Everyone’s suddenly got an “Autonomous SOC.” Vendors pitch it like it’s magic, but most of it still runs on static playbooks duct-taped to alert rules. In this session, we’re cutting through the fluff and getting real about what it actually takes to build or evaluate an autonomous security operation.

We’ll start with a practical framework to evaluate where platforms really land on the autonomy spectrum, beyond the marketing claims. Then we’ll dive into the building blocks you can use to move toward autonomy yourself: AI agents, Model Context Protocol (MCP), Agent-to-Agent communication (A2A), and agentic UIs (AG-UI). These components aren’t just buzzwords, they’re how you connect context, memory, and coordination across security workflows.

One key part of the talk will compare the old way (playbooks) with the new (AI agents). Think: reactive flows that only trigger if the stars align vs. proactive agents that handle reasoning, context-building, and adaptive workflows. We’ll look at where playbooks still have a place, where they break down, and how agents can actually scale incident response without relying on brittle decision trees.

This session is for security engineers, platform teams, and leaders trying to move past buzzwords and get real outcomes from AI and automation in the SOC.