Habr AI→ original

Yandex Cloud explained how to deploy AI agents in information security without false blocks or disruptions

Yandex Cloud examined how AI agents can ease the SOC workload and where they become dangerous without constraints. In a good scenario, an agent quickly…

AI-processed from Habr AI; edited by Hamidun News
Yandex Cloud explained how to deploy AI agents in information security without false blocks or disruptions
Source: Habr AI. Collage: Hamidun News.
◐ Listen to article

Yandex Cloud described how AI agents can become useful assistants for SOC, but should not receive the right to take critical actions without human control. In a breakdown on Habr, the team showed two scenarios: in one, the agent saves the analyst dozens of minutes, in another — mistakenly isolates the domain controller and stops the company's operations.

Why SOC is Overloaded

A modern SOC lives in a constant noise mode: one analyst can receive up to 1,000 alerts per day, and up to 95% of them turn out to be false positives. Against this backdrop, the idea of handing off primary sorting and correlation to AI looks almost inevitable. The agent is able to quickly parse logs, decode commands, pull context from SIEM, and match events against the MITRE ATT&CK framework.

Where it takes a person dozens of minutes of focused work, the model can provide a draft answer in seconds. But Yandex Cloud warns: the potential for automation is higher than the actual reliability of such systems. The author cites a March 2024 Anthropic study where for professions in computer science and mathematics, the theoretical automation of tasks reaches 94%, but the observed rate is only about 33%.

This gap demonstrates the main point: AI is already useful, but it cannot be considered a mature autonomous employee. Especially in cybersecurity, where an error in interpreting an event can cost not just a false alarm, but the shutdown of critical services.

Where the Agent Goes Wrong

The key example in the article revolves around an alert on domain controller DC01. In the safe scenario, the agent receives a signal about suspicious PowerShell execution, decodes the Base64 command, understands that it concerns enumerating Domain Admins members, and links this to the privilege reconnaissance technique. Then it checks internal policies, notices that DC01 is classified as Tier-0, collects additional events only within a narrow time window, and instead of automatic action, generates a report for the SOC analyst with mandatory human-in-the-loop confirmation.

In the bad scenario, everything breaks not at the input, but at the reasoning. The agent correlates events too coarsely — by time and node, rather than by session identifiers and process chain. Because of this, it links an unrelated DNS query with PowerShell activity, interprets the picture as C2 or exfiltration, and decides to isolate DC01. For a domain controller, this is a catastrophe: Kerberos and LDAP go down, related services stop, and the business gets a shutdown due to the model's false conclusion.

"You need to accept that models hallucinate and can be wrong," writes

Sergey Nesteruk.

What Barriers Are Needed

The main point of the article is that the fight should not be against the possibility of hallucination itself, but against the consequences of error. LLM does not operate with truth the way an analyst does, and in conditions of uncertainty, it more often tries to guess than honestly say "I don't know." Therefore, a trusted AI agent in cybersecurity is not a single model, but a set of external constraints around it: input validation, memory control, strict tool permissions, auditing, and a layer of human approval where the cost of error is too high.

  • filtering of input data and protection against prompt injection
  • RAG with an up-to-date knowledge base, RBAC, reranking, and conflict checking
  • reasoning firewall: supervisor, task decomposition, cross-checking, and confidence evaluation
  • limiting actions on Tier-0, abstain policy, and mandatory human-in-the-loop

Yandex Cloud recommends implementing such systems in stages. As a practical guideline, the team uses AI-SAFE — a threat modeling framework for agent systems with five levels: user input, context orchestration, model reasoning, tools, and knowledge bases. First — an assistant that searches for data, gathers context, and reduces cognitive load on the team. Then — partial automation with human confirmation. And only after accumulating logs, quality metrics, clear failure scenarios, and stable operation can the agent be given broader authority.

What This Means

The market is moving toward AI in SOC becoming the norm, but winners will not be those who first enable the agent in production, but those who surround it with guardrails and leave humans the right to make the final decision at critical points. For companies, this is a good guideline: you can already automate routine work, but automating trust — not yet.

ZK
Hamidun News
AI news without noise. Daily editorial selection from 400+ sources. A product by Zhemal Khamidun, Head of AI at Alpina Digital.

Need AI working inside your business — not just in your newsfeed?

I build production AI for companies — custom CRM, internal tools, autonomous agents, workflow automation. Owned by you, shaped to your process, no per-seat tax. Built by Zhemal Khamidun, CPO of AlpinaGPT (AI platform, 6,000+ users).

What do you think?
Loading comments…