From AI Experiments to Autonomous Operations

– Christophe Briguet, Sr. Director of Product Management – AI & Security Analytics, Stellar Cyber

San Jose, Calif. – Apr. 28, 2026

Something shifted in early 2026. Not gradually — more like flipping a switch.

For years, we talked about AI in the SOC the way we talked about self-driving cars: always five years away, always needing “just a bit more data.” Then MCP (Model Context Protocol) happened. Then agentic frameworks stopped being demos and started being tools. And suddenly the question wasn’t “can AI help security teams?” but “what should we let it do first?“

I know because I’ve been running one.

The Agentic Breakthrough Nobody Saw Coming

Here’s what changed: AI agents stopped being chatbots with API access and started being actual coworkers, ones that remember yesterday, know how to use your tools, and can make calls on their own.

MCP, originally created by Anthropic and now under the Linux Foundation, gave us something we didn’t have before: a universal way for AI agents to connect to real systems. Not through brittle integrations or custom code. Through a standardized protocol that lets any AI agent talk to any tool, any API, any platform. Think of it as USB for AI: plug in a new capability, and the agent just uses it.

At Stellar Cyber, we shipped MCP support in our platform. An AI agent can now connect to a Stellar Cyber instance and immediately access case management: listing cases, pulling full investigation details with MITRE mappings and observables, updating status, assigning analysts. One API call returns what used to take eight clicks and three tabs.

But MCP is just the connector. The real breakthrough is what sits on top of it: agentic AI that remembers context, plans multi-step workflows, and acts on your behalf between sessions.

What I Learned Running an AI Agent for a Week

I didn’t just theorize about this. I built an AI agent that connects to my actual work systems (email, calendar, project management, documentation tools, and Stellar Cyber’s MCP server). I put it to work on real security operations tasks.

Here’s what it did in a single day:

• Wrote two customer emails about feature capabilities. Pulled context from a 10-message email thread, cross-referenced the KB, got the technical details right
• Filed a Jira ticket. Got the required fields wrong twice, figured out the API, nailed it on the third try
• Scheduled a meeting across four people by checking everyone’s calendar. Found the one open slot on Wednesday morning
• Reviewed a process doc on Confluence and the matching Figma board. Found five gaps nobody had noticed
• Pulled 30,000 cases from our Stellar Cyber MCP server in one call. Full MITRE mappings, observables, the works
• Set up a cron job to watch a Google Form for new submissions, auto-create tickets, and ping me when something comes in. No code. It took about ten minutes.

That’s not a demo. That’s a Tuesday.

The Other Side of This

Here’s where it gets uncomfortable. Everything I just described? Adversaries can do it too.

If an AI agent can connect to your ticketing system, read your escalation tickets, cross-reference your knowledge base, and understand your detection gaps? That’s a free roadmap to everything you’re bad at defending. The same agentic capabilities that make defenders faster also make attackers more systematic.

MCP is a double-edged sword. CrowdStrike already published research on securing agentic AI deployments against prompt injection and privilege escalation. The attack surface isn’t theoretical. It’s the exact same integration points that make agents useful.

The threat landscape shift is this: the speed advantage that SOC teams had over scripted attacks is disappearing. Adversaries with agentic tools can now:

• Enumerate your environment faster than your analysts can triage alerts
• Generate social engineering content that’s contextually aware of your organization
• Automate lateral movement decisions the way we automate triage decisions
• Adapt tactics in real-time based on what’s working

So what do you do? You make your defensive automation faster, smarter, and more connected than their offensive automation. Which brings us to the opportunities.

 Many Automation Opportunities

After running an AI agent against real security operations workflows, six clear automation opportunities emerged. These aren’t aspirational. They’re things I watched an agent do (or nearly do) this week.

1. Alert and Case Triage at Machine Speed

This is the obvious one, and it’s where Stellar Cyber’s Alert Auto-Triage already operates. The agent runs Verdict Signal Checks against every critical case: IP reputation, behavioral anomalies, entity relationships, and device vulnerability. Then it delivers a verdict: True Positive, Benign, False Positive, or Inconclusive.

What’s new is the feedback loop. When an analyst overrides a verdict, that override becomes a training signal. Not in the vague “we’ll retrain the model someday” sense. In the “the next time this pattern appears, the system weighs your judgment” sense. Tesla FSD learns from human takeovers. So does this.

The agentic unlock: An MCP-connected agent can now pull case details, correlate with external threat intel, check historical verdicts on similar patterns, and deliver a triage decision with full explainability, without a human clicking through five tabs.

