AI SOC L1/L2 Automation Research
Applying AI to automate Level 1 and Level 2 security operations tasks
In-house R&D, active
Context
Security operations teams handle repetitive triage and alert classification tasks at Level 1 and Level 2. Analyst fatigue from high-volume, low-complexity alerts reduces effectiveness on the incidents that actually matter. AI automation for these tasks has the potential to let analysts focus on what requires human judgment.
Constraints
Designed with human-in-the-loop oversight for all critical security decisions — AI augments analysts, it does not replace their judgment. All processing must stay on-premise. No security data can be sent to external services. Developed collaboratively as a research initiative, not yet officially implemented.
Approach
Researching and developing AI-powered automation for Level 1 alert triage and Level 2 incident investigation tasks using on-premise infrastructure. The approach applies local AI models to support alert classification, prioritization, and investigation preparation — while keeping analysts in control of every decision that matters.
Impact
Active research exploring how AI can strengthen security operations in high-compliance environments. This project represents the core thesis in practice: using AI to strengthen security operations rather than introducing new risk. Built on secure, isolated infrastructure.
Lessons
AI in security operations must augment analysts, not replace their judgment. The line between automation that helps and automation that creates blind spots is where the real design work happens. Every decision about what to automate starts with understanding what an analyst actually needs to see.
Back to Projects