Download Transcript (pdf)
What AI Really Exposes Inside Your SOC
AI is not a magic SOC upgrade. If your processes are brittle, disorganized, or held together by tribal knowledge, AI will not save you. It will break everything faster.
In this episode of ClearTech Loop, Jo Peterson sits down with Dr. Anton Chuvakin, Senior Security Staff in Google Cloud’s Office of the CISO, longtime Gartner analyst, author, and one of the most respected voices in SOC modernization. Together they unpack what it truly means to be AI ready, why enterprises keep trying to automate chaos, and how leaders can build the foundations that make AI worth deploying in the first place.
Key Takeaways for SOC Leaders
- AI will not fix a broken SOC. If your SOC is already struggling with ownership, data quality, workflow clarity, or coordination, AI will only amplify those weaknesses. Clean up the mess first. Then bring in AI.
- Shadow AI is already here. Every enterprise is living with two kinds of shadow AI: employees quietly using consumer models with sensitive data, and tools that were “approved” by a local manager without enterprise review. Banning everything is not realistic. Visibility and fast paths to safer options are.
Five foundations of an AI ready SOC
You cannot retrofit AI onto chaos. Before you deploy agents or AI driven workflows, you need:
- Data that machines can actually use, not logs that require a human to remember the story
- Clear process ownership so agents are not blocked by tribal knowledge
- Interoperability across tools instead of a pile of disconnected silos
- Leaders who understand probabilistic outcomes and can live with non perfect answers
- Metrics that answer a simple question: did AI make this better
True readiness is less about buying the right platform and more about confronting where your SOC is already weak.
Governance has to move at the speed of experimentation
Quarterly committees cannot keep up with AI adoption. Governance must be fast, grounded in specific use cases, explicit about red lines, and backed by real monitoring of how AI tools are actually used.
Core Thought from Anton
Anton’s point is simple and uncomfortable. AI is an accelerant. It will accelerate whatever you already have, whether that is disciplined execution or unmanaged chaos.
“If your process is broken and you bring a tool to fix the process, the process remains broken. It is just either faster or it is broken in a new way. If you bring agentic AI or AI agents to a process that is broken, it would just be massively business destroyingly broken.”
— Anton chuvakin
What You’ll Learn from Anton
How to see past the hype to the real bottlenecks. Anton explains why so many organizations are using the AI wave as an excuse to go deeper into a tools first mindset, hoping intelligence in the platform will somehow compensate for process debt. He argues that without strong foundations, AI simply makes things fail faster and louder.
What shadow AI really looks like inside enterprises. The conversation breaks down how unsanctioned AI use actually shows up in the wild, from teams experimenting with consumer tools to managers quietly greenlighting their own AI workflows. Anton outlines a practical path that starts with discovery, nudges teams toward approved tools, and uses exceptions carefully instead of pretending shadow AI does not exist.
The five foundations of an AI ready SOC. Jo and Anton walk through the concrete conditions a SOC needs before AI can add value: machine usable data, clear ownership, interoperable tooling, leadership comfortable with probabilistic outcomes, and metrics that tie AI back to business impact. These foundations matter more than any specific vendor choice.
How to build governance that keeps pace with AI. Anton shares a pragmatic approach to AI governance: pick a framework and start, center decisions on specific use cases, define non negotiable red lines, create an escalation path where someone clearly owns the risk, and continuously observe how AI is really used on your network. Governance that is too slow simply gets bypassed.
About the Guest
Dr. Anton Chuvakin is Senior Security Staff in the Office of the CISO at Google Cloud, where he focuses on security solution strategy and helping enterprises modernize SOC operations. Before joining Google through the Chronicle acquisition, Anton spent nearly eight years at Gartner as a Research Vice President and Distinguished Analyst covering SIEM, SOC strategy, security analytics, and detection and response.
He is credited with coining the term EDR, has authored multiple seminal books on security monitoring and log management, and co hosts the Cloud Security Podcast. He is widely regarded as one of the most influential voices shaping what next generation security operations look like.
Additional Resources
Anton’s own security podcast on YouTube:
https://www.youtube.com/watch?v=iX5SvgMpS0s&list=PLkdSRxA6DyHtxH623M1WYuAYGpEXdvEqp
Google Cloud security best practices:
https://cloud.google.com/security/best-practices
SEC guidance on AI risk and accountability:
https://www.sec.gov/ai
ClearTech Loop: The CSA AI Safety Initiative with George Finney:
https://cleartechresearch.com/the-csa-ai-safety-initiative-with-george-finney/
Closing Thoughts from Jo
For every organization experimenting with agentic AI, many more are still wrestling with the last wave of complexity: cloud adoption, SIEM modernization, workflow redesign, basic visibility. AI does not hide those problems. It exposes them.
If you add AI to a weak foundation, you will automate your weaknesses. If you add AI to a strong foundation, you will accelerate your strengths. That is the difference between a SOC that scales and a SOC that collapses under the weight of its own ambition.
AI is not the answer to everything. It is the accelerant. It will accelerate good processes or accelerate failure. The difference is leadership, ownership, and a willingness to fix what was already broken.
See you in the Loop.
– Jo
Listen · Watch · Subscribe
🎧 Listen to the full episode on the player above
📺 Watch on YouTube
📰 Subscribe to ClearTech Loop for more straight-talk from the CISO front lines
See you in the Loop — Jo