2. Intake and Onboarding Automation

Requests come through a form. Historically, someone reads the submission, creates a tracking ticket, checks prerequisites, and sends a confirmation email. Four systems, three context switches, one person doing manual data entry.

An agent monitors the intake source on a schedule. When a new entry appears, it creates the ticket with the full structured description, writes the reference back to the source, and sends a notification with a summary. Zero manual steps.

The agentic unlock: This pattern generalizes to any intake process. Trial requests. Compliance inquiries. Vulnerability disclosures. Customer escalation routing. Any workflow that involves “read from source A, create in system B, notify via channel C” is a candidate.

3. Detection Quality Feedback Loop

This is the one that excites me most. Security vendors accumulate enormous backlogs of “this detection doesn’t work right” tickets. The descriptions are often cryptic. The context is buried in email threads and support tickets. The person triaging needs deep product knowledge to even understand the ask.

An AI agent with access to your ticketing system, knowledge base, and security platform can read a detection feedback ticket, pull the actual alert data, cross-reference with documentation, and produce a clear summary: “This is a false positive caused by substring matching in rule X. The reporter provided a fix. Here’s the corrected query.”

The agentic unlock: Connect the agent to the reporting environment (with permission) via MCP, and it can validate the reported issue against live data. No more “can you send a screenshot?” No more three-week back-and-forth. The agent sees what the reporter sees.

4. Connecting the Dots Across Tools

A security operations leader’s job is connecting dots across systems. An email thread about a partner engagement, a ticket about a detection gap, a wiki page about process, a design board about workflow, pricing in a sales thread. These live in different tools with no automatic correlation.

An AI agent traverses all of these. Ask it “what’s the status of this partner’s trial?” and it pulls the email thread, checks the tracking ticket, reads the intake form, and synthesizes a single answer. No tab switching. No “let me check.”

The agentic unlock: This is where MCP shines. Each system is an MCP server. The agent doesn’t care if the data is in email, Jira, or Stellar Cyber. It speaks the same protocol to all of them.

5. Proactive Monitoring Without Alert Fatigue

The traditional approach to monitoring is either “check everything constantly” (expensive, noisy) or “wait for someone to notice” (slow, risky). AI agents offer a third path: scheduled, intelligent checks with human-level judgment about what’s worth escalating.

My agent checks communication channels periodically, but it doesn’t just report “you have 15 unread messages.” It categorizes by urgency, identifies action items, filters noise, and only alerts me when something actually needs attention. The same pattern applies to security monitoring: check case queues, flag anomalies in detection coverage, monitor SLA breaches. And stay quiet when everything’s normal.

The agentic unlock: Scheduled agent runs with model-tier optimization. Use a lighter model for routine checks, escalate to a more capable model when the situation requires judgment. Cost-aware automation.

6. Documentation and Knowledge Capture

Security teams generate enormous amounts of institutional knowledge that never gets documented. The analyst who knows that a specific firewall vendor’s log entries behave differently than expected? That knowledge lives in their head until they leave.

AI agents can capture and structure this knowledge in real-time. Every ticket triage, every interaction, every decision becomes a structured entry in a persistent knowledge base. The agent maintains daily notes, updates its long-term memory with distilled insights, and cross-references new information against what it already knows.

The agentic unlock: The more the agent works, the more it knows. The agent that triaged a batch of detection tickets now understands vendor-specific log quirks, integration edge cases, and identity correlation gaps. Next time a related ticket comes in, it starts from that base — not from zero.

What This Means for Security Teams

The security industry has spent the last decade building detection. The next decade is about decisions. Who decides what’s real? Who decides what to do about it? And how fast can those decisions happen?

Agentic AI doesn’t replace the analyst. It gives the analyst leverage. The same analyst who manually triaged 20 cases a day can now review 200 agent-triaged cases, focusing their expertise where it matters: the edge cases, the novel attacks, the judgment calls that machines can’t make yet.

The vendors still hiding behind closed APIs and one-shot AI summaries are going to get left behind. The platforms that win will be the ones that open their APIs through protocols like MCP, build feedback loops that actually learn from human decisions, and treat AI automation as a product, with accuracy metrics, cost controls, and governance rails.

We’re building that at Stellar Cyber. The MCP server is live. Alert Auto-Triage is in production. And I have an AI agent that just drafted this blog post.

Well, most of it.

Christophe Briguet is Sr. Director of Product Management – AI & Security Analytics at Stellar Cyber, where he leads the Autonomous SOC product direction. He’s still figuring out where the line is between helpful and creepy.

About Stellar Cyber

Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.

The post When Your SOC Analyst is Also a Bot: AI Agents, MCP, and Many Automation Opportunities in Your Security Operations appeared first on Cybercrime Magazine.