Rick Bosworth is a cybersecurity marketing executive with nearly two decades of experience driving GTM strategy across technology startups. His uniquely technical perspective bridges the gap between complex solutions and practical customer outcomes. Rick has deep expertise spanning EDR, CNAPP, CWPP, AppSec, CTEM, and agentic SecOps. When he is not speaking publicly, enabling sellers, or leading cross-functional initiatives, Rick enjoys adventurous dining, endurance athletics, and craft beer.

When asked about the #1 expected benefit of agentic AI, security leaders didn’t say faster detection or better MTTR. They said quality of life. This finding comes directly from 450 CISOs and cybersecurity leaders surveyed in the recently published 2026 AI SOC Leadership Report.

There’s no shortage of AI in today’s security operations center (SOC). Generative AI. LLM copilots. Agentic workflows. Custom-built agents. Vendor-driven automation. The SOC is saturated with intelligence, at least in theory. And yet, ask SOC analysts how things feel on the ground, and the answer is far more complicated.

Nearly four in five organizations are now using AI in their SOCs in some capacity, and many have embedded it across workflows. While AI adoption has surged, operational clarity has not kept pace. Instead of simplifying operations, AI has introduced a new layer of complexity: more tools, more outputs, more decisions to validate. This is the paradox at the heart of the modern SOC: 

To understand why, you have to look past adoption metrics and into what analysts are actually experiencing, and more importantly, what they actually want.

AI Is Everywhere, But It’s Fragmented

On paper, the SOC has embraced AI. In practice, it’s stitched together from disconnected parts. The SOC now runs an average of 7 AI-powered SOC tools, and 80% of teams rely on fragmented point solutions. These tools operate independently, each with its own interface, logic, and version of reality.

No single system can see the full picture, so analysts rush in to fill the gap. SOC staff become the integration layer, manually correlating signals, validating outputs, and reconciling conflicting conclusions across tools. Operational overhead, the very thing AI was supposed to eliminate, has been reintroduced.

This is not a failure of AI capability, but a failure of architecture.

The Analyst Experience: From Operator to Orchestrator

AI is reshaping the role of the SOC analyst. Previously, analysts were the execution layer, spending their time triaging alerts, enriching data, and running playbooks. AI now handles much of that processing. In its place, a new layer of work has emerged: oversight, validation, and decision-making.

On average, analysts now spend 8.6 hours per week reviewing AI-generated outputs. At first glance, that can look like inefficiency: a full workday spent checking the machine’s work. But that interpretation misses the shift that’s actually happening.

Analysts are moving from execution to judgment. From doing the work to deciding what matters. If AI does the lion’s share of the previously manual, repetitive tasks, SOC capacity expands. AI saves more than the 8.6 hrs per week that humans spend on oversight.

This is progress, and this is only the early innings. Nearly 9 in 10 security leaders say AI has improved workload and reduced burnout. But this progress comes with a condition: the oversight-for-execution trade-off only works if it’s efficient.

When AI outputs are opaque, inconsistent, or fragmented, oversight becomes a source of friction. When reasoning is clear and context is unified, oversight becomes strategy.

What Security Leaders Say Their Analysts Need Most

Strip away the noise, the AI hype, and dashboards, and a clear picture emerges of what analysts actually need. When 450 security leaders were asked what would most improve SOC operations, the answers weren’t about faster models or more automation. They pointed to the conditions their teams need to actually do their jobs.

1. Better Quality of Life

At its core, the SOC remains a human system. And the leaders running these teams are explicit about what would improve it: 

• Fewer repetitive, manual tasks
• Better workload distribution and prioritization
• More sustainable work-life balance

These objectives reflect a daily reality of alert fatigue, context switching, and cognitive overload. AI has the potential to solve these problems, but only if it reduces friction, not adds to it.

2. AI They Can Trust

Trust is the defining constraint of AI in the SOC. Full stop.

Only a small fraction of leaders report zero concerns about AI. The vast majority point to issues like:

• Data privacy risks
• False negatives (missed threats)
• False positives
• Black-box decision-making

The common thread? Visibility. Transparency. Explainability. Analysts and cybersecurity leaders don’t just want answers. They want to understand how those answers were reached. In fact, 90% of security leaders say they need explainability to trust AI decisions.

Because in security operations, decisions carry consequences. And confidence comes from clarity.

