Defense in Depth

How Much Autonomy Should You Give AI Agents in Your SOC?

4 snips
Feb 19, 2026
Guest
Cliff Crosland
Cliff Crosland, co-founder and CEO of Scanner.dev, a security data lake startup. He discusses granting AI agents gradual autonomy with read-only first and human checkpoints. They focus on minimizing blast radius, using agents for triage and detection engineering, and the need for memory and learning before wider trust.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ADVICE

Earn Autonomy Gradually

  • Start agents with read-only, deterministic tasks and expand actions only after proven reliability.
  • Gradually increase autonomy using tightly scoped actions with human checkpoints.
ANECDOTE

Agents As Smart Interns

  • Treat agents like the smartest intern who knows general skills but lacks business context.
  • Supervise them like a manager until they gain reliable, contextual experience.
INSIGHT

Measure Autonomy By Blast Radius

  • Decide autonomy by blast radius, not raw capability.
  • Favor reversibility and granular authorization over simple read-only vs write rules.
Get the Snipd Podcast app to discover more snips from this episode
Get the app