Towards AI-Driven Human-Machine Co-Teaming for Adaptive and Agile Cyber Security Operation Centers
This addresses the problem of overwhelming alerts and skill shortages for SOC analysts, but it is incremental as it builds on existing human-AI collaboration concepts.
The paper tackles the challenge of managing cybersecurity threats in Security Operations Centers (SOCs) by proposing an AI-driven human-machine co-teaming paradigm that uses large language models to enhance threat intelligence, alert triage, and incident response workflows, aiming to improve SOC productivity through measurable gains.
Security Operations Centers (SOCs) face growing challenges in managing cybersecurity threats due to an overwhelming volume of alerts, a shortage of skilled analysts, and poorly integrated tools. Human-AI collaboration offers a promising path to augment the capabilities of SOC analysts while reducing their cognitive overload. To this end, we introduce an AI-driven human-machine co-teaming paradigm that leverages large language models (LLMs) to enhance threat intelligence, alert triage, and incident response workflows. We present a vision in which LLM-based AI agents learn from human analysts the tacit knowledge embedded in SOC operations, enabling the AI agents to improve their performance on SOC tasks through this co-teaming. We invite SOCs to collaborate with us to further develop this process and uncover replicable patterns where human-AI co-teaming yields measurable improvements in SOC productivity.