Thought Leadership
Dr Lim Woo Lip discusses how AI‑driven autonomy, alongside effective human oversight, can transform decision‑making in modern cybersecurity operations.
April 2026
As AI systems become increasingly capable, a frequent debate has emerged around how they should be used in Security Operations Centres (SOCs). Some argue for full autonomy, others for keeping humans tightly in control. Yet, framing the discussion this way misses the real opportunity—one that allows organisations to balance speed, accountability and trust in the AI era.
Enter the selectively autonomous SOC. In this model, AI acts rapidly within clear guardrails, while a centralised team of cybersecurity professionals retains control over strategy, escalation and accountability. The expectations are clear: AI delivers speed and scale, while humans retain full responsibility for decision-making.
Modern SOCs face enormous challenges. Attack surfaces are expanding as organisations adopt cloud, Internet of Things (IoT) and distributed work models. SOC analysts face a flood of low-value alerts, while sophisticated attacks hide in legitimate activity. As a result, even capable teams spend excessive time triaging noise instead of targeting high-impact threats.
Automation and AI have improved detection and response times, addressing the challenges of traditional SOCs, but defence cannot be entrusted entirely to machines. Many situations involve risk, context and consequences that still demand human judgment and expertise.
Selective autonomy establishes a balanced partnership between humans and machines. Humans set the mission and define the parameters for AI to take on high-speed tasks such as correlating alerts across data sources, detecting known attack patterns and performing initial containment for low-risk threats.
Each automated action must be auditable, explainable and where necessary, reversible, aligning to key principles of governance and transparency which are non-negotiable elements of a selectively autonomous SOC.
Where nuance matters, humans must lead. Interpreting attacker intent, assessing business impact, and deciding when to escalate an incident are decisions that require human judgment. Additionally, with continuous feedback between both sides, the system will learn and adapt, and the human analysts will also gain new knowledge and insights.
Cybersecurity, at its core, is about safeguarding trust: between customers and enterprises, between organisations and the data they are entrusted to protect. That trust must remain anchored in human judgment.
While agentic AI drives transformation in the structure and workflows in SOCs, it remains a force multiplier that enhances human expertise rather than replacing it. By autonomously handling complex detection, triage and response processes, agentic AI enables SOCs to operate with greater speed, accuracy and consistency while keeping humans in control of critical decisions.
This approach—where intelligence is amplified rather than displaced—is applied in ST Engineering’s Agentic AI SOC. Analysts are further augmented by AI agents that surface investigative insights from trusted sources such as the MITRE ATT&CK framework, Cyber Threat Intelligence (CTI) and internal security rules, enabling faster and more informed responses. Humans remain firmly central to the SOC, continually reviewing and refining automation strategies as threats evolve, and ensuring faster response without sacrificing oversight or transparency.
As organisations step up their defensive cybersecurity efforts, more SOCs will be transformed to operate in selectively autonomous modes. Ultimately, the organisations that succeed will not be those that automate the most, but those that strike the right balance.
ST Engineering’s Cyber business is an industry leader in cybersecurity with over 25 years of proven expertise, offering a trusted portfolio of solutions designed to enhance cyber resilience for governments, critical infrastructure owners, and commercial enterprises. Our comprehensive offerings protect Information Technology (IT), Operational Technology (OT), and cloud environments by leveraging cutting-edge technology, AI-driven capabilities and our award-winning innovations.
Dr Lim Woo Lip
CTO and Head of Cyber Centre of Excellence,
Cyber, ST Engineering
By subscribing to the mailing list, you confirm that you have read and agree with the Terms of Use and Personal Data Policy.
