Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

AI Agents vs. AI Agents: The Future of Security Operations | Interview with Monzy Merza

Mar 24, 2026

Monzy Merza, co-founder and CEO of Crogl and former security researcher, explains how attackers now deploy AI agents to run fast automated campaigns. He explores agent-vs-agent threats, AI SOC agents that enrich alerts and produce MITRE-based investigations, when humans must remain in the loop, shifting SecOps roles toward engineers, and practical governance and testing for agentic tools.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Large Enterprise Example Of AI SOC Investigation

Crogl connects alerts to multiple incident management systems and data lakes, runs MITRE ATT&CK kill chain analysis and returns an investigation report.
Monzy described a large enterprise with 100 analysts using Crogl to enrich alerts without analysts writing queries or remembering data schemas.

ADVICE

Phase Agent Adoption With Human Decision Gate

Adopt agentic automation in phases: start with narrow use cases, let the system run autonomously while humans remain decision makers, then expand until alignment allows full autonomy.
Monzy advised measuring alignment between machine recommendations and human decisions before granting full autonomy.

INSIGHT

Humans Must Keep High Impact Decision Authority

High-stakes operational decisions like accusing an insider or removing access will remain human-mediated due to legal, procedural and risk considerations.
Monzy used insider-threat investigations and potential wrongful accusations to show why humans must verify AI findings before punitive actions.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this Secure and Simple Podcast episode, host Dejan Kosutic from Advisera interviews Monzy Merza, co-founder and CEO of Crogl, about how cybersecurity is shifting to an “agent versus agent” world where attackers task AI agents to run fast, low-cost, sophisticated campaigns without human approvals. Merza outlines core security operations activities—preparation/tooling, alert investigation, and response—and explains how AI is changing each, including AI SOC agents that automatically connect to multiple data sources, enrich alerts, run MITRE kill chain analysis, and produce investigation reports, as well as AI-driven response actions and documentation. They discuss when humans must remain in the loop for high-impact decisions, how organizations build trust through phased adoption with measurable use cases, why roles may shift from analysts to more security engineers, and governance needs like flexible integrations, model choice, and transparency in AI security tools.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
- Crogl company https://crogl.com/
- 2026 State of SecOps Report https://www.crogl.com/newsroom/state-of-secops-ai

(00:00) - Interview with Monzy Merza
(00:58) - Agent vs Agent Threats
(03:22) - Three Phases of SecOps
(05:53) - AI SOC Investigation Example
(08:41) - Autonomy vs Human in the Loop
(12:48) - Human Only Decisions
(16:43) - Building Trust and Maturity
(19:07) - Future Security Roles
(24:24) - AI Change Wave
(27:08) - Testing AI Maturity
(29:25) - Governance Framework Gap
(31:15) - Policy Meets Hallucinations
(34:50) - Business Alignment Example
(37:14) - Governance Requirements
(41:57) - SOC Roles Reshaped
(47:26) - Resources for Consultants and Cybersecurity Professionals