3. Control Over Automation

Despite widespread belief in AI’s capabilities (here is your friendly reminder to download the 2026 AI SOC Leadership Report for the supporting details), most teams are cautious about letting it act autonomously.

Nearly all organizations are comfortable with some level of AI-driven action, and most draw a hard line at medium-severity incidents. Not only is the aforementioned trust factor at play, but also a lack of control.

Today’s tools often present a binary choice: AI acts, or humans act. That’s hardly a choice when the stakes are high.

What analysts actually want is a dial. They want to calibrate autonomy based on:

• Severity
• Confidence
• Context

Low-risk, high-volume alerts? Let AI handle them end-to-end. High-risk, high-impact incidents? Keep humans in the loop.

Not all automation is, or even should be, equal. Analysts demand the flexibility to decide where the line is drawn, and to move it over time at their discretion. See also, judgment layer.

4. Fewer Tools, More Cohesion

Perhaps the most consistent signal across the data is this: 85% of security leaders would prefer a unified platform over multiple point solutions.

Let us be crystal clear: no one is suggesting replacing existing tools. EDRs, CNAPPs, and other security controls serve critical functions. The best are exceptional at their prescribed function. The issue is what sits above them, or rather, what does not.

Most SOCs today do not have a unified layer that:

• Sees across the full stack
• Correlates fragmented signals
• Provides consistent reasoning
• Enables coordinated action

So analysts jump into that void. And teams are back to manual, repetitive tasks in the effort to stitch together context spread across data siloes. The previously mentioned tradeoff between execution and oversight falters, diminishing the value of what AI could otherwise deliver.

The Real Bottleneck: Trust, Not Tech

One of the most striking findings in the data is the dichotomy between what teams believe AI can do and what they actually allow it to do. To wit, even though 97% believe AI can handle alert triage, only 35% are using it for that purpose.

This pattern repeats across the SOC. (Did you even download the 2026 AI SOC Leadership Report?) AI is widely trusted to analyze, investigate, and recommend. It’s far less trusted to act. 

Organizations lack confidence in how AI operates. Trust breaks down when:

• Decisions cannot be explained
• Data access is not governed
• Outputs cannot be verified
• Control boundaries are not clear

In other words, AI has the ability. Analysts just don’t trust it to do the right thing. 

The SOC Analysts Are Asking For: Unified, Explainable, Controllable

Despite the challenges, there is remarkable alignment on what the ideal SOC should look like. Across roles, industries, and geographies, the vision is consistent for a system that is:

• Unified across the entire security stack
• Explainable in every decision it makes
• Adaptive, learning from outcomes over time
• End-to-end, covering the full alert lifecycle
• Controllable, with adjustable levels of autonomy

This blueprint for the AI SOC is laid out clearly in the research findings and reflects a fundamental shift in how AI is expected to function within it.

The security industry has spent the last several years racing to embed AI into every corner of the SOC. That tinkering or adoption phase is over. The next phase will make that intelligence scalable, usable, and trustworthy for the enterprise.

Enterprises demand AI that:

• Shows its reasoning (transparency)
• Operates within clear boundaries (control, guardrails)
• Augments the SOC (capacity, throughput, efficiency)

Organizations that close these gaps, moving from fragmented tools to a unified AI SOC platform, from opaque outputs to transparent reasoning, and from brittle automation to adjustable autonomy, will unlock the outcomes that AI was always expected to deliver. Faster response. Lower risk. Higher analyst productivity.

The rest will continue to manage complexity, just with smarter tools. Smarter tools are only valuable when they make the system itself — in this case, the SOC — smarter.

That’s what SOC analysts actually want.

The security automation market just got its definitive evaluation and its new name.

KuppingerCole Analysts is the global analyst firm that sets the benchmark for cybersecurity technology evaluations. Their Leadership Compass is the gold-standard independent assessment enterprises rely on when making platform decisions, rigorously scoring vendors across product maturity, innovation, and market execution. When KuppingerCole Analysts names a category, the industry follows. When they name a Leader, buying teams listen.

KuppingerCole Analysts’ April 2026 Leadership Compass retired the SOAR category entirely. The report is now called The Emerging AI SOC to reflect the market transformation. In the words of KuppingerCole analyst Matthew Gardiner, “Traditional rule-based workflow and playbook-based SOAR systems have hit an efficiency and implementation brick wall. The cost and expertise required to get significant ROI from traditional SOAR systems is out of reach for average security organizations… AI is showing early signs of changing this calculus and lowering the bar for smart(er) automation.” 

