The Cybersecurity Defenders Podcast #246 - Defender Fridays: AI in the SOC with Matt Bromiley from Prophet Security
6 snips
Sep 12, 2025 
Matt Bromiley, a security engineer and incident response veteran building agentic AI SOC solutions at Prophet Security. He talks about practical AI use in SOC workflows. He explains why AI is more than chatbots and why it cannot fully replace human analysts. He shares tactics like private LLMs, RAG and project-based context, modular subagents, and treating AI for handoff and recordkeeping.
AI Snips
Chapters
Transcript
Episode notes
Train LLMs With Reference Repos
- Do train LLMs with domain-specific reference material before asking them to generate structured security artifacts like Sigma rules.
- Pull the Sigma repo locally and create a support file so the model produces context-aware, less hallucinatory detections.
AI Can't Replace Human Storytelling
- Insight: LLMs can't fully replace SOC analysts because human creativity and storyline-building remain hard for AI to emulate.
- Attempts to hard-code human decisions into an AI yield brittle automation that mimics rules rather than true human reasoning.
Keep Incident LLMs Private On Prem
- Do run private on‑prem LLMs and feed them your incident reports, pen tests, and scans to preserve OPSEC and institutional knowledge.
- Use this private LLM as an internal searchable IR/SOC library so juniors can ask "have we seen this threat" without uploading secrets externally.