Sign in Subscribe
10 min read News

Will AI Replace SOC Analysts? Not Until It Solves This

SOC Analyst Role is changing ?
SOC Analyst Role is changing ?

March 2026

Large language models cannot yet be trusted to make autonomous security decisions. That is not a controversial position. It is the engineering constraint that Anthropic quietly embedded into Claude Code Security's own product design.

On 20 February 2026, Anthropic launched Claude Code Security and wiped billions off the cybersecurity sector in a single afternoon. CrowdStrike fell 8%, Okta shed 9.2%, and the Global X Cybersecurity ETF dropped 4.9%, closing at its lowest since November 2023 (Bloomberg, 2026). The narrative that followed was predictable: AI is replacing security professionals, established vendors are obsolete, the SOC as we know it is finished.

I have spent over 20 years on the vendor side of B2B security. I have heard this story before, just with different protagonists.

Subscribe to CyberDesserts for practitioner-level analysis of AI security claims.

This piece was prompted by a recent episode of the AI Security Podcast. Hosts Ashish and Caleb dig into the Claude Code Security announcement, the cybersecurity stock reaction, what it means for startups, and whether security jobs are genuinely under threat. It is a sharp, well-framed conversation and worth watching in full.

They approach it from a business and market perspective, which is exactly the right lens for what they are covering. Watching it, I found myself wanting to add a practitioner layer underneath, specifically, why LLM hallucinations happen at a mechanistic level, and why that problem sits in a different category from how the ML-based tools already in your SOC handle conviction. That is the thread this article picks up, not to challenge their take but to extend it.

Why Cybersecurity Stocks Fell on Code-Scanning News

The market's logic was shaky from the start.

Claude Code Security assesses code before deployment. EDR and XDR defend live software by catching active adversary behaviour. These are different tasks (CSIS, 2026). Selling CrowdStrike because Anthropic launched a code scanner is like selling a trauma surgeon's practice because a new GP opened down the road.

Wedbush analysts called the selloff an "AI Ghost Trade" reaction and argued it would prove the wrong read long-term for CrowdStrike, Palo Alto, and Zscaler (Yahoo Finance, 2026). The stocks recovered in the days that followed.

But there is a real signal underneath the noise. Alongside the product launch, Anthropic posted a Strategic Account Executive role targeting AI-powered SOC platforms, threat detection, and security copilots (Anthropic Careers, 2026). That is not a code-scanning brief. That is a direct commercial play into security operations. The product launched with a narrow scope. The hiring intent is broader.

What Claude Code Security Does

Claude Code Security reasons about code the way a human security researcher would: tracing how data moves through an application, understanding how components interact, and catching complex vulnerabilities that rule-based tools miss (Anthropic, 2026). That is a genuine technical advance over traditional SAST tooling. Pattern matching catches known issues. Contextual reasoning can catch novel ones.

The team reportedly found over 500 vulnerabilities in production open-source codebases, bugs that had survived years of expert review (Anthropic, 2026).

Here is what Anthropic's own announcement says about the result: nothing is applied without human approval.

That line is doing a lot of work. It is framed as responsible design. It is also an honest acknowledgement of why autonomous AI operation in security workflows is not ready. Understanding that reason is more useful than the stock price reaction.

Why LLMs Hallucinate in Security Contexts

Non-determinism is the foundational problem. Run the same prompt twice and you can get different outputs. For most LLM use cases that variance is manageable. In a SOC, acting on the wrong output can take down a service, block a legitimate asset, or miss an active intrusion.

The specific failure modes already emerging in LLM-assisted security tooling:

Hallucinated IoCs. An LLM tasked with threat analysis generates plausible-looking indicators of compromise: IP addresses, file hashes, domain names that do not correspond to any real threat actor infrastructure. A SOC analyst who acts on a hallucinated block list can take legitimate business infrastructure offline. Build a hunt hypothesis around a phantom adversary and you have wasted hours your team does not have.

