What is it about?
This study reviews 189 academic papers to understand how Artificial Intelligence (AI) is being applied in Security Operations Centers (SOCs)—the teams responsible for monitoring, detecting, and responding to cyber threats. By organizing the findings using the widely recognized NIST Cybersecurity Framework, the paper highlights where AI is most commonly used (like detecting threats), where it's still underused (like recovery), and which algorithms and tools are most popular. It also explores whether the tools are openly available and how transparent or explainable the models are.
Featured Image
Photo by CDC on Unsplash
Why is it important?
Security teams today face a flood of cyberattacks, but the tools they rely on can’t always keep up. AI promises faster detection and smarter decisions—but not all promises are being fulfilled. This review reveals where AI is truly helping, where it falls short, and what still needs work. It’s a reality check for researchers, developers, and decision-makers investing in AI for cybersecurity. Better understanding these gaps helps shape more effective and trustworthy AI tools for the future.
Perspectives
It’s exciting to see how AI is rapidly becoming essential to modern cybersecurity—but also frustrating that so many proposed tools remain proprietary and opaque. This paper helped me see not just what’s working, but what we, as researchers and practitioners, need to improve. My goal was to provide a clear, structured map for both researchers and professionals navigating the complex AI-in-SOC landscape.
Despoina Giarimpampa
Universite du Luxembourg
Read the Original
This page is a summary of: Exploring the Role of Artificial Intelligence in Enhancing Security Operations: A Systematic Review, ACM Computing Surveys, September 2025, ACM (Association for Computing Machinery),
DOI: 10.1145/3747587.
You can read the full text:
Contributors
The following have contributed to this page
