Advertisement
  • Safe Mode

How security investigators can get the right info out of AI security tools

This week on Safe Mode, Greg sits down with Dov Yoran, CEO and co-founder of Command Zero, to talk about one of the most persistent problems in enterprise security: the investigation gap. Alert volumes keep climbing, SOC teams are drowning in triage, and the tools meant to help are aggregating data without actually reasoning through it.

Dov breaks down how the real bottleneck in security operations comes down to expertise — knowing what questions to ask, where to find the data, and how to build a narrative around it. He explains how Command Zero has codified years of SecOps and incident handling experience into a knowledge base shared by both human analysts and AI agents, creating a structured and fully auditable approach to autonomous investigation, one where every question asked and every conclusion drawn is visible and replayable.

The conversation gets into how AI is fundamentally changing the shape of the SOC. The tiered escalation model is giving way to something new, where agents handle the repetitive work of collection, timelining, and report writing and analysts operate more like coordinators than ticket processors. Whether that shift is gradual or sudden, and exactly where the human stays in the loop, is a question Dov and Greg wrestle with.


In our reporter chat, Greg talks with Tim Starks about the Supreme Court’s decision in Chatrie v. The United States.

Weekly

Safe Mode

Every week we break down the most pressing issues in technology, provide you with the knowledge and tools to stay ahead of the latest threats and take you behind the scenes of the biggest stories in cyberspace.

Advertisement