Mislabelled attack paths. Ask an LLM to map a technique to MITRE ATT&CK and it will return a confident, well-formatted answer. It may also attribute the wrong sub-technique, reference a TTP that does not exist in the framework, or conflate two distinct adversary procedures. The output looks authoritative. Analysts without the depth to challenge it will not catch the error.

CVE misattribution. This one appears most often, even in basic research contexts. LLMs swap affected version ranges, confuse CVE numbers for related but distinct vulnerabilities, and occasionally generate severity scores that do not match NVD records. A Tier 1 analyst triaging on AI-generated CVE summaries may deprioritise a critical patch because the model understated the CVSS score.

None of these are edge cases. They compound specifically because speed is the entire point of SOC automation. Analysts act fast. Fast action on hallucinated output causes real damage.

Why Your EDR Doesn't Hallucinate (And Why Claude Does)

Machine learning has been built into security tooling since the late 1990s. This is not a new frontier. What followed that first wave of statistical anomaly detection was two decades of purpose-built evolution: supervised classifiers trained on labelled endpoint telemetry, unsupervised clustering for network behaviour baselining, and deep neural networks processing millions of samples to score file reputation.

I spent part of my career at Sophos, where the Data Science Group was building exactly this kind of system. The goal was to move beyond reactive blacklists and hand-written regex signatures, which required a human analyst to write and maintain a new rule for every malicious URL variant, to a model that could generalise across the entire distribution of threats it had never seen before. The approach was deep learning with purpose-engineered features: URLs converted into numerical vectors through ngram hashing, fed through dense layers with dropout regularisation and ReLU activation functions, trained on millions of labelled benign and malicious samples (Sophos, 2017).

The output is a probability score between zero and one. A threshold is set before deployment, calibrated against a target false positive rate. At a false positive rate of 1 in 10,000, the Sophos URL model achieved 99.9% precision, meaning that when it convicted a URL as malicious, it was right 99.9% of the time (Sophos, 2017). That is what conviction looks like in a purpose-trained ML system.

CrowdStrike uses the same architectural principle: unsupervised learning to uncover new attack patterns across large data pools, reinforcement learning for autonomous intrusion detection and DDoS response (CrowdStrike, 2026). Darktrace, Vectra, and Cortex XDR follow similar patterns. These systems are not chatbots reasoning about threats in natural language. They are discriminative classifiers trained on ground-truth labelled data. The output is deterministic for a given input. Run it twice, get the same score.

Now ask an LLM whether an IP address is malicious. Claude models are generative pre-trained transformers trained to predict the next token, then fine-tuned using reinforcement learning from human feedback and Constitutional AI (Wikipedia, 2026). The model was not trained on a labelled dataset of confirmed malicious IPs with verified ground truth. It was trained on text. When it produces an answer about threat attribution, it is generating the most statistically plausible response given its training corpus. Not a verdict derived from a classification boundary learned from confirmed incidents.

This is why hallucinated IoCs are a structural problem, not a capability gap that closes with the next model release. The mechanism is not built to convict. It is built to narrate.

There is a more sophisticated version of this where the distinction blurs. LLMs fine-tuned on cybersecurity data can detect anomalies in logs, analyse phishing emails, and map threats to MITRE ATT&CK (AIMultiple, 2026). Hybrid approaches combining RAG pipelines with continuous threat intelligence feeds show real promise for structured classification tasks. NVIDIA's Morpheus platform trained a GPT-2-scale model specifically on raw security logs, using it to generate synthetic training data that reduced false positives in downstream ML detection pipelines (NVIDIA, 2024). That is LLM capability strengthening ML conviction, not replacing it.

That hybrid architecture is where the genuine near-term capability gain lives. LLM as explanation layer on top of ML conviction signals. LLM as analyst copilot interpreting what the classifier already flagged. Not LLM as the classifier itself.