We couldn’t agree more. The new frontier is agentic AI, adaptive reasoning, and platforms that augment analysts, not replace them. Transparency and control have been at the heart of our AI SOC strategy for years.

Torq was named a Leader by KuppingerCole Analysts in all four categories for the AI SOC: Overall, Product, Innovation, and Market.

Torq scored highest in both Innovation Leadership and Product Leadership. We are named a Market Leader driven by rapid customer growth, expanding revenues, and increasingly comprehensive capabilities. And was evaluated as an Overall Leader across every dimension that KuppingerCole Analysts measures.

Here’s what the KuppingerCole Analysts Leadership Compass for the Emerging AI SOC found and what it means for the market.

The AI SOC Category Is Official. SOAR Is Not Coming Back.

KuppingerCole Analysts rebranded the report category because the underlying technology for security automation has fundamentally shifted. Newer automation capabilities “increasingly focus on AI-based reasoning, natural language chat interfaces, contextual enrichment, and adaptive decision support” rather than simply executing preconfigured rules and playbooks. Rule-based systems only work when the problem space is stable, and security operations are anything but.

The competition has shifted with the market. Differentiation is no longer about who has the most predefined playbooks or the longest feature list. It’s about usability, flexibility, scalability, and the ability to support heterogeneous, tool-rich environments without excessive engineering or people-intensive overhead. Playbooks and out-of-the-box integrations still matter, but they’re table stakes. The real differentiator is how effectively a platform reduces the human burden while handling the messy, multi-vendor reality of a modern SOC.

This is the shift Torq was built for — and the criteria KuppingerCole Analysts used to separate Leaders from the rest of the field.

The report also names the operational problem driving that shift: agentic AI has the potential to rebalance the false-positive-to-false-negative tradeoff that has defined SOC work for years. With manual triage, alert fatigue is so severe that missed threats become an accepted cost. AI agents don’t experience fatigue. They triage 100% of alerts continuously, shifting sensitivity to catch threats rather than just manage volume.

The buyer data backs this up. Torq’s 2026 survey of 450 security leaders found that 97% are confident AI can handle triage, the highest-volume function in the SOC. But only 35% have deployed it there. The confidence exists. The platforms to act on it haven’t — until now.

Where Torq Outscored in the KuppingerCole Analysts AI SOC Evaluation

KuppingerCole Analysts evaluates vendors across product leadership, innovation, and market execution. Here’s where Torq stands.

Product Leader. Torq scored highest in product leadership. The Product Leaders in this analysis stand out for the breadth, depth, and maturity of their current product capabilities, delivering robust, production-grade platforms that address the full lifecycle of modern SOC operations. This includes detection integration, triage, investigation, automation, case management, governance, and reporting. Torq earned this position with strong architectural foundations, rich functionality, and proven suitability for complex operational environments.

Innovation Leader. As Gardiner states, “Innovation Leaders push the boundaries of how SecOps are designed, automated, and augmented with AI.” Torq scored highest in innovation, with a standalone callout for behavioral detection coverage across users, devices, AI agents, and other non-human identities, as well as threat actor attribution, cloud infrastructure automated response coverage, and extensive AI decision explainability.

Market Leader. Market Leadership weighs the number of customers, their geographic distribution, deployment size, support services, partnership ecosystem, and financial health. As KuppingerCole Analysts makes clear, “Market Leadership requires global reach.” Named a Market Leader, Torq has quickly emerged as a security automation market leader, driven by rapid customer and revenue growth, unique branding, and increasingly comprehensive product capabilities — reshaping expectations for modern security automation by emphasizing simplicity, extensibility, and rapid deployment through low-code automation, lowering the barrier to adoption while supporting complex enterprise use cases.

Overall Leader. Named an Overall Leader, the Torq AI SOC Platform exemplifies a new generation of security automation — excelling at low-code orchestration, rapid automation across security tools, and AI-assisted and agentic workflows. Positioned as a security automation engine within the SOC that is independent of the large security platforms. And in a relatively short time, acquired a significant number of enterprise customers.

Torq’s AI SOC Strengths Documented in the KuppingerCole Analysts Leadership Compass

The report identified eleven specific strengths for Torq. Here are the ones that matter most for buying teams.

