Towards AI-Driven Human-Machine Co-Teaming for Adaptive and Agile Cyber Security Operation Centers

Massimiliano Albanese; Xinming Ou; Kevin Lybarger; Daniel Lende; Dmitry Goldgof; Faayed Al Faisal; Kritan Banstola; Arka Ghosh

doi:10.1145/3819819

What is it about?

Security Operations Centers face a growing workload: too many alerts, too many disconnected tools, and too few skilled analysts. This article presents a vision for using large language model-based AI agents as collaborators in SOC workflows. Rather than replacing analysts, these agents would act more like apprentices: helping with alert triage, threat intelligence, investigation, and response while learning from analyst feedback and operational context.

Photo by Markus Spiske on Unsplash

Why is it important?

Many SOC tasks require judgment that is difficult to capture in fixed rules. Analysts rely not only on technical data, but also on tacit knowledge about the organization, its systems, its users, and the broader threat environment. This paper argues that human-machine collaboration can help capture and operationalize that knowledge, reducing repetitive workload while keeping humans in control of security-critical decisions. The paper is especially relevant because SOCs continue to struggle with alert overload, analyst burnout, and poorly integrated tools.

Perspectives

Writing this article was especially meaningful because it brings together several research threads: cyber security operations, human-machine collaboration, vulnerability analysis, and the practical challenges faced by real Security Operations Centers. What we find most compelling is the idea that AI should not simply be treated as another automation tool, but as a collaborator that can learn from human analysts while still leaving judgment and accountability in human hands. We hope this article encourages both researchers and practitioners to think more carefully about how generative AI can be introduced into security operations in ways that reduce analyst burden, capture hard-earned operational knowledge, and improve cyber defense without overlooking the need for trust, oversight, and explainability.
Dr. MASSIMILIANO ALBANESE
George Mason University

This page is a summary of: Towards AI-Driven Human-Machine Co-Teaming for Adaptive and Agile Cyber Security Operation Centers, ACM Transactions on Internet Technology, June 2026, ACM (Association for Computing Machinery),
DOI: 10.1145/3819819.
You can read the full text:

Read

Resources

URL
Project website
Dedicated homepage for the AI for Cyber Operations project, which will provide data, code, and other resources as the project progresses.

Contributors

The following have contributed to this page

Helping Security Analysts and AI Work Better Together

What is it about?

Why is it important?

Perspectives

Resources

Project website

Contributors

Discover more

Medical Research

Life Sciences

Physical Sciences

Technology and Engineering

Environmental Research

Arts and Humanities

Social Sciences

Business and Management

Helping Security Analysts and AI Work Better Together

What is it about?

Featured Image

Why is it important?

Perspectives

Read the Original

Resources

Project website

Contributors

Share this page:

Discover more

Medical Research

Life Sciences

Physical Sciences

Technology and Engineering

Environmental Research

Arts and Humanities

Social Sciences

Business and Management