Security Operations Centers (SOCs) face growing challenges in managing cybersecurity threats due to an overwhelming volume of alerts, a shortage of skilled analysts, and poorly integrated tools. Human-AI collaboration offers a promising path to augment the capabilities of SOC analysts while reducing their cognitive overload. To this end, we introduce an AI-driven human-machine co-teaming paradigm that leverages large language models (LLMs) to enhance threat intelligence, alert triage, and incident response workflows. We present a vision in which LLM-based AI agents learn from human analysts the tacit knowledge embedded in SOC operations, enabling the AI agents to improve their performance on SOC tasks through this co-teaming. We invite SOCs to collaborate with us to further develop this process and uncover replicable patterns where human-AI co-teaming yields measurable improvements in SOC productivity.
View on arXiv@article{albanese2025_2505.06394,
title={ Towards AI-Driven Human-Machine Co-Teaming for Adaptive and Agile Cyber Security Operation Centers },
author={ Massimiliano Albanese and Xinming Ou and Kevin Lybarger and Daniel Lende and Dmitry Goldgof },
journal={arXiv preprint arXiv:2505.06394},
year={ 2025 }
}