Key Takeaways:
- Vectra AI CEO Hitesh Sheth says Security Operations Centers (SOCs) must adopt AI agents to manage rising threat volumes and analyst fatigue.
- Vectra’s platform uses triage, stitching, and prioritization agents to automate alert correlation, cross-silo detection, and incident ranking.
- These AI agents reportedly boost SOC efficiency by up to 77% and free human analysts to focus on response and strategy.
- Sheth emphasizes that AI agents are not replacing human analysts, but acting as force multipliers through continuous monitoring and filtering.
- Experts caution that agentic AI is still early-stage, requiring human oversight, permission constraints, and clear explainability to avoid misjudgments.
As the number and complexity of cyberattacks continue to escalate, security leaders are looking to artificial intelligence to help overwhelmed Security Operations Centers (SOCs) keep up. According to Vectra AI CEO Hitesh Sheth, the answer lies in the deployment of specialized AI agents—not general-purpose bots, but purpose-built, role-specific software agents that automate core security workflows.
In a recent interview, Sheth explained how SOCs can no longer rely solely on human effort to process the volume of alerts being generated by modern infrastructure. Instead, Vectra’s platform deploys agentic AI that performs many of the cognitive functions of human analysts, helping organizations identify attacks earlier, reduce false positives, and focus on what truly matters.
“Security teams are drowning in data and unable to respond to threats at scale,” Sheth said. “Agentic AI is how we help them surface the signal from the noise.”
Vectra’s approach involves assigning specific responsibilities to different types of agents, each operating within the SOC pipeline. Among them:
- Triage Agents scan incoming alerts and determine whether they represent likely threats, focusing analyst attention only on high-priority signals.
- Stitching Agents piece together related events from different layers of infrastructure—cloud, identity, network, and endpoints—into cohesive threat narratives.
- Prioritization Agents evaluate the scope and potential impact of detected threats, ranking them for investigation and enabling faster decision-making.
According to Vectra’s internal benchmarks, this layered agentic approach can improve SOC effectiveness by as much as 77% through reduced alert volume, better correlation, and enhanced detection of lateral movement and identity-based attacks.
However, Sheth was clear that these agents are designed to support—not replace—human analysts. “Humans bring intuition, ethical judgment, and situational awareness. AI agents bring speed and consistency,” he said. “Together, they can outpace even the most persistent threat actors.”
The AI agents Vectra uses do not take remediation action on their own. Instead, they operate in a read-only or advisory mode, surfacing insights that help security teams make informed decisions. This “co-pilot” model is increasingly favored across the cybersecurity industry, where the stakes of automation errors can be high.
Security experts agree that while agentic AI offers real promise, there are limitations. A 2025 report from ISMG and multiple independent researchers concluded that agentic systems still struggle with trust, context-switching, and edge cases. Misjudgments in alert correlation or scoring can create new risks—especially if agents operate autonomously or without adequate oversight.
To address these concerns, experts recommend a phased adoption strategy. Start with clearly defined agent roles in triage and alert enrichment. Keep agents in read-only mode and ensure every recommendation is auditable. Use human-in-the-loop models to validate outputs and improve confidence.
Sheth echoed these sentiments. “Organizations should deploy agents with boundaries—limited scope, explainable logic, and clear logging. It’s about augmenting people, not removing them.”
Vectra’s strategy aligns with emerging academic thinking on human–AI teaming. New research in cybersecurity automation emphasizes co-teaming frameworks, where AI agents absorb tacit analyst knowledge over time, allowing for adaptive behavior. The goal isn’t to automate decisions, but to build systems that improve based on analyst feedback, context, and use case specificity.
In practice, that means integrating agents that don’t just suggest next steps, but learn how analysts make judgments and update their internal models accordingly. It also means providing explainability. Agents must show why they flagged an alert, what data they stitched, and what risk they calculated. Without transparency, trust erodes—and the value of automation diminishes.
Vectra’s own platform includes visualization tools and dashboards that map agent behavior to attack paths, risk scores, and indicators of compromise. That transparency, Sheth believes, is what makes AI agents practical for modern SOCs. “Analysts don’t want a black box. They want a second set of eyes—ones that don’t blink.”
Looking forward, Vectra is investing in expanding agent coverage across more parts of the security stack, including identity threat detection and posture management. As threat actors increasingly leverage AI themselves, defenders must match that scale. For Sheth, that means more than just building better algorithms—it means delivering outcome-oriented agentic systems that act as full-time teammates in the SOC.
Still, not all organizations are ready. Many security teams remain resource-constrained, siloed, or wary of letting AI into core defense workflows. But industry momentum suggests change is coming. From Google’s Gemini for threat intel synthesis to startups like Cyware and StrikeReady building agent-powered decision hubs, agentic AI is becoming a foundational concept in the modern security architecture.
For those ready to start, Sheth advises focusing on one workflow—such as identity-based threat detection or cloud asset triage—and measuring agent impact over time. Build trust slowly. Expand scope as confidence grows.
As cyberattacks continue to increase in sophistication and speed, SOCs will need more than dashboards and playbooks. They’ll need digital coworkers—agents that operate at machine speed but remain human-guided. And according to Vectra’s CEO, those agents are no longer futuristic—they’re here, and SOCs that ignore them do so at their peril.
Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event in Sept 29-30, 2025 in DC.
Rich Tehrani serves as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026 and is CEO of RT Advisors and is a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.
The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.
The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.
Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing.