Claude Code Security does not appear to use a hybrid stack of this kind. Claude Code relies on the model reading through code, reasoning about what is happening in the codebase, and driving decision-making from that understanding (Anthropic Docs, 2026). The multi-stage self-verification Anthropic built in is the same LLM checking its own work. A useful mitigation. Not a conviction layer.

Understanding this distinction makes the "does a newer model solve it?" question more precise. The answer is still no. Now we know exactly why.

Does Sonnet 4.6 or Opus 4.6 Change This?

The models are substantially better at factual accuracy than they were eighteen months ago. Reduced hallucination rates, stronger contextual reasoning, improved performance on structured technical tasks. The capability curve is real.

Reduced is not eliminated. For security decisions where the margin for error approaches zero: blocking an IP, escalating an incident, closing a ticket, average accuracy is the wrong metric entirely. You need reliable accuracy across every output, every time. No current model delivers that without verification.

Anthropic's self-verification loop inside Claude Code Security is the engineering team's honest response to this constraint. Build in a check. Make a human approve everything. That is not an AI-powered SOC. That is an AI-assisted analyst workflow. The distinction matters enormously, especially when you are scoping budget or headcount decisions around it.

Will AI Replace SOC Analysts?

The threat to security jobs is real, but the mechanism is more specific than the headlines suggest.

AI that handles alert pre-triage, drafts initial summaries, and flags potential pattern matches is already useful and will become more so. The analysts who know when to trust that output and when to verify will become more valuable, not less. They need the contextual depth to catch the hallucinations, not just accept the output.

Tier 1 roles built around mechanical alert handling are genuinely at risk. Not because AI is replacing judgement. Those roles were never really exercising much of it.

The smarter framing for any security team evaluating these tools: not "does it work?" but "what happens when it is wrong, and will we know quickly enough?"

Until that answer is satisfying, the human stays in the loop. Not as a policy concession from a responsible AI company. As a technical requirement.

Further Reading: AI, ML, and What Is Going On

The debate about AI in security generates a lot of noise and very little grounded reading. These books will not tell you which vendor to buy. They will give you the conceptual foundation to evaluate any claim you encounter, understand what the tools you already use are actually doing under the hood, and think clearly about where the technology is heading.

Disclosure: Links below are Amazon affiliate links. If you buy through them, I earn a small commission at no extra cost to you and you get to support the blog.

AI Snake Oil by Arvind Narayanan and Sayash Kapoor (Princeton University Press, 2024) is the most useful book on this list for the broadest audience. Narayanan and Kapoor are computer scientists at Princeton, and they draw a clear, evidence-based line between AI applications that genuinely work and those that exploit the mystique of the technology to sell something that does not. The chapter on predictive AI in high-stakes domains is directly applicable to security. If you sit in a vendor meeting, brief leadership on AI security tools, or read coverage like this article, this book gives you the vocabulary to ask better questions. No prior technical knowledge required.

The Alignment Problem by Brian Christian (W. W. Norton, 2020) takes a longer view. It explains in accessible but technically precise terms why AI systems consistently fail to do what we intend, why that failure is structural rather than incidental, and why scaling models has not resolved it. Written before the current LLM generation, the core argument has aged remarkably well. It is the right starting point for any practitioner who wants to understand why hallucinations happen at a mechanistic level, not just accept that they do. Readable by non-technical audiences but rewarding for engineers too.

If your team is evaluating AI tools for defensive work and concerned about data exposure, see which security tasks actually work with local AI and where the hardware trade-offs sit.

For more on how AI is reshaping the threat landscape, see The 12 AI Security Threats Hitting Organisations.

Want to build the skills to work effectively alongside AI tools? Start with the Cybersecurity Skills Roadmap.

