The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?"
During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments. The conversation moved quickly past the "AI hype" and landed on a sobering reality: in a world of agentic threats and compressed attack timelines, the traditional, human-led SOC is reaching its breaking point.
Here are the three key takeaways from their discussion and how they define the next era of the AI-enabled SOC.
In any high-stakes environment (whether it’s aviation or global finance) interconnectedness is both a superpower and a vulnerability. Deneen highlighted how a "triple ripple effect" can turn a five-minute data integrity issue into a systemic operational crisis.
The biggest driver of this risk? Time compression. "The time from entry to exploit to impact is so compressed now that we really have to have an understanding of what that baseline is and the visibility to give the defenders a chance to go against it." — Deneen DeFiore
When attackers are using automation to move through your network in minutes, waiting for an analyst to manually correlate logs is no longer a viable strategy. You need a defense that operates at the same velocity as the threat.
Many organizations have spent the last year experimenting with AI in silos. But as we move into the second half of 2026, the focus has shifted to operationalizing AI at scale. The consensus from the RSAC stage was clear: you cannot "human" your way out of a machine-scale problem.
"You can't use human everything—human processes and standard technology—to defend against or to understand what's going on at scale... You're going to have to use AI and agentic AI to help defend in that way." — Deneen DeFiore
This industry-wide challenge is exactly what we had in mind when we developed Corelight Agentic Triage. It’s designed to be the "teammate" that never blinks. By deploying autonomous agents that reason through network evidence, we aren't just giving you another alert; we’re giving you a verified, defensible investigation that analysts can immediately act upon.
One of the most profound moments of the session was the shift from "Cyber Security" to "Cyber Safety." In safety-critical industries, you can’t just trust a black-box AI to make decisions. You need to know why it reached a conclusion.
"Not only is it acting, but it's spitting out how it's doing it. So we have that traceability and we feel confident that okay, it’s working as designed or within the guardrails." — Deneen DeFiore
Corelight’s Agentic AI was built with this exact requirement in mind. When a Corelight agent triages an alert, it provides a full audit trail of its reasoning. This transparency is what allows SOC leaders to move from skepticism to trust, allowing the AI to handle the noise while humans focus on the strategy.
As we wrap up another year at RSAC, the message for SOC teams is one of adaptation. We don't need perfection from our tools; we need resilience. We need a mechanism to understand variations, learn from near-misses, and act before a ripple becomes a wave.
The AI-enabled SOC is no longer a vision, it is the new standard for anyone defending critical business processes in 2026.