Blueprint: Build the Best in Cyber Defense Redefining Security Operations: Lessons in AI Integration with James Spiteri
Jun 12, 2025
James Spiteri, who leads product initiatives at Elastic for AI and machine learning in security, shares insights on how AI is transforming Security Operations Centers. He discusses the rise of agentic automation, which creates independent workflows while maintaining human oversight. Spiteri highlights the Model Context Protocol and its integration with large language models, addressing both the benefits and potential risks, such as AI 'hallucinations'. The conversation emphasizes the balance needed between automation and human engagement for effective cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Alert Metadata Often Holds The Story
- Alert metadata often contains enough signals (timestamps, parent/child processes, technique tags) to stitch incidents.
- Add selective environment context to prioritize what attackers threaten most.
MSSPs Gain Big Leverage
- MSSPs gain outsized value from AI features because they must scale context across many customers.
- Centralized AI can act as a hive mind to apply per-customer context at scale.
Customer Found 34% Analyst Gain
- One customer measured a 34% performance gain when analysts used Elastic's AI features.
- That study also showed meaningful time and cost savings per incident.