When an AI agent gains access to data, decisions, and actions across an organization’s systems, it also becomes a new control point. A compromised agent effectively acts as an attacker with legitimate access. At the same time, the control mechanisms surrounding these agents are still less mature than the agents themselves.

What happened at RSAC 2026?

Something shifted in the security industry this spring. At the RSAC conference in 2026, the three major security vendors CrowdStrike, Cisco, and Palo Alto Networks introduced AI agents that can perform parts of the work autonomously. RSAC (RSA Conference) is the world’s largest cybersecurity conference and is often where the most important trends and technologies in the industry are unveiled.

CrowdStrike opened its platform to pre-built security agents and integrated models from Anthropic, OpenAI, and NVIDIA. Palo Alto Networks introduced its own tool to secure AI agents throughout their lifecycle. Agentic SOC is now a product you can buy.

Read “CrowdStrike Delivers Seven Agents to Build an Agentic Security Workforce” at CrowdStrike >

Read “Palo Alto Networks Secures Agentic AI with Prisma AIRS 3.0” at Palo Alto Networks >

For organizations, this can be good news. A security operations center that never sleeps, filters thousands of alerts per second, and allows human experts to focus on tasks that require judgment. This leads to measurable improvements in security operations.

What’s missing: Who monitors the agents?

Behind these launches lies a challenge that received less attention. VentureBeat, a U.S. technology media outlet, pointed out that the solutions lack a clear mechanism for establishing normal behavior for the agents themselves.

In practice, this means that the tools understand normal behavior for users and machines, but lack a corresponding understanding of security agents. As a result, it becomes difficult to detect when an agent starts behaving differently than expected.

Read “CrowdStrike, Cisco and Palo Alto Networks all shipped agentic SOC tools at RSAC 2026” at VentureBeat >

Why does it matter?

A security agent holds significant power. It sees data, makes decisions, and can execute actions across your systems. As agents gain more autonomy, clear monitoring and control become essential.

A compromised agent, or one that gradually drifts in the wrong direction, acts as an attacker with legitimate access. Without a baseline, deviations are only detected after something has already happened. CrowdStrike itself noted that such baselines require more telemetry and shared metrics that are still lacking.

This follows a familiar pattern. The industry builds new capabilities first and adds control mechanisms afterward. We have seen this with cloud services, APIs, and now with agents.

However, the shift toward agentic SOCs presents more opportunities than challenges. Automation and AI-driven security operations will become an important part of future defense capabilities.

Do we have control over autonomy?

It is important to understand the boundaries of autonomy. Which decisions and actions can the agent perform independently, and when is human approval or intervention required?

A mature security vendor will provide concrete, technical, and transparent answers to these questions. Responses filled with buzzwords, marketing language, and promises of autonomy without clear control mechanisms should be seen as a warning sign.

In security operations, both the degree of autonomy and how well that autonomy is controlled determine the quality of the solution.

Arctic Wolf’s approach

We believe organizations should carefully evaluate this area when considering agentic SOC solutions. Arctic Wolf is an example of a vendor that has built control mechanisms directly into its architecture. Their Aurora Agentic SOC is built around an AI Trust Engine. When an agent encounters something outside its validated experience, it stops and defers the decision to a human.

Humans are both in the loop and above it, for oversight, escalation, and critical decisions. Under the hood, Aurora is a “swarm of experts,” with more than 300 agents working in parallel and monitoring each other, ensuring that no single agent makes a critical mistake alone.

The agents are embedded into the platform as an integral part of the architecture, rather than functioning as a copilot layered on top of something else. This is exactly the type of control mechanism VentureBeat called for.

– The difference is that our agents don’t guess. When they encounter something outside their validated experience, they stop and let a human make the decision. That’s how we make AI safe enough for real-world security operations, says Alexander Ervik Johnsen, Arctic Wolf

Learn more about Aurora Agentic SOC at Arctic Wolf >

Arctic Wolf reports that it processes over nine trillion security events per week across more than 10,000 customer environments. This provides a data foundation that supports a credible behavioral baseline.

Read “Arctic Wolf Launches the World’s Largest Commercial Agentic SOC” at Arctic Wolf >

– Many will try to build their own agentic SOC. Most underestimate the cost in time, expertise, and operations. We deliver it ready and operational, so customers get the value without having to build and manage the AI themselves, says Vegard Gerotti Slåttelid, Arctic Wolf

Sicra as a local security partner

Sicra’s role sits on top. Arctic Wolf provides the engine and data foundation. Sicra understands your environment, owns the relationship, connects security to your governance, and asks the right questions on your behalf.

We believe the combination of Arctic Wolf’s Agentic SOC and Sicra as a local partner provides a strong solution for Norwegian organizations.

Agentic SOC addresses a real problem. Security operations are increasingly carried out by AI agents. How are these agents monitored, controlled, and stopped when something deviates? Consider this carefully before investing in an agentic SOC.