Contents
CISOs everywhere are feeling the AI fatigue. Every vendor at Black Hat 2025 was hyping ‘AI agents for SecOps,’ so there’s rightfully a lot of skepticism about deploying AI in production, especially in enterprise environments.
But the old way of running a SOC just isn’t working anymore. After all the time and money spent on traditional playbooks, we’re still wrestling with the same challenges: alert fatigue, burnout, tool sprawl, and inability to scale. It’s time for a new approach — but what does that actually look like in the very real, often messy world of the SOC?
Dina Mathers, CISO of Carvana, is a leader who’s fearlessly challenging the status quo with an AI-first SecOps strategy in a Fortune 500 environment. I recently moderated a Black Hat 2025 session with her, where she shared her insights from the front lines of Carvana’s modern, AI-powered SOC.
Below are her key takeaways for any security leader considering (or concerned about) adopting AI.
The Business Case for AI in SecOps
Staffing a full 24×7 security operations center is expensive and doesn’t scale well. And, as Dina noted, “the SOC grind is real… and it’s tough.” In a traditional SOC, analysts are constantly triaging and responding to alerts from disparate security tools — and a lot of events are just noise. Analysts have to hop between multiple screens and dashboards to figure out what’s real and what’s impactful.
“Who wants to spend their time doing that?” Dina asked the audience. She also pointed out how inefficient it is to have human analysts spending their time on mundane, repeatable tasks that can be automated, such as responding to phishing emails or documenting cases. The leaner the team, the more these inefficiencies hurt, slowing down response and increasing risk exposure.
That’s why Dina says that, from her perspective, it’s a “no-brainer” to leverage AI to offload the Tier-1 and Tier-2 alert triage, so her team can focus on more critical and strategic work.
“Leveraging AI [in the SOC] seemed to me like a no-brainer. There’s a very strong use case to use AI for your traditional security operations to start. Then, you can grow from there.”
– Dina Mathers, Carvana CISO
The Carvana AI Adoption Playbook
For Carvana, AI isn’t just a buzzword — it’s core to their business and security strategy. While Carvana is a Fortune 500 company, it operates with a startup mindset, which means they move fast and are willing to adopt AI rapidly. But Carvana also underpins their AI-first strategy with a methodical and governance-focused approach designed to ensure security and alignment with business goals, including:
- Establishing a cross-functional task force: Carvana has an AI task force with stakeholders from legal, information security, data governance, and engineering. This group meets bi-weekly to review new use cases and ensure a unified approach.
- Starting with a clear business case: The first step when evaluating a proposed AI solution is to ask, “What is your actual use case?” This prevents teams from buying new AI tools just for the sake of shiny new toys to experiment with. The process also includes checking if an existing, sanctioned tool can fulfill the need to avoid “shadow AI” or redundant technologies.
- Engaging legal and security early: When a business case is confirmed, Carvana spins up a POC and works with the legal team to ensure proper contractual documentation, such as a data protection agreement or information security amendment. A security review of the third-party vendor is also conducted in parallel to ensure the tool meets their standards.
- Adopting a ‘crawl-walk-run’ approach: When deploying Torq’s AI SOC Analyst, Carvana started with a human-in-the-loop model, allowing the AI to triage lower-risk cases by following a defined runbook, then having a human analyst review the AI’s conclusions before a remediation or closure action was taken. Taking baby steps initially allowed Carvana to build trust and comfort in the AI’s ability to perform consistently over time as they slowly expanded the scope of tasks they assigned to the AI, such as having the AI ask end users questions over Slack in order to close out a case.
“Within one month of deploying HyperSOC, we had 41 of our runbooks created and we started assigning cases to Socrates, the AI SOC Analyst. But we used a ‘crawl-walk-run’ approach so we could say, ‘We’re comfortable with the AI Analyst triaging, but not with it remediating or closing out an incident yet.’ So we had a human in the loop from the beginning.”
– Dina Mathers, Carvana CISO
The Real-World Impact of Torq’s Agentic AI
Carvana’s Torq HyperSOC implementation delivered tangible results beyond simple automation.
100% Tier-1 and Tier-2 Triage Automation
Torq’s AI SOC Analyst now triages 100% of Carvana’s Tier-1 and Tier-2 security events, acting as an extension of their lean team. This has transformed the day-to-day work for their security team, which can now focus on higher-value work and operate at the effectiveness of a team five times larger.
Improved Team Morale and More Strategic Focus
Automating repetitive tasks has led to a happier, more engaged security team. Team members can focus on strategic projects like deploying new technologies and improving the overall security posture, instead of just monotonous triage.
Expanded Use Cases Beyond the SOC
There are also many use cases beyond the SOC that agentic AI can help with, such as automating onboarding and offboarding workflows and reducing tech debt by automatically disabling inactive service accounts. Carvana uses Torq to identify lost or stolen endpoints to ensure that the assets are properly updated in their configuration management database (CMDB) and that the assets are removed from disparate endpoint tools.
Dina shared, “Although we made the decision to invest in the AI SOC Analyst initially just to triage the security events, what we’re finding is there are so many more use cases beyond the traditional security operations center. I would implore you to check out Torq, honestly. There are so many use cases, so you don’t have to go get another agentic AI for some other purpose-built solution — you could standardize all of your automation using Torq’s agentic AI.”
“[With Torq], we have materially improved our operations. We’ve dramatically reduced the cost of operating a security operations center to the point where we can reallocate those funds to different technologies that we need.”
– Dina Mathers, Carvana CISO
Watch Now: Dina Shares More Insights
The Torq team had the chance to catch up with Dina ahead of her Black Hat 2025 session. Watch the interview now!
The Final Takeaway: Don’t Be the Department of ‘No’
Dina closed her on-stage session by challenging security leaders to embrace AI rather than be skeptical: “Don’t be the Department of ‘No’. Lean into AI. Try it out.” Just as Carvana disrupted car sales by automating the misery out of buying a car, their embrace of agentic AI in the SOC is automating the misery out of life in the SOC.
Dina also shared that she finds the limitless horizons of AI exciting. “What’s crazy about AI adoption is that your imagination is what’s limiting it. The tool can do anything you tell it to do.”
Want to see how Torq HyperSOC can transform your SecOps?
