71% of SOCs Report AI Is Underdelivering. The Second Wave Must Fix It.

Eighteen months ago, the AI SOC was a marketing line. Today it is a budget item. Billions of dollars are flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots stacked into every layer of the security stack. Adoption is accelerating faster than the industry has ever seen. And yet, the same SOCs reporting record AI adoption are reporting underwhelming outcomes.

The SOC-CMM 2026 Maturity Report, published in May and drawing on survey data from roughly 200 SOCs collected between late January and mid-March, delivers the first objective benchmark on AI value in security operations. Only 10% of respondents said AI has delivered excellent value. 19% reported good value. The remaining 71% landed at some value or none at all. That is not a rounding error. It is a structural signal.

Buying Faster Than Building

The numbers reveal a clear problem. Off-the-shelf large language models grew 55% year over year inside SOCs. AI co-pilots grew 145%. Organizations are buying aggressively. But the integration work required to turn these tools into measurable detection and response improvements is lagging far behind procurement.

SOC leads are finding that AI tools generate more alerts, not fewer. They produce interesting correlations that analysts do not have time to investigate. They promise automation but require constant tuning. The organizations reporting the highest value invested in data engineering and workflow redesign before deploying AI tools. They did not just buy the shiniest platform.

We’ve Seen This Movie Before

This pattern is not new. SOAR platforms and UEBA tools followed nearly identical hype cycles over the past decade. Vendors promised orchestration and behavioral analytics that would transform SOC efficiency. Buyers deployed them. Then they discovered that playbooks require maintenance, baselining takes months, and the tools sit underutilized while teams revert to manual workflows.

The SOC-CMM data suggests AI is heading down the same path unless the second wave of deployments focuses on operational integration rather than feature acquisition. Vendors need to stop selling dreams and start proving value.

What Buyers Should Demand

The next generation of AI SOC tools must prove measurable mean-time-to-respond improvements, not just alert enrichment. They must reduce analyst workload, not add to it. They must integrate with existing detection stacks instead of replacing them.

CISOs who lived through the SOAR and UEBA disappointments are watching closely. If the second wave cannot demonstrate concrete outcomes, budget pullbacks are likely by 2027. The 71% who reported limited or no value are not patient buyers. They have budgets to justify and boards to answer to.

Sources

1. https://www.soc-cmm.com/