As such, Security Operations Centres (SOCs) are increasingly relying on AI agents to manage the sheer volume of digital threats. These tools allow teams to detect and resolve security incidents quickly, significantly cutting down the time it takes to stop a live attack, explains, Michelle Abraham, senior research director in the International Data Corporation’s Security and Trust Group.Overcoming blind spotsThe ability for AI agents to observe all relevant data, agent actions and system states in real time – with few blind spots – is a baseline requirement, Abraham continues. This includes transparency to correlate signals across domains such as identity, endpoint, network, cloud and SaaS.“AI agents require zero blind spot visibility in order to detect lateral movement, privilege escalation and multi-stage attacks, in order to provide auditable, explainable and reversible actions,” she says.“Relying on fragmented data and control planes means agents operate with partial context, which leads to missed detections, increased false positives and negatives, and the inability to track agent actions or explain outcomes.”This shift necessitates a pivot away from legacy pricing that rations data and towards a model where AI is grounded in the organisation’s full, searchable data foundation.The legacy model of charging per endpoint has left many Australian enterprises with blind spots in their network due to budget constraints, says Mike Nichols, general manager of Security at search AI platform Elastic.Along with eliminating per-endpoint pricing to facilitate oversight across the enterprise, Elastic’s search and analytics capabilities also ensure AI agents are across data stored in a wide range of environments, including long-term cost-effective object stores like AWS S3 and Google Blob.Context is king for real-time responseAs threat actors leverage AI efficiencies to attack smaller targets, Nichols says zero blind spot visibility is not just a concern for the big end of town.“No matter what your size, you cannot have an agentic SOC if the AI can only see half of your environment,” he says. “You must remove the per-endpoint barrier and provide access to all data environments, to ensure the AI has the complete context required to respond to threats in real time.”Elastic general manager of Security Mike Nichols. “This must be done in a way that isn’t only in-cloud but also operates offline, to not only support geographically remote environments but also environments which remain air-gapped due to extremely low-risk tolerance.”In the defence and government sectors, where air-gapped security is non-negotiable, having an AI partner that can operate across all isolation levels is a game-changer. It also marks the beginning of a broader shift in how security teams interact with their environments.Bringing the work to the worker For decades, productivity has been tied to navigating a click-path of complex user interfaces and nested dashboards across siloed applications. But Elastic says they are now seeing a collapse of this model.By leveraging the Model Context Protocol (MCP), the AI platform is delivering the first embedded security experiences inside tools like Claude and other AI services. This allows an SOC analyst to not just ask questions of AI, but also to execute a full investigation workflow, from query to remediation, without ever leaving their AI interface.“By embedding critical workflows directly into the AI tools where teams already live, the distance between a question and a remediation action disappears,” says Nichols. “Instead of forcing a security analyst to travel to a specific software destination to be productive, the data and the ability to act on it find the user exactly where they are.”Keeping humans on the loopNichols asserts that keeping humans on the loop to oversee AI agents is also important when it comes to transparency and accountability, similar to the way human analysts work under supervision.“We are huge proponents of the fact that AI does not replace people,” Nichols says. “I don’t believe in the idea of a people-less autonomous SOC.”“You wouldn’t let a junior security analyst handle a major incident completely unsupervised, and it’s the same when it comes to AI agents – they still require oversight and approval from humans to ensure accountability,” he explains.“However, I think AI replaces a lot of the drudgery when you’re trying to search for a needle in a stack of needles.”For more information, visit www.elastic.co/security.