Why The Autonomous SOC Is The Security Industry’s Answer to Mythos
More powerful models are coming to the market, and organizations are needing to learn to protect themselves in a world where the time to discover and exploit vulnerabilities is decreasing.

Frontier AI is changing cybersecurity. After being forced to restrict access to foreign nationals, Anthropic last month redeployed Claude Mythos 5 and Claude Fable 5. Mythos first made waves back in April when Anthropic's announcement blog post shared the model had found thousands of vulnerabilities in every major operating system and web browser.
More powerful models are coming to the market, and organizations find themselves needing to learn to protect themselves in a world where the time to discover and exploit vulnerabilities is decreasing. Now, many security teams are trying to adjust to this new reality, leveraging AI to work more efficiently.
Intelligent workflow platform Tines recently released the Voice of Security 2026 report, which surveyed more than 1,800 security leaders and practitioners worldwide and found that while 99% of SOCs are now using AI, 76% experienced burnout with heavy workloads cited as the main cause.
While AI is being used to assist in tasks like threat detection and identity and access monitoring, there's still more work to be done to automate these operations to keep up with modern threats. This is where the concept of the autonomous security operations centers (SOCs) comes in, using AI agents to automate everything from processing alerts to correlating events, and automating response tasks.
Introducing the Autonomous SOC
The concept of the autonomous SOC or "agentic SOC" as CrowdStrike refers to, has been emerging over the past few years as teams look for new ways to leverage AI in defensive operations, using agents to automate workflows and react to vulnerabilities faster.
"When we talk about things like the agentic SOC, it's really talking about how you deal with the speed problem. If attacks are coming this quickly and they were being weaponized so quickly and cheaply. You need to be able to respond really quickly," Michael Sentonas, president of CrowdStrike told International Business Times in a video interview.
Sentonas warns that, with Mythos, companies need to think about scenarios where vulnerabilities are being discovered and exploited, where patches don't exist. In this sense, teams need to know what counter measures to deploy to mitigate threats in real-time.
The Agentic SOC is about detection engineering, having the ability to detect attacks in real-time, and tasks like detection triaging and correlating events. Then there's automation in response, a whole category of what Sentonas calls "commodity style attacks that you need to deal with at machine speed."
He notes that people are going to be able to use agents to chain together complex attack scenarios, and says that the only way a defender is going to be able to respond is through the use of AI and agents. This includes using tools like Opus to scan for vulnerabilities.
It's worth noting that the autonomous SOC or agentic SOC, doesn't erase the need for human engineers. For instance, companies require humans in the loop to respond to more complex attacks, correlating and responding, considering threat intelligence feeds and signals, to determine how to respond and remediate a breach.
What it does, at least in theory, is provide security teams with operations that can be continuously improved over time, refining automations and workflows to make the SOC function more efficiently.
Automation Woes
While automation is spreading across the industry, with N-Able finding that approximately 90% of investigations are automated, challenges remain on the road ahead. For instance, 50% of attacks never trigger endpoint detection, which presents dangerous visibility gaps to enterprises.
At the same time, maintaining visibility over systems in the cloud and on-premises, from servers to human identities, machine identities and APIs is a tall task for any organization.
"I'd say that there's a lot of promise when it comes to autonomous SOC," Chris Cochran, field CISO and vice president of AI security at the SANS Institute, told International Business Times. "The folks that are benefitting right now are the organizations that already have very clearly defined processes and runbacks, and they're able to automate those very lower tier workflows."
However, it's the organizations that don't have good processes that may struggle to reach this end state.
"I think the dream of just having this completely autonomous SOC is quite a ways from being a reality," he said.
Cochran argues that organizations really need to have "understood pathways for getting things done," for making use of automation.
Sentonas also notes challenges, such as "how do you make sure that you have humans in the loop and approval process?" These are complex concerns that still need to be ironed out across the industry.
What is clear is that AI agents and automation will continue to change security operations. Models like Mythos present an existential threat to unprepared organizations in the long-term.
"These launches mark a significant shift in what AI can do autonomously in the cybersecurity domain, and the risks are concrete," JD Raimondi, Head of Data Science at digital consultancy Making Sense, told International Business Times. "Both models have demonstrated the ability to discover and exploit zero-day vulnerabilities."
The good news is that the journey toward the autonomous SOC has the potential to mitigate the risk, even if organizations fall short of the desired end goal.
If not fully automating the SOC, at the very least, companies should be using frontier AI models and advanced scanning technologies to understand what exposures exist in their environment.
"Start doing really in-depth vulnerability scanning of your environment to ensure that when these tools are freely available, people aren't scanning your environment and finding things before you know about them," Sentonas said.
© Copyright IBTimes 2026. All rights reserved.


















