Redefining Detection Engineering With Interactive AI Agents in the SOC

AI is transforming how Security Operations Centers (SOCs) operate, with tools that augment detection engineers and analysts to combat threats. We show how one SOC at a major hedge fund adopted AI to enhance detection engineering, accelerating creation, and minimizing response time.

By integrating the Mosaic AI Agent Framework with Databricks Notebooks & Apps, this SOC provided detection engineers an AI assistant within their existing workflow.

This agent accelerates detection baselining, anomaly detection, and filtering false positives while giving engineers control over final logic, ensuring human expertise remains central. The modular architecture enables adding capabilities like MITRE ATT&CK mapping, threat intelligence enrichment, and custom patterns without rewriting core logic.

We demonstrate this assistant and how Databricks AI tools, including Genie and MLflow Evaluation, contribute to faster development, increased efficiency, and shortened response times to emerging threats.