Proven Agentic AI 

Torq has measurable, documented success with agentic AI among early-adopter customers, including Fortune 500 production security operations. 

Our 2026 Torq AI SOC Leadership Report found that 72% of CISOs and security leaders are comfortable with fully autonomous AI for medium-severity incidents and below, but most haven’t deployed it because the platform controls aren’t in place. Not a problem with Torq. Documented customer success with Torq Agentic AI shows that Torq controls work in practice, not just in a demo environment.

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts and has automated 41 different runbooks within just one month of deployment.”

– Carvana

Deep Integration Layer

KuppingerCole Analysts noted Torq’s extensive support for third-party SIEM, EDR/XDR, ITSM, web gateways, firewalls, threat intelligence sources, IAM/PAM, UEBA, and file sandbox systems as the first in its list of strengths.

300+ pre-built integrations covering a broad spectrum of SOC use cases. Extensive support for public cloud response actions, including enabling/disabling users and starting/stopping instances. Deep integrations with ITSM platforms like ServiceNow, Jira Service Management, BMC Helix, Freshservice, and Ivanti. Broad support for incident communication systems, including email, Slack/Teams, PagerDuty, and SMS. Customization support for both enterprise customers and MDR providers. 

This directly addresses the fragmentation problem we see in SOCs: 85% of CISOs want a unified AI SOC platform. You can’t unify what you can’t integrate.

AI-Native Architecture 

The Torq platform supports Retrieval Augmented Generation (RAG) for pulling in external data sources, Model-Context Protocol (MCP) for standardized tool connectivity, and agent-to-agent collaboration, enabling specialized AI agents to coordinate across investigation steps without human handoffs. Analysts can describe what they want in plain language — “enrich this alert with threat intel, check if the user has had prior incidents, and isolate the endpoint if confidence is high” — and the platform automatically generates and validates a production-ready workflow. 

This is the architectural difference the KuppingerCole Analysts AI SOC evaluation is measuring: whether AI is the foundation of the platform or a feature layer added on top of legacy automation. Torq was built for the former. 

Our research found that 92% of security leaders want AI that learns and adapts to attack patterns, which requires an architecture designed for continuous learning from the ground up.

Enterprise-Grade Trust and Governance 

Torq provides broad support for role-based, attribute-based, and policy-based access controls, along with strong authentication for administrative users — giving security teams granular control over who can do what within the platform. Global datacenter support enables regional data sovereignty, which is critical for EU customers operating under strict compliance requirements. 

And for MSSPs and large enterprises, the platform supports full look-and-feel customization, white-labeling, and tenant isolation — so providers can deliver Torq-powered services under their own brand without exposing the underlying platform to end customers.

In our recent report,  92% of security leaders cited at least one factor that reduces their trust in AI; governance isn’t optional. The number one thing that would build confidence is full transparency into AI decision-making. Torq scored highest in the Leadership Compass for AI decision explainability — the exact capability buyers say they need before they’ll expand AI autonomy.

Financial Stability and Market Momentum 

Torq’s recent unicorn-level $1.2 billion valuation is a strength noted by KuppingerCole Analysts because it matters when you’re betting your SOC infrastructure on a vendor’s longevity. Torq has quickly emerged as a market leader, driven by rapid customer growth and expanding revenues, and has acquired a significant number of enterprise customers in a relatively short time.

For buying teams evaluating standalone AI SOC platforms against platform vendors, commercial viability is a real consideration. KuppingerCole Analysts’ inclusion of this as a documented strength signals that Torq has crossed the threshold from promising startup to established market participant.

What This Means for Security Teams

The AI SOC is no longer a concept; it’s a defined market category with a formal evaluation framework, scored vendors, and documented production outcomes. The KuppingerCole Analysts Leadership Compass for AI SOC makes that official. And the data from 450 security leaders in the 2026 Torq AI SOC Leadership Report confirms the urgency: security teams aren’t debating whether AI belongs in the SOC. That adoption argument is over, with 94% already using AI. The conversation is now about accountability and results. Enterprises are seeking an AI SOC platform that actually delivers.

For buying teams, the decision comes down to architecture. Do you extend a legacy system with bolted-on AI capabilities and questionable ongoing investment? Or do you invest in a cloud-native, AI-augmented platform designed for the multi-vendor, multi-signal reality of your security stack?

