惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
P
Palo Alto Networks Blog
Know Your Adversary
Know Your Adversary
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cisco Talos Blog
Cisco Talos Blog
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
J
Java Code Geeks
博客园_首页
Scott Helme
Scott Helme
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
V
Visual Studio Blog
Cloudbric
Cloudbric
Jina AI
Jina AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 叶小钗
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
A
Arctic Wolf
C
Cybersecurity and Infrastructure Security Agency CISA
S
SegmentFault 最新的问题
The Last Watchdog
The Last Watchdog
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
W
WeLiveSecurity
K
Kaspersky official blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
宝玉的分享
宝玉的分享
Hugging Face - Blog
Hugging Face - Blog
量子位
Google Online Security Blog
Google Online Security Blog
博客园 - Franky
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 三生石上(FineUI控件)
Recent Commits to openclaw:main
Recent Commits to openclaw:main

News Archives - Heimdal Security Blog

Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It Heimdal Achieves OPSWAT Gold Certification for Anti-Malware Digital Warfare and the New Geopolitical Frontline Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea Is Your Tech Stack Killing Profitability? The Silent Bug Crippling MSP Growth Where Ransomware Profits Go and How to Cut Them Off Heimdal 5.0.0 RC: RDP Protection, Ransomware Detection, and OS Deployment Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences Heimdal Joins the Tidal Cyber Registry with Its Extended Detection & Response (XDR) Solution Heimdal Investigation: European Organizations Hit by PDF Editor Malware Campaign Colt Technology Services Breached – Warlock Gang Claims Attack Fortinet VPNs Under Coordinated Attack Attack Surface Management: Why MSPs Don’t Need Another Tool Should MSPs Stop Chasing Leads and Start Solving Problems? Agent Fatigue Crisis Hits 89% of MSPs as Security Tools Backfire Your Protection Guide For Cybersecurity in Manufacturing
AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift
Madalina Popovici · 2026-05-12 · via News Archives - Heimdal Security Blog

COPENHAGEN, DENMARK, 12 May 2026 — Heimdal’s managed SOC processes three million alerts a month. In the year ahead, fewer than 500 of those, less than 0.02%, are expected to need a human analyst.

That’s the forecast from Heimdal founder Morten Kjaersgaard, based on the trajectory of AI Wingman SOC as it absorbs the bulk of routine triage work.

New research commissioned by Heimdal suggests the wider market is heading the same way.

A Heimdal survey of 1,000 IT and security pros across the US and UK found 79% expect AI to reduce manual workload. 38% expect a shift to higher-value work within three years.

“The SOC analyst job is being rebuilt around the cases that matter,” said Kjaersgaard.

“Their work shifts from operating the SOC to improving the platform and training the AI sitting on top of it. We’re not scaling the team down. We’re scaling customer load up while the role shifts underneath them.”

A volume problem on both sides

Attackers are using AI to scale, not to innovate. The bulk of what’s being accelerated is high-volume, low-complexity work. More phishing. Slightly better phishing. Still phishing.

Defenders need AI for the same reason. Triage volume that humans were never meant to process at scale.

“Anything that requires vast volumes of data to be analyzed manually is going to be automated,” Kjaersgaard said.

“Low complexity, high volume work goes to AI. The sophisticated cases stay on the table for the SOC responders. That’s where human judgment still earns its place.”

The survey data points the same direction. Sensitive data being uploaded to AI tools is the top AI-related concern for 61% of IT professionals.

Only 40% feel their current security tools are fully equipped for AI-driven risk. The work the industry has been asking humans to do at volume is the work it now expects AI to absorb.

Where Heimdal’s position differs

Heimdal isn’t planning to reduce its SOC team.

As AI absorbs more triage, headcount stays stable and the work changes. Analysts focus on the cases that warrant real investigation, and on improving the AI that handles the rest.

Across the wider market, the picture is different. Providers built around high-volume human triage face a structural problem. The work they bill for is the work AI handles first, fastest, and at a fraction of the cost.

The forecast extends the position Heimdal set out in April with the launch of AI Wingman and Third-Party AI Containment.

AI Wingman SOC is the third tier, rolling out across 2026 alongside Assist and Triage. The initial release covers 15 SOC-relevant protection features and is expected to reduce L1 triage time by around 25% as it matures.

Compliance keeps humans in the loop

Compliance is what keeps humans in the SOC. Regulated environments require an accountable person behind security decisions, and that requirement isn’t moving.

What changes is the work. Less time in tickets. More time on the cases that warrant real investigation, and on improving the systems that handle the rest.

About the survey

The research surveyed 1,000 IT and security professionals across the US and UK on AI adoption, governance, and risk management in IT and security environments.

Full findings will be published by Heimdal in the coming weeks.

About Heimdal

Heimdal is a global cybersecurity provider delivering a unified security and compliance platform that brings together prevention, detection and response across endpoint, identity, email, network and access security.

With more than 12 fully integrated products and over 17,000 customers worldwide, Heimdal helps enterprises and MSP partners reduce risk, strengthen operational resilience and consolidate their security stack.

Organizations in more than 40 countries rely on Heimdal’s platform to prevent threats, detect breaches and automate response without the need for a SIEM or multiple point solutions.

For more information, visit Heimdal.

Media Contact

Madalina Popovici

Media Relations Manager, Heimdal

mpo@heimdalsecurity.com

If you liked this article, follow us on LinkedIn, Reddit, X, Facebook, and Youtube for more cybersecurity news and topics.

Author Profile

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.