Insights on Decision Models, agentic workflows, and governed AI for SOC teams. Articles for CISOs, SOC managers, and MSSPs on consistency, evidence, and risk reduction.
Adding automation to inconsistent triage just scales the inconsistency. Alina Marcu, PhD, Arcanna's Chief Data Scientist, on why predictable alert triage — same input, same output — is the precondition for safe SOC automation.
Most SOCs treat analyst burnout as a hiring problem. It's not. It's what happens when triage is built on inconsistent decisions and automation nobody trusts. Here's the architecture fix.
Ask a security team whether they trust AI to run their SOC and you get a hard no or a careful "it depends." Both are right. Arcanna Chief Data Scientist Alina Marcu, PhD, on what separates trustworthy SOC AI from black-box hype: grounded decisions, governed agents, and an audit trail you can defend.
Most SOCs can't close alerts faster by adding analysts. The math doesn't work. Here's how autonomous decision making in the SOC actually works — and why the control model matters more than the automation promise.
An analyst opens a queue of hundreds of low-priority alerts — what's actually going wrong, and can AI fix it? Denis Stefan, AI Engineer at Arcanna, breaks down why rule tuning, SOAR, and LLM assistants stall, and what an agentic investigation runs step by step.
How do you evaluate an AI SOC platform that will still be working in 18 months? A practitioner-led framework: thresholds, drift detection, and rollback.
Most AI SOC automation tools fail in pilot because evaluators confuse training with overhead. Darius Iakabos on how to build a defensible business case for AI triage without a heavy configuration burden — and why your data is the asset, not the obstacle.
What an agentic investigation actually looks like — and what it takes to make one trustworthy enough for production. Denis Stefan walks through the four guardrails that separate agentic AI demos from systems you can actually run in a SOC.
If AI is making security decisions inside your environment, who's accountable when it's wrong? Alina Marcu, PhD, on why AI in the SOC needs a Trust Layer — grounded decisions, governed agentic investigations, and the architecture CISOs need before the board asks what happened.
SOAR hit its ceiling. Playbook sprawl, LLM inconsistency, and headcount-driven scaling broke the model. Here's what the next layer of SOC automation looks like.
SOCs worldwide are being bombarded with messaging around Agentic AI. While SOAR provides significant value, throwing out playbooks isn't viable. Learn how Decision Models simplify and enable SOC evolution.
Decision Intelligence harnesses AI to make better, faster decisions in cybersecurity. Learn how Arcanna.ai combines predictive and generative AI to create an autonomous decision-making system for SOC teams.
-3.webp)
As a CISO, you constantly deal with improving operational efficiency while keeping costs down. Learn the common problems and strategies for finding the right balance to keep your organization's data safe.
-p-1600.jpg)
A critical tool that an IT department and their SOC needs to rely on is their SIEM tool. Learn the top 5 use cases for active threat detection including privileged account monitoring, defense evasion, DDoS, and data exfiltration.
Practitioner interviews
3 perspectives on why existing security stacks are breaking, and what trustworthy AI in operations actually requires.
-modified.jpeg)
Darius Iakabos
Technical Solution Architect
“SOAR was built for predictable workflows. SOC reality isn’t predictable.”
Why SOAR’s scaling ceiling isn’t compute — it’s the playbook maintenance burden — and what replaces it.
Alina Marcu, PhD
Chief Data Scientist
“AI without governance isn’t intelligence. It’s exposure.”
What a Trust Layer actually does — and why grounded decisions, drift control, and rollback are the price of putting AI in front of operations.
Denis Stefan
AI Engineer
“An agentic investigation works when the agent knows what it doesn’t know.”
How agentic investigations actually run end-to-end — structured outputs, decision-model guardrails, and verification at every step.