KuppingerCole Analysts evaluated that exact question across product strength, innovation, and market execution. One platform scored highest in innovation and product leadership, and earned Leader status in every measured category — with production-grade results to back the scores.

Security operations teams have never had more technology at their disposal… and they’ve never been more overwhelmed by it. The average SOC is now running 7 AI-powered solutions. 10% are managing 10 or more. And across the broader enterprise, organizations deploy an average of 83 security tools from 29 vendors, according to IBM research.

Every one of those SOC tools was added for a reason. Better detection, faster enrichment, smarter alerting. Individually, they deliver value. But collectively, they’ve created a problem the industry is only now beginning to quantify: SOC tool sprawl.

Torq’s 2026 AI SOC Leadership Report — a survey of 450 CISOs and security leaders — puts hard numbers on the cost of that sprawl. 80% of SOC teams rely on disconnected point solutions. 36% cite a “patchwork of multiple tools” as a functional gap. Analysts spend 8.6 hours per week validating AI outputs across those tools. And the teams that can least afford the overhead are absorbing the most of it.

This isn’t a tooling problem; it’s an architecture problem. And it’s getting worse every quarter organizations don’t address it.

What Is SOC Tool Sprawl?

SOC tool sprawl is what happens when security teams continuously add point solutions — each solving a real, specific problem — without a unifying layer to connect them. Over time, the result is an overextended stack where siloed data, overlapping functionalities, and operational inefficiencies compound faster than the tools themselves can deliver value.

The pattern is predictable: A new threat vector emerges. A point solution gets purchased to address it. It works — within its own console. But it doesn’t talk to the SIEM, doesn’t share context with the EDR, and doesn’t feed into case management. So the analyst becomes the bridge, manually pulling data from one tool, correlating it with another, and pasting findings into a third.

Multiply that across seven or more AI tools — each with its own confidence model, alerting format, and severity scoring — and the cost becomes structural. SOC tool sprawl doesn’t just add complexity; it also creates inefficiency. It changes how the SOC operates and not for the better.

The SOC Tool Sprawl Tax: What Fragmentation Actually Costs

The real cost of SOC tool sprawl isn’t measured in licensing fees. It shows up in four places most organizations aren’t tracking.

1. Oversight hours: Our report found that analysts spend an average of 8.6 hours per week on human oversight of AI-powered outputs. That’s not inherently a problem. AI has taken over the execution layer — processing alerts, enriching data, running playbooks — and analysts have moved into a judgment layer: validating decisions, providing context, and making calls that require institutional knowledge. 9 in 10 security leaders say AI has positively impacted SOC workload, and almost 90% say it’s reduced stress and burnout. The problem is when SOC tool sprawl makes that judgment work inefficient. Disconnected tools produce outputs with different confidence models, formats, and reasoning chains. Instead of spending 8.6 hours on strategic oversight, analysts spend it reconciling conflicting information across siloed dashboards. 37% of security leaders say AI requires too much manual oversight — and that burden scales with the number of tools, not the number of incidents. Consolidate into a single orchestration layer with transparent reasoning, and those 8.6 hours become what they’re supposed to be: high-value, strategic time.
2. Breach lifecycle: IBM research shows that fragmented stacks take 72 days longer to detect threats and 84 days longer to contain them. When context is scattered across a dozen consoles, the time between “alert fired” and “incident contained” stretches in ways that directly increase breach costs. IBM’s Cost of a Data Breach Report found that organizations using AI extensively cut the breach lifecycle by 80 days and saved $1.9 million on average — but that ROI only materializes when the AI tools are integrated, not fragmented.
3. Integration maintenance: Data from our AI SOC report shared that 95% of security leaders run multiple tools with overlapping functions, yet fewer than a third have them fully integrated. Every tool added is another API to maintain, another update cycle to manage, another integration that can break when a vendor pushes a change. For SOC teams already stretched thin, integration maintenance becomes a permanent tax on engineering capacity that never appears in the budget.
4. Skill gaps: The more tools a team runs, the harder it becomes for analysts to be proficient with each one. Suboptimal tool usage — where capabilities aren’t fully leveraged — weakens the overall security posture. The paradox of SOC tool sprawl is that buying more tools can make you less secure, not more.

Why SOC Tool Sprawl Hits Lean Teams the Hardest

The teams with the fewest resources bear the highest fragmentation costs and have the least capacity to address them.

