惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
V2EX
爱范儿
爱范儿
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
B
Blog RSS Feed
博客园 - 聂微东
G
GRAHAM CLULEY
Engineering at Meta
Engineering at Meta
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
Scott Helme
Scott Helme
AI
AI
S
Security Affairs
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
AWS News Blog
AWS News Blog
T
Threatpost
Cyberwarzone
Cyberwarzone
www.infosecurity-magazine.com
www.infosecurity-magazine.com
U
Unit 42
V
Vulnerabilities – Threatpost
J
Java Code Geeks
博客园 - Franky
月光博客
月光博客
Blog — PlanetScale
Blog — PlanetScale
NISL@THU
NISL@THU
D
Docker
小众软件
小众软件
N
News and Events Feed by Topic
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
A
Arctic Wolf
D
DataBreaches.Net
云风的 BLOG
云风的 BLOG
Forbes - Security
Forbes - Security
量子位
PCI Perspectives
PCI Perspectives
美团技术团队
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
I
InfoQ
Security Archives - TechRepublic
Security Archives - TechRepublic
有赞技术团队
有赞技术团队
腾讯CDC
P
Proofpoint News Feed
S
Security @ Cisco Blogs
G
Google Developers Blog
C
Cisco Blogs

Heimdal Security Blog

Top 6 Managed Detection and Response Providers Cyber-Aware Customers Are Raising the Bar for MSPs and Other Vendors Cyber-Aware Customers Are Raising the Bar for MSPs and Other Vendors How to scale your patches without scaling your team (the patch wave) AI didn't break patching. It showed us patching was already broken. Heimdal Launches MSP Onboarding Wizard to Help Partners Onboard Microsoft CSP Customers in 2 Minutes How Dynamic Defense shuts an attacker out without shutting down the business Static security has run out of road. The case for Dynamic Defense Breaking the MSP Echo Chamber: The Power of Community How attackers built a RAT on a Windows machine using its own .NET compiler Attacker enables RDP, creates admin, erases evidence in ten seconds Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It Your Next Insider Threat May Be an AI Coworker The OSI Model and Its Two Missing Layers Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification The State of AI Risk Management in 2026 Top 10 Cybersecurity Companies in Europe Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment You Only Know What You’ve Got When Its Gone Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade OpenClaw Incidents Show Why AI Adoption Pressure Puts Companies at Risk Heimdal Claims Industry First With a Cyber Essentials Control Mapping for PEDM to Help Organisations Prove Least Privilege Five Predictions for Cyber Security Trends in 2026 Heimdal Achieves OPSWAT Gold Certification for Anti-Malware How to Avoid Holiday Shopping Scams (From a Former Cyber Detective) ITDR Best Practices: How to Detect, Prevent, and Contain Critical Identity Threats When Buyers Discount MSPs With One Big Customer You’re Not Technical? That Excuse Just Expired! Tool Sprawl Taxes Your Business More Than You Think Heimdal 5.1.0 RC Dashboard: Smarter Automation, Stronger Compliance, and Smoother Control Can Generative AI Be Weaponized for Cyberattacks? Digital Warfare and the New Geopolitical Frontline Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea
AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift
Madalina Popovici · 2026-05-12 · via Heimdal Security Blog

COPENHAGEN, DENMARK, 12 May 2026 — Heimdal’s managed SOC processes three million alerts a month. In the year ahead, fewer than 500 of those, less than 0.02%, are expected to need a human analyst.

That’s the forecast from Heimdal founder Morten Kjaersgaard, based on the trajectory of AI Wingman SOC as it absorbs the bulk of routine triage work.

New research commissioned by Heimdal suggests the wider market is heading the same way.

A Heimdal survey of 1,000 IT and security pros across the US and UK found 79% expect AI to reduce manual workload. 38% expect a shift to higher-value work within three years.

“The SOC analyst job is being rebuilt around the cases that matter,” said Kjaersgaard.

“Their work shifts from operating the SOC to improving the platform and training the AI sitting on top of it. We’re not scaling the team down. We’re scaling customer load up while the role shifts underneath them.”

A volume problem on both sides

Attackers are using AI to scale, not to innovate. The bulk of what’s being accelerated is high-volume, low-complexity work. More phishing. Slightly better phishing. Still phishing.

Defenders need AI for the same reason. Triage volume that humans were never meant to process at scale.

“Anything that requires vast volumes of data to be analyzed manually is going to be automated,” Kjaersgaard said.

“Low complexity, high volume work goes to AI. The sophisticated cases stay on the table for the SOC responders. That’s where human judgment still earns its place.”

The survey data points the same direction. Sensitive data being uploaded to AI tools is the top AI-related concern for 61% of IT professionals.

Only 40% feel their current security tools are fully equipped for AI-driven risk. The work the industry has been asking humans to do at volume is the work it now expects AI to absorb.

Where Heimdal’s position differs

Heimdal isn’t planning to reduce its SOC team.

As AI absorbs more triage, headcount stays stable and the work changes. Analysts focus on the cases that warrant real investigation, and on improving the AI that handles the rest.

Across the wider market, the picture is different. Providers built around high-volume human triage face a structural problem. The work they bill for is the work AI handles first, fastest, and at a fraction of the cost.

The forecast extends the position Heimdal set out in April with the launch of AI Wingman and Third-Party AI Containment.

AI Wingman SOC is the third tier, rolling out across 2026 alongside Assist and Triage. The initial release covers 15 SOC-relevant protection features and is expected to reduce L1 triage time by around 25% as it matures.

Compliance keeps humans in the loop

Compliance is what keeps humans in the SOC. Regulated environments require an accountable person behind security decisions, and that requirement isn’t moving.

What changes is the work. Less time in tickets. More time on the cases that warrant real investigation, and on improving the systems that handle the rest.

About the survey

The research surveyed 1,000 IT and security professionals across the US and UK on AI adoption, governance, and risk management in IT and security environments.

Full findings will be published by Heimdal in the coming weeks.

About Heimdal

Heimdal is a global cybersecurity provider delivering a unified security and compliance platform that brings together prevention, detection and response across endpoint, identity, email, network and access security.

With more than 12 fully integrated products and over 17,000 customers worldwide, Heimdal helps enterprises and MSP partners reduce risk, strengthen operational resilience and consolidate their security stack.

Organizations in more than 40 countries rely on Heimdal’s platform to prevent threats, detect breaches and automate response without the need for a SIEM or multiple point solutions.

For more information, visit Heimdal.

Media Contact

Madalina Popovici

Media Relations Manager, Heimdal

mpo@heimdalsecurity.com

If you liked this article, follow us on LinkedIn, Reddit, X, Facebook, and Youtube for more cybersecurity news and topics.

Author Profile

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.