Securonix's AI Analyst Aims to Remake the Overwhelmed SOC

By Patrick Griffin

MELBOURNE, AUSTRALIA – February 18, 2026 – Cybersecurity firm Securonix, in a significant collaboration with Amazon Web Services (AWS), today unveiled a new framework for security operations centers (SOCs) that directly confronts the industry's persistent challenges of analyst burnout, overwhelming alert volumes, and spiraling costs. The company introduced Sam, the AI SOC Analyst, and the Securonix Agentic Mesh, a system designed to shift the conversation from abstract AI features to measurable, board-ready business outcomes.

The announcement arrives as security teams worldwide struggle to keep pace. Besieged by a constant flood of alerts and hampered by a chronic shortage of skilled professionals, many SOCs are reaching a breaking point. Securonix aims to redefine this reality by introducing a productivity-based model where AI is measured not by data consumed, but by the tangible analyst work it completes.

A New Operating Model for the SOC

At the heart of the announcement is Sam, the AI SOC Analyst, an always-on digital teammate designed to augment and scale human security teams without adding headcount. Sam automates the often tedious and repetitive work of Tier 1 and Tier 2 security operations, including the initial triage of alerts, data correlation, investigation enrichment, and the preparation of response actions.

By absorbing this high-volume, low-complexity workload at machine speed, the system directly targets the root cause of alert fatigue—a major contributor to analyst burnout and high turnover rates in the industry. This automation is intended to free human analysts from the daily grind of sifting through countless false positives, allowing them to elevate their roles. Instead of manually chasing down every minor alert, analysts can focus their expertise on complex threat hunting, strategic defense planning, and managing the AI agents themselves, making their work more intellectually stimulating and impactful.

This represents a fundamental shift in how security operations are staffed and managed. The goal is not to replace human analysts, but to forge a collaborative human-AI team where each plays to their strengths: the AI handles scale and speed, while humans provide critical judgment, contextual understanding, and strategic oversight.

Building Trust Through Governed AI

While the promise of AI-driven automation is not new, many organizations remain hesitant to deploy it in critical security functions due to concerns over trust, accountability, and regulatory compliance. Securonix is addressing these concerns head-on with the Agentic Mesh, a governed orchestration layer that coordinates Sam and other specialized AI agents.

Unlike monolithic AI assistants or simple copilots, the Agentic Mesh is designed as a complete “system of work.” It maintains a shared context across tasks and enforces enterprise-specific policies, ensuring every action taken by an AI agent is explainable, auditable, and, crucially, reversible. This “human-in-the-loop” philosophy is central to the design, keeping human analysts firmly in control. AI-generated findings and response recommendations are presented in plain-language summaries for review and validation, meaning the final decision always rests with a person.

This emphasis on governance is particularly vital for organizations in highly regulated sectors like finance. “In a regulated financial environment, AI must earn trust through transparency and control,” said Sameer Ratolikar, Chief Information Security Officer at HDFC Bank, one of the world’s largest financial institutions and an early adopter of the technology. “With Securonix, we are using AI agents to reduce noise, accelerate investigations through natural-language search, and prepare response actions, all while keeping our analysts firmly in control. The result is a more productive SOC and clearer visibility into how AI is contributing to real operational outcomes.”

Challenging Traditional SIEM Economics

Perhaps the most disruptive element of the launch is the company's direct challenge to the long-standing economics of Security Information and Event Management (SIEM) platforms. Historically, SIEM pricing has been tied to the volume of data ingested, creating a conflict for security leaders: to improve visibility, they must collect more data, but doing so leads to unpredictable and often explosive costs.

Securonix is upending this model by pricing its AI based on productivity. Customers license Sam based on a defined pool of “analyst-equivalent work” performed by the AI, with productivity tracked transparently. This allows CISOs to build a clear and defensible return on investment (ROI) narrative for executives and board members, moving the discussion from abstract data metrics to concrete outcomes like analyst hours saved and increased operational throughput.

Supporting this new economic model is the Data Pipeline Manager with Flex Consumption (DPM Flex). This feature allows organizations to route telemetry based on its analytical value rather than its raw volume, ensuring that the most critical data is available for AI and investigations without incurring runaway costs for lower-value logs. This outcome-driven approach is designed to ensure that the productivity gains from AI are not erased by escalating data bills.

The Power of Partnership and Technology

Underpinning this new model is a deep technological foundation built natively on AWS. The Agentic Mesh is powered by Amazon Bedrock AgentCore, a platform that provides a secure, serverless environment for operating AI agents at scale. This integration allows the entire system to operate securely within the customer’s own cloud environment, ensuring enterprise-grade data isolation and resiliency.

The term “agentic AI” itself signifies a leap beyond simpler AI assistants. These systems are engineered to function autonomously to achieve specific goals. Rather than just identifying a suspicious event, an agentic system like Sam can orchestrate a multi-step investigation, gather context from various sources, and propose a course of action, all while learning from the process.

Securonix's “built for AWS first” philosophy extends to native integrations with over 15 AWS services, including Security Hub, CloudTrail, and GuardDuty. This tight integration is designed to provide clearer threat signals and faster response times within cloud and hybrid environments. By leveraging the customer's existing AWS infrastructure for data storage, the model also helps preserve data privacy and control storage costs.

As organizations mature in their use of artificial intelligence, the focus is rapidly shifting from experimentation to production-ready deployment. “We built Sam and Agentic Mesh to solve two problems CISOs face every day: unscalable workloads and unprovable AI value,” said Simon Hunt, Chief Product Officer of Securonix. “By tying AI directly to analyst productivity and governing it by design, Securonix gives security leaders a practical, defensible way to scale operations that stands up to board and regulatory scrutiny.”

Sam, the AI SOC Analyst, which operates within the Agentic Mesh, and Data Pipeline Manager with DPM Flex are available now for Securonix customers worldwide.