The 2026 AI SOC Leadership Report found that smaller teams — 15 or fewer — are twice as likely to default to legacy automation: 30% compared to 15% for teams of 35 or more. Not because they prefer legacy tools, but because switching costs feel prohibitive when you’re barely keeping up with the queue.

Except the cost of staying put isn’t static. It’s growing. 44% of lean SOC teams say false positives are reducing their trust in AI, compared to 28% of larger teams. With fewer analysts to absorb the noise, fragmentation doesn’t just slow the team down — it actively erodes confidence in the tools themselves. SOC tool sprawl becomes a staffing problem, not because they don’t have enough people, but because their people are spending time managing tools rather than managing threats.

How SOC Tool Sprawl Erodes Trust in AI

The trust gap in AI-powered security operations is one of the most discussed challenges in the industry. 92% of security leaders cite at least one factor that reduces their trust in AI. The conversation usually frames this as an AI problem — the models aren’t good enough, the outputs aren’t reliable, the technology isn’t ready.

Our data tells a different story. The issue isn’t whether AI works. It’s whether the architecture around it lets teams verify that it does.

When AI outputs come from so many different systems with so many different confidence models, analysts have no consistent baseline to calibrate trust against. There’s no single source of truth. Each tool has its own alerting format, its own severity scoring, and its own enrichment logic. An alert that scores high-severity in one tool might not even surface in another. Analysts can’t build trust in AI when the AI itself is fragmented across systems that don’t talk to each other.

This creates a self-reinforcing cycle: more tools generate more outputs that require more validation. More validation means more oversight hours. More oversight hours mean analysts feel less confident in AI — because they’re spending all their time checking it instead of benefiting from it. And when trust stays low, teams add another tool to fill the gap that the last one created. The sprawl feeds itself.

37% of security leaders say AI requires too much manual oversight. That’s not a statement about AI’s capability. It’s a statement about what happens when you deploy AI across seven disconnected systems and ask a human to be the integration layer between them.

How to Fix SOC Tool Sprawl: What 85% of Security Leaders Want

The survey asked security leaders what would fix this. The answer wasn’t “fewer tools.” 85% want a unified AI SOC platform. Not one tool that replaces everything. One platform that connects to everything.

That distinction is critical. Nobody is asking to rip out their SIEM, their EDR, their identity tools, or their cloud security posture management. Those tools exist because they solve real detection and protection problems. What’s missing is the layer that sits across all of them — correlating, enriching, and orchestrating so the SOC operates as one system instead of seven disconnected ones.

More than half say unification alone would resolve their trust issues with AI. The trust problem isn’t the AI. It’s the architecture. Give them a single orchestration layer with consistent context, unified case management, and one place to validate AI decisions — and the trust follows.

This also explains why the lean-team trap is so persistent. The teams running four people and multiple tools aren’t going to do a forklift migration. They can’t afford the downtime, the retraining, or the risk. What they need is a platform that lets them consolidate at their own pace — bringing tools into a single orchestration layer without ripping anything out. Integration over replacement. Unified and flexible, not one or the other.

The organizations that figure this out first won’t just reduce complexity. They’ll turn the 8.6 hours per week that their analysts spend on AI oversight from fragmented busywork into strategic judgment time. They’ll break the cycle where low trust drives more tools, which drives lower trust. And they’ll give lean teams the operational leverage to compete with SOCs several times their size — not by adding headcount, but by eliminating the fragmentation tax that’s consuming the headcount they already have.

The Cost of Ignoring SOC Tool Sprawl

Seven or more AI tools. 8.6 hours a week in oversight. 80% reporting operational complexity. The teams that need help most are the least likely to make a change, and the fragmentation compounds every quarter they wait.

The cost of SOC tool sprawl is measurable in hours lost to validation, trust eroded by inconsistent outputs, and incidents that take longer than they should because context lives in five different tabs. It shows up in analyst burnout, in MTTR that plateaus no matter how many tools you add, and in the growing gap between what AI can do in theory and what teams actually let it do in practice.

What 450 security leaders are asking for isn’t complicated. It’s a platform that connects to everything they already have, gives them a single place to triage, investigate, and respond, and lets their AI operate as a single system rather than a collection of competing ones.

The data says 85% want it. The question is how long they’ll wait.