Last updated: March 2026

References and Sources

  1. AIMultiple. (2026). Large Language Models in Cybersecurity in 2026. LLMs fine-tuned on cybersecurity data can detect log anomalies, analyse phishing, and map threats to MITRE ATT&CK. research.aimultiple.com/llms-in-cybersecurity
  2. Anthropic. (2026). Making Frontier Cybersecurity Capabilities Available to Defenders. Claude Code Security launch announcement, including 500+ vulnerabilities found in open-source codebases and the human-approval requirement for all findings. anthropic.com/news/claude-code-security
  3. Anthropic Careers. (2026). Strategic Account Executive, Cybersecurity. Role targets expansion of Claude across AI-powered SOC platforms, threat detection, and security copilots. greenhouse.io/anthropic/jobs/5075093008
  4. Anthropic Docs. (2026). How Claude Code Works. Claude Code relies on the model reading code and reasoning about codebase context to drive decision-making, without a separate ML classification layer. code.claude.com/docs/en/how-claude-code-works
  5. Bloomberg. (2026, February 20). Cyber Stocks Slide as Anthropic Unveils Claude Code Security. CrowdStrike fell 8%, Okta 9.2%, Global X Cybersecurity ETF 4.9% to its lowest since November 2023. bloomberg.com
  6. CSIS. (2026). AI-Driven Code Analysis: What Claude Code Security Can and Cannot Do. Claude Code Security operates at the build-time code layer, distinct from EDR and XDR platforms defending live environments. csis.org/blogs/strategic-technologies-blog
  7. CrowdStrike. (2026). Machine Learning in Cybersecurity: Use Cases. Covers unsupervised learning for attack pattern discovery and reinforcement learning for intrusion detection and DDoS response. crowdstrike.com/cybersecurity-101/artificial-intelligence/machine-learning
  8. NVIDIA. (2024). Building Cyber Language Models to Unlock New Cybersecurity Capabilities. Describes the Morpheus platform and a GPT-2-scale model trained on raw security logs to generate synthetic training data and reduce false positives in downstream ML detection pipelines. nvidia.com/blog
  9. Sophos Data Science Group. (2017). Machine Learning: How to Build a Better Threat Detection Model. Schiappa, M. Documents Sophos's deep learning pipeline for malicious URL detection, covering feature engineering via ngram hashing, neural network architecture using Keras and TensorFlow, precision/recall threshold calibration, and ROC curve evaluation. At a false positive rate of 1e-4, the deployed model achieved 99.9% precision. assets.sophos.com
  10. Wikipedia. (2026). Claude (language model). Claude models are generative pre-trained transformers fine-tuned with reinforcement learning from human feedback and Constitutional AI. en.wikipedia.org/wiki/Claude_(language_model)
  11. Yahoo Finance / Wedbush. (2026, February). Anthropic's Claude Code Security Launch Rattles Cybersecurity Stocks; Wedbush Sees Selloff as Overreaction. Wedbush described the market reaction as "AI Ghost Trade" fears unlikely to reflect long-term fundamentals for Palo Alto, CrowdStrike, and Zscaler. finance.yahoo.com

You might also like...

01
Mar
AI Agent Attack Surface

AI Agent Security Risks in 2026: A Practitioner's Guide

Gartner predicted in 2021 that 45% of organisations would experience software supply chain attacks by 2025. The reality exceeded their
14 min read
01
Mar
Government Attack Surface Reduction

UK Government Slashes Cyber Fix Times by 84%

Published March 2026 The UK government's Vulnerability Monitoring Service (VMS) is a centrally funded scanning service that continuously
7 min read
12
Feb
Notepad CVE-2026-20841

Two Notepad Attacks in One Week: Your Tools Are the Target

Software supply chain attacks more than doubled in 2025, with developer workstations identified as high-value targets across multiple industry reports
5 min read
05
Feb
OpenClaw - open-source AI agent framework

OpenClaw Security Risks: The AI Agent Threat Explained

Updated March 1, 2026: Added ClawHavoc final campaign data (1,184+ malicious skills), six new CVEs from Endor Labs (nine
17 min read
04
Feb
Notepad++ update server compromise

Notepad++ Compromised for 6 Months: Check Your Version Now

Notepad++ update servers were compromised from June through December 2025 by a Chinese state-sponsored threat group. The attackers hijacked the
6 min read

Member discussion