Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A blanket “no AI” policy is not the answer for most organizations. Prohibiting something people find genuinely useful just drives it further underground.

If you’ve been in security operations for more than a few years, you’ve lived through the automation hype cycle at least twice. First, it was SIEM that was going to solve everything. Then SOAR was supposed to fix what SIEM couldn’t. Now, AI SOC platforms are delivering what SOAR always promised but never actually could.

Maxime Lamothe-Brassard, founder and CEO of LimaCharlie, sought answers on AI’s current capabilities in the SecOps space. Plenty of benchmarks exist to test AI's knowledge of cybersecurity, but none test whether a model actually does the work. There's a significant difference between an AI that can answer trivia questions about CVEs and one that can pick up an alert, investigate it, and produce an incident report.That gap matters more now than ever.

Editor's note: This guest article by Tanium Senior Sirector, Product Management, Julia Grunewald was originally published in SC Media Exposure management has emerged as a powerful alternative to traditional vulnerability management for good reason. A proactive, always‑on security discipline that continuously identifies an organization’s exposures and prioritizes them based on risk helps us know where to best focus our limited resources.

At Tines, we power important workflows for some of the most demanding teams in the world, and for years, that always meant supporting deterministic, auditable automation. But as reasoning models have matured, our customers have started asking a different question: what if the workflow itself could reason?

Imagine your lead Software Engineer walks into your office and says, “Good news! I just deployed that critical update to production. I wrote the code on my personal laptop, didn’t run it through CI/CD, skipped the security scan, and just copied the files directly to the server with a USB drive.” You would fire them. Or you would revoke their access immediately.

For a long time, data loss prevention (DLP) lived in the margins of security programs. It was something teams deployed to satisfy a requirement or reduce obvious risk. A handful of policies, some visibility into network traffic, maybe a scan of cloud storage. That was usually enough. That model reflected how work used to happen. Data moved more slowly, lived in fewer places, and followed more predictable paths. That is no longer true.

In its January 2026 report, Emerging Tech: Tech Innovators in Domain-Specific Language Models for SecOps, Gartner examines how domain-specific language models (DSLMs) are reshaping security operations. The report explains that DSLMs are designed to address the limitations of general-purpose language models by focusing on a particular task or use case – in this case, cybersecurity.

Production deployments. That’s where multi-agent AI systems live now, not research labs. Salesforce, Microsoft, and Cognition Labs are all running agent pipelines that replaced what used to take entire ops teams. Most businesses still don’t fully understand what they’ve switched on. A multi-agent AI setup isn’t just one model doing more things.