AI SoC Agents Need A Memory

Exploring a co-existence approach across an AI SoC and Behavioural Security models.

Shaun Archer

7/14/20265 min read

Artificial intelligence concept within a human head
Artificial intelligence concept within a human head

AI SOC Agents Need a Memory

How behavioural security models fill the gap AI SOC agents can't close on their own — and why running both is as much a cost decision as a technical one.

An AI SOC agent is, at its core, a very fast reasoner with no memory. Point it at an alert and it'll pull context from your SIEM, EDR, identity provider and cloud logs, correlate what it finds, and hand back an investigation narrative in minutes. What it generally can't do is tell you that a login "feels wrong" for a specific user, because it has no real concept of what normal looks like for that person. That's a different discipline: behavioural security modelling, the approach underpinning UEBA and identity-risk platforms, which spends weeks quietly building a statistical picture of every user and entity before it says a word.

I don't think one replaces the other. They're solving different problems that happen to sit in the same SOC, and the teams getting real value out of AI right now are combining both on purpose rather than picking a side.

What each one is actually good at

AI SOC agents earn their keep on speed and breadth. They don't need history to be useful — they reason over whatever's in front of them right now, which is what makes them immediately useful against novel, first-seen scenarios with no precedent to compare against. It's a system that turns up on day one with full reasoning capability and no ramp-up time.

Behavioural models earn their keep on precision, built up over time. Their whole value is noticing the thing that never trips a rule: a login from a device this user's used for a year, at an odd hour, doing something slightly off from their normal pattern. No signature, no known-bad indicator, just a deviation from an established baseline. That's the shape of account takeover, insider risk, and credential-based attacks that look completely legitimate to anything that isn't watching the person rather than the event.

Worth flagging: both sides of this market publish numbers that flatter themselves. Vendors reporting on production AI SOC deployments cite figures like 90%+ Tier-1 automation and 60%+ reductions in mean time to respond. Treat those as vendor-reported ceilings from case studies rather than a benchmark you should expect out of the box.

The cold-start problem

Here's the catch with behavioural models — they need to learn before they can be trusted. Industry practice puts the baseline period for UEBA-style detection at roughly 60 to 90 days of observation before the model has a statistically reliable picture of "normal." During that window a behavioural engine is either quiet or noisy, because it hasn't converged yet, so its output shouldn't be treated as an actionable signal. That's what's going on when an identity — a new hire, a new service account, a newly onboarded tenant — is still inside its training period: the model literally doesn't have enough history to have an opinion yet, and treating its early output as gospel just produces false positives, or worse, false confidence.

This is exactly where an AI SOC agent should carry the load. It doesn't care that an identity is three days old, because it reasons over the event itself and whatever context and threat intelligence it can pull in — none of which requires a behavioural history. So the practical rule is: lean on reasoning-based detection during cold start, and once the baseline has converged, hand precision-critical detection back to the behavioural layer and let the agent step back to exceptions.

There's a permanent version of this problem too. Ephemeral or frequently reconfigured identities — short-lived service accounts, autonomous AI agents that get reprovisioned constantly — may never accumulate enough stable history for a baseline to converge at all. For that category, reasoning-based detection isn't just the answer during onboarding. It's the only answer, full stop.

The cost lens

This isn't only a technical distinction. The economics point in genuinely different directions, and that should shape where you deploy which.

AI SOC agents are cheap and fast to stand up, and their cost scales with how much you point them at. Published pricing in this space varies a lot by vendor and contract structure — one smaller-SOC tier prices out to roughly $9 per investigation, while enterprise deployments run to six-figure annual contracts scoped around automation volume. So the real number for your environment depends on alert volume and contract terms, not a flat per-unit rate. Directionally, though, it's a good deal when you're pointing the agent at a curated set of alerts worth investigating, and a much worse one if you try to run every login, email and API call through a full reasoning pipeline. The meter runs continuously, and at population scale that cost adds up fast.

Behavioural models are the opposite shape: expensive to build, cheap to run. Standing one up means data engineering, feature design, and an ongoing baseline-maintenance cost per identity — real upfront investment. But once a baseline's trained, scoring a new event against it is computationally trivial. That's exactly why behavioural models are the only sane way to continuously monitor the firehose of routine activity — every login, every message, every access event, across an entire workforce — where the sheer volume would make reasoning-based investigation of everything financially untenable. Recent industry cost benchmarking puts insider-related incidents alone at roughly $19.5 million a year in impact per organisation, which is the sort of number that justifies the upfront cost of building the behavioural layer properly.

My rule of thumb: behavioural models for the firehose, AI SOC agents for the exceptions. Let the cheap-per-event layer watch everything continuously, and save the reasoning-heavy layer for the much smaller set of things actually worth investigating.

Making the two coexist in practice

The architecture that works isn't "pick one" — it's a pipeline where each layer does the part it's suited for, economically and technically.

The behavioural engine sits closest to the raw event stream. It scores everything continuously and cheaply, and only surfaces the events that actually deviate from an established norm, which is what keeps the volume hitting your investigation layer manageable. The AI SOC agent then picks up what the behavioural layer flags, plus anything with no behavioural context to draw on yet — new identities in cold start, or genuinely novel attack patterns — and does the actual correlation, narrative-building and, with the right human sign-off, response.

The part teams tend to skip is the feedback loop. Every investigation outcome, confirmed benign or confirmed malicious, should flow back into the behavioural model's tuning. That's how false-positive rates actually come down over time instead of sitting flat — some teams report 70–90% reductions in false positives reaching human analysts once this loop is running well, and every point of that is investigation volume the agent doesn't have to burn cost on.

On the team side, this works best as two areas of ownership that talk to each other constantly, rather than one team trying to do both badly. A data or ML function owns baseline health — whether a given baseline's converged, drifting or stale — and tunes thresholds based on investigation feedback. SOC analysts own oversight of the agent itself, particularly early on, and staged rollouts moving from shadow-mode validation, to human-approved actions, to full autonomy are the sensible way to build trust in what it's doing before it acts unsupervised.

Worth building in from day one: the AI SOC agent is itself an identity with real permissions, and it deserves the same behavioural scrutiny you'd apply to a human account — least-privilege scoping, full audit trails, monitoring for anomalous agent activity. The thing doing the investigating shouldn't be exempt from the discipline it's applying to everyone else.

Skip the behavioural layer and you're either blind to the subtle attacks with no signature to match, or paying reasoning-engine prices to watch a firehose of routine activity. Skip the AI SOC layer and you're stuck waiting out a 60-to-90-day cold start with nothing to catch what's new, and no fast way to act on what the behavioural model does find. Run both, wired together properly, and each one covers exactly the gap the other can't close on its own.

Stay

Get weekly cyber tips straight to your inbox

Contact

Connect

shaun@shaunarcher.co.uk

© 2026. All rights reserved.