AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift

Morten Kjaersgaard expects fewer than 500 of three million monthly alerts to need a human analyst in the year ahead.

COPENHAGEN, DENMARK, May 12, 2026 /EINPresswire.com/ -- Heimdal's managed SOC processes three million alerts a month. In the year ahead, fewer than 500 of those, less than 0.02%, are expected to need a human analyst.

That's the forecast from Heimdal founder Morten Kjaersgaard, based on the trajectory of AI Wingman SOC as it absorbs the bulk of routine triage work.

New research commissioned by Heimdal suggests the wider market is heading the same way.

A Heimdal survey of 1,000 IT and security pros across the US and UK found 79% expect AI to reduce manual workload. 38% expect a shift to higher-value work within three years.

"The SOC analyst job is being rebuilt around the cases that matter," said Kjaersgaard.
"Their work shifts from operating the SOC to improving the platform and training the AI sitting on top of it. We're not scaling the team down. We're scaling customer load up while the role shifts underneath them."

A volume problem on both sides

Attackers are using AI to scale, not to innovate. The bulk of what's being accelerated is high-volume, low-complexity work. More phishing. Slightly better phishing. Still phishing.

Defenders need AI for the same reason. Triage volume that humans were never meant to process at scale.

"Anything that requires vast volumes of data to be analyzed manually is going to be automated," Kjaersgaard said.
"Low complexity, high volume work goes to AI. The sophisticated cases stay on the table for the SOC responders. That's where human judgment still earns its place."

The survey data points the same direction. Sensitive data being uploaded to AI tools is the top AI-related concern for 61% of IT professionals.

Only 40% feel their current security tools are fully equipped for AI-driven risk. The work the industry has been asking humans to do at volume is the work it now expects AI to absorb.

Where Heimdal's position differs

Heimdal isn't planning to reduce its SOC team.
As AI absorbs more triage, headcount stays stable and the work changes. Analysts focus on the cases that warrant real investigation, and on improving the AI that handles the rest.

Across the wider market, the picture is different. Providers built around high-volume human triage face a structural problem. The work they bill for is the work AI handles first, fastest, and at a fraction of the cost.

The forecast extends the position Heimdal set out in April with the launch of AI Wingman and Third-Party AI Containment.

AI Wingman SOC is the third tier, rolling out across 2026 alongside Assist and Triage. The initial release covers 15 SOC-relevant protection features and is expected to reduce L1 triage time by around 25% as it matures.

Compliance keeps humans in the loop

Compliance is what keeps humans in the SOC. Regulated environments require an accountable person behind security decisions, and that requirement isn't moving.

What changes is the work. Less time in tickets. More time on the cases that warrant real investigation, and on improving the systems that handle the rest.

About the survey

The research surveyed 1,000 IT and security professionals across the US and UK on AI adoption, governance, and risk management in IT and security environments.

Full findings will be published by Heimdal in the coming weeks.

About Heimdal

Heimdal is a global cybersecurity provider delivering a unified security and compliance platform that brings together prevention, detection and response across endpoint, identity, email, network and access security.

With more than 12 fully integrated products and over 17,000 customers worldwide, Heimdal helps enterprises and MSP partners reduce risk, strengthen operational resilience and consolidate their security stack.

Organizations in more than 40 countries rely on Heimdal's platform to prevent threats, detect breaches and automate response without the need for a SIEM or multiple point solutions.

Danny Mitchell
Heimdal Security
+44 7999 498241
email us here
Visit us on social media:
LinkedIn
YouTube
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.