Attackers are using AI to probe, pivot and personalise at speed. Defenders are responding with detection, correlation and automated response at scale. The gap between the two is where incidents are won or lost.
In this session, Marsha Widagdo shares what’s working inside modern SOCs: how to separate signal from noise, where AI adds real value (and where it doesn’t), and the controls leaders need before switching on more automation.
What you’ll learn
- The current AI-enabled attacker toolkit—and what that means for your controls
- Blue-team methods for AI-assisted detection, triage and response without alert fatigue
- Building playbooks that keep humans in the loop (and in charge)
- Practical governance for AI in security operations (auditability, oversight, hand-off)
- Quick wins to harden your environment ahead of 2026
