SANS Webcast On Demand
Sponsored by Embed Security
From Alerts to Insight: How Agentic AI Elevates Security Teams
Most SOC analysts would rather spend time threat hunting and improving detections than manually triaging alerts all day. Giving teams more time for proactive security work starts with an AI approach they can actually trust, one built on accuracy, consistency, and transparency.
In this SANS webcast, Cristian-Mihai VIDU joins Seth Summersett and Dr. Jeffrey Johns to discuss why trust remains one of the biggest barriers to operationalizing AI in the SOC.
featured speakers
Cristian-Mihai VIDU, SANS Certified Instructor & SOC Consultant
Seth Summersett, CEO & Co-Founder, Embed Security
Dr. Jeffrey Johns, Co-Founder & CTO, Embed Security
the AI trust gap
Security teams have started investing in AI, but many still don’t trust the results.
Generic AI models often produce inconsistent or unverifiable conclusions. Automated verdicts give analysts little visibility into how conclusions were reached. The result is more noise, not less, and a trust gap that slows operational adoption.
According to SANS research, current AI tools fall short in the SOC for two specific reasons:
limited context
Generic models lack cybersecurity domain expertise and organizational context. They don’t understand your environment, tooling, or historical norms.
the evidence gap
Without visibility into the reasoning behind a conclusion, AI becomes another source of manual verification. More manual work, not less.
what’s covered
01 — the investigation gap
Why the cycle of manual triage forces analysts to choose between investigation depth and total coverage, and what that tradeoff costs the organization.
02 — why typical AI approaches fall short
The real limitations of off-the-shelf LLMs in a security context, and why trust remains one of the biggest barriers to operationalizing AI in the SOC.
03 — live demo
Seth Summersett and Dr. Jeffrey Johns walk through real investigation use cases in the Embed platform, showing how agentic AI reasons through alerts with full transparency — every step, every decision, documented.
04 — what this means for analysts
Cristian-Mihai VIDU shares independent takeaways on where agentic AI is headed and what SOC teams should demand from vendors evaluating trust in practice.
dive deeper into the research
Want a deeper look at the operational realities of agentic AI in the SOC?
Read the companion SANS First Look white paper.
