A year ago we published Never Go Full Agentic, written on the way home from a conference floor that was wall-to-wall with promises of lights-out SOCs and fully autonomous incident response. Our argument was unfashionable at the time: you don't need to hand your security keys to an algorithm to get real value from AI. Start where the failure modes are survivable, augment your analysts instead of replacing them, automate the deterministic drudgery, and keep a human accountable for any decision that can hurt the business.
Twelve months and a great deal of vendor noise later, it's a good moment to check the scoreboard. The short version: the thesis held up, and the most credible evidence published since has landed on the same side. Almost none of that evidence is ours, and most of it comes from people with no SOC product to sell. But some things genuinely changed, and a victory lap that pretends otherwise isn't worth reading. So here's both.
The receipts
The 2026 DBIR
The industry's flagship breach dataset spent this year's edition arguing, in effect, for cyber-stoicism. It acknowledges that AI-augmented malware is now common and that attacker speed and scale are rising, then concludes that these are challenges defenders have faced for a long time and that the moment calls for more focus and agility but "does not necessitate an upheaval." The supporting data is the part we'd frame and hang on the wall. Most AI-assisted malware mapped to well-known techniques, with fewer than 2.5% of observations involving genuinely uncommon ones; AI is mostly making known attacks faster, not inventing new ones. The human element was present in 62% of breaches. And the place organisations are visibly losing is the fundamentals: only 26% of critical (CISA KEV) vulnerabilities were fully remediated in 2025, down from 38%, with median resolution time climbing to 43 days. That is a capacity-and-hygiene problem, exactly the deterministic work we said to automate. It is not an argument for autonomous decision-making. Tellingly, the DBIR authors also admit they wish there were more verifiable data on what an AI-leveraged defensive landscape actually looks like. A year on, that data still doesn't exist in public.
The Australian Signals Directorate
In 2026 the ASD and its Cyber Security Centre published Opportunities for AI in cyber defence, guidance for CISOs from a national signals-intelligence authority with nothing to sell. It reads, in places, like an official and more rigorous edition of our post. AI should augment existing tools and processes rather than be deployed as a standalone solution. AI is not a replacement for strong cyber-security fundamentals. And on the autonomy line specifically, the recommendations are almost word-for-word what we argued: keep a human in the loop for high-impact or state-changing actions; limit autonomous actions to those that are "narrowly scoped, preapproved and reversible"; and ensure accountability for outcomes stays with the human cyber defender. Agentic AI is singled out as a distinct, higher-risk category that must be tightly governed and clearly limited. When the people who break into systems for a living tell you to keep humans accountable, that's worth more than any booth banner.
The independent analysts and researchers
Leading industry analysts this year framed the market as a choice between full replacement and augmentation, and judged that only augmentation aligns with real-world operations, because affordable, reliable, end-to-end autonomous decisioning isn't supported by the technology yet. A separate augmented-versus-human benchmark found AI to be a genuine speed multiplier while human judgement remained the differentiator on the hardest problems. Independent reporting on enterprise agentic AI keeps surfacing a roughly 37% gap between lab benchmark scores and real-world performance. And the security-specific failure mode we worried about is, if anything, worse than feared: a public red-teaming exercise saw tens of thousands of successful prompt-injection attacks out of 1.8 million attempts, a small per-attempt rate that becomes a material problem at enterprise scale. One April 2026 headline summed up the mood by calling the autonomous SOC "a dangerous illusion."
What actually changed, and where we were too glib
Now the honest part, because the original post got some things wrong in emphasis and timing.
"Fully autonomous SOC" is no longer marketing fantasy; it is now a product category
We dismissed the lights-out SOC as a conference fever dream. In 2026 it shipped. Several major security vendors moved agentic SOC platforms into general availability. One billed its launch as the world's largest commercial agentic SOC; others pushed AI agents into their detection-and-response suites and declared 2026 the practical inflection point, describing agentic operations entering production at scale. We can argue all day about whether these deliver, and the evidence above suggests that "augmentation with autonomy bolted on" is closer to the truth than the branding. But it is no longer accurate to say the thing doesn't exist. It exists, and some of it is running in production. We were right about the wisdom; we were wrong to be smug about the timeline.
"Human in the loop" has matured into "human on the loop."
Our original framing, in which the AI suggests and the human decides every action, was already drifting out of date by the time we wrote it. The consensus that's settled, including in the ASD guidance, is subtler: humans set the policy, boundaries and permissions, and stay accountable for high-consequence calls, while bounded, reversible, preapproved actions can run autonomously. ASD itself endorses executing multiple response playbooks at machine speed in parallel for surge capacity, and triggering automated recovery, provided destructive or irreversible steps still require human approval. That's not a repudiation of our argument; it's the line drawn more precisely. The boundary isn't "humans approve everything," it's "humans own the decisions that can't be undone."
The machine-speed attacker stopped being hypothetical
This is the one development that genuinely strengthens the case for some autonomy. The DBIR and a striking US Secret Service contribution to it both describe adversaries that operate without human fatigue, run persistent campaigns and adapt in real time. If the offence never sleeps, a defence that waits for a human to click "approve" on every containment step really can be too slow. We under-weighted that a year ago. The right response still isn't to abdicate judgement to an algorithm. It's to automate the narrow, reversible, well-understood actions so humans can spend their analytic judgement where it counts.
The verdict
The score, as we read it: the prescription aged well, the rhetoric aged badly. Augmentation over automation, deterministic work automated, non-deterministic work assisted under supervision, accountability anchored to a human: every serious non-vendor source published this year backs that posture, and a national cyber authority has now written it into formal guidance. What changed is that the autonomous tooling arrived faster than we expected, and the industry got more precise about where the human belongs rather than abandoning the idea that they belong somewhere.
And the question we keep coming back to, the one the DBIR asked on itself, is still unanswered. Twelve months on, nobody outside the companies selling autonomous SOCs has produced rigorous evidence that full autonomy beats a well-run augmented one on real outcomes. The ASD's advice to buyers is the right one: ask for measurable results from operational use, not marketing claims, and don't trust until you've tested it in your own environment.
You still don't need to go full agentic to transform your SOC. You just need to be smart about where, and how, you begin. A year of evidence hasn't changed that. If anything, it's made the case for us.
Update, 23 June 2026: the day after this went up, the heads of the Five Eyes cyber security agencies issued a joint statement on the AI shift in cyber risk. It lands exactly where the evidence above does. Their message to leaders is to get the basics right, keep defence in depth rather than betting on a single technology, and use AI deliberately to strengthen defence rather than just chase efficiency. Take away the AI and none of the response actions they list are new. What is new is the speed, and the case for using AI to keep pace with it. It complements ASD's earlier guidance on adopting AI for cyber defence, which is clear that AI should augment people while keeping humans on the loop for consequential decisions.