Securonix's AI Analyst 'Sam' Redefines SOC Value and Governance

PLANO, TX – February 18, 2026 – In a move aimed at reshaping the economics and operational realities of cybersecurity, Securonix, in collaboration with Amazon Web Services (AWS), has introduced an AI-powered digital teammate for security teams. Dubbed "Sam, the AI SOC Analyst," the new offering works within a governed framework called the "Agentic Mesh," promising to automate critical security tasks while providing measurable, board-ready outcomes.

The announcement comes as Security Operations Centers (SOCs) globally grapple with a trifecta of challenges: an overwhelming deluge of security alerts, a persistent and widening shortage of skilled analysts, and the spiraling costs associated with traditional Security Information and Event Management (SIEM) platforms. Securonix is betting that the solution lies not in adding more AI features, but in fundamentally changing how AI's contribution is measured and managed.

The AI Teammate: Augmenting the Human Analyst

At the core of the new offering is Sam, an AI persona designed to function as a governed, always-on digital member of the security team. Instead of replacing human analysts, Sam is positioned as a force multiplier, designed to expand a SOC's capacity without increasing headcount by automating the repetitive and time-consuming work that dominates Tier 1 and Tier 2 operations. This includes tasks like initial alert triage, evidence gathering for investigations, correlating disparate events, and preparing draft responses.

By absorbing this high-volume, low-complexity workload, the system allows its human counterparts to shift their focus to more strategic responsibilities that require nuanced judgment, such as handling complex escalations, proactive threat hunting, and high-risk decision-making. Sam operates natively inside the Securonix Unified Defense SIEM, orchestrating a team of specialized AI agents to perform its functions.

Crucially, the entire process is governed by a "human-in-the-loop" philosophy. Human analysts retain ultimate control, with the ability to review, validate, approve, or reverse any action Sam takes. This ensures every AI-assisted step is explainable, auditable, and bound by enterprise security policies, a critical factor for building trust in automated systems.

A New Economic Model for Security AI

Perhaps the most disruptive element of the announcement is the introduction of a new "productivity-based" pricing model. For years, the SIEM market has been dominated by pricing based on data volume (gigabytes ingested) or event rates (events per second). This often creates a conflict for security leaders, who must balance the need for comprehensive data visibility against budgetary constraints, sometimes being forced to leave valuable security telemetry uncollected to control costs.

Securonix aims to upend this paradigm by licensing Sam based on "verified analyst-equivalent work performed." This shifts the value conversation from consumption metrics to tangible outcomes, enabling leaders to quantify the return on their AI investment in terms of analyst hours saved and increased operational throughput. Each "Sam" license provides a defined pool of productivity, creating predictable economics and a clear narrative for executives and board members.

Supporting this model is the company's Data Pipeline Manager with Flex Consumption (DPM Flex). This technology allows organizations to route security data based on its analytical value rather than its raw volume. Low-value, high-volume data can be stored more cheaply, while high-fidelity telemetry is prioritized for advanced AI analysis and investigation, ensuring that productivity gains from AI are not eroded by escalating data costs.

"We built Sam and Agentic Mesh to solve two problems CISOs face every day: unscalable workloads and unprovable AI value," said Simon Hunt, Chief Product Officer of Securonix. "By tying AI directly to analyst productivity and governing it by design, Securonix gives security leaders a practical, defensible way to scale operations that stands up to board and regulatory scrutiny."

Building Trust with Governed, Auditable AI

The engine driving Sam is the Securonix Agentic Mesh, a governed orchestration layer that coordinates the specialized AI agents. Unlike monolithic AI assistants or simple copilots, the Agentic Mesh is designed as a complete system of work. Built using Amazon Bedrock AgentCore—a suite of services for building and operating AI agents at scale—the mesh maintains shared context across tasks, enforces enterprise policies, and ensures that all AI-generated actions are transparent and traceable.

The collaboration with AWS is significant, providing an enterprise-grade foundation for isolation, resiliency, and scale within the customer's own environment. This architecture is a direct response to a growing demand from corporate boards and regulators who are moving beyond asking if AI is being used in the SOC to asking how it is being governed, measured, and trusted in a production environment.

This focus on governance is particularly critical in a market where "agentic AI" is becoming the next major battleground. Competitors like Palo Alto Networks, Microsoft, and Splunk are also heavily investing in AI-driven SOC automation. However, Securonix's explicit focus on a productivity-based financial model combined with a deeply integrated, auditable governance framework built on AWS infrastructure aims to set a new standard for accountability.

Meeting Regulatory Demands in the Real World

The practical application of this governed AI model is already being tested in one of the world's most demanding regulatory environments. HDFC Bank, a global financial institution, is using the technology to scale its security operations while adhering to strict compliance mandates.

"In a regulated financial environment, AI must earn trust through transparency and control," stated Sameer Ratolikar, Chief Information Security Officer at HDFC Bank. "With Securonix, we are using AI agents to reduce noise, accelerate investigations through natural-language search, and prepare response actions, all while keeping our analysts firmly in control. The result is a more productive SOC and clearer visibility into how AI is contributing to real operational outcomes."

This implementation highlights a critical trend. As regulations like the EU's AI Act classify many financial AI systems as "high-risk" and bodies like the U.S. SEC increase their scrutiny of AI governance, the ability to prove that AI operates under strict human oversight is no longer a feature but a prerequisite. The demand for explainable, auditable, and policy-bound AI directly aligns with the architecture Securonix has brought to market, positioning it not just as a tool for efficiency, but as a mechanism for responsible and defensible security automation.