, vendors are racing to monetize AI capabilities, chasing value for customers but also contributing to noise and confusion. This is why Agentic AI Security must be applied with strategic intent:
Done right, AI can help unify visibility, automation, and reasoning. Done wrong, it risks becoming another expensive tool with disappointing returns.
The Takeaway: Hopeful but Strategic
We’ve been promised a unified security platform for years. SIEM centralized data. SOAR tried to automate it. AI now offers the chance to close the gap finally — but only if we apply it strategically.
I’m personally hopeful that we’re about to see real solutions — whether from vendors or managed service providers — that deliver meaningful outcomes for cybersecurity professionals. If we get this right, AI in cybersecurity will not only reduce alert fatigue and burnout but will also finally make our tools live up to their long-standing promise.
This isn’t just a technology shift; it’s a chance to rethink how we defend. Agentic AI Security can unify data, context, and action. It’s our opportunity to move from siloed tools to a cohesive security platform — one that frees our people to do the work only humans can do best.
