Evolving AI‑Native Security Operations: From Agent Risk Monitoring to Agentic SOC
Facing an explosion of enterprise agents, 360’s security team built a dual‑track AI‑native operation that first makes agent‑related threats visible through AI runtime telemetry and then amplifies incident analysis, response and multi‑agent coordination while keeping expert oversight, ultimately turning the SOC into a real‑time risk decision engine.
Background
Since early 2026 the pace of agent adoption at 360 far outstripped expectations. Security teams found themselves racing against AI‑driven risk, not only needing to see threats but also to upgrade infrastructure, management and staffing to keep up with business‑wide agent deployment.
Two Main Workstreams
The practice is organized around two parallel tracks:
Threat‑driven monitoring : identify, collect and contain the most critical agent risks.
Efficiency‑driven automation : let agents handle analysis, triage, response and multi‑agent collaboration while preserving expert supervision.
Both tracks reinforce each other; deep agent usage informs risk models, and risk insights guide governance.
Agent Risk Types
Four concrete risk categories are highlighted:
Shadow AI and Shadow Agent – unknown agents and usage that escape inventory.
Prompt‑injection – malicious inputs from emails, docs or knowledge bases that steer the model.
Data risk – over‑privileged reads, accidental aggregation, or exfiltration via outputs or tool calls.
Permission‑drift in multi‑agent collaboration – cascading context errors and difficulty tracing responsibility.
Traditional security tools can see processes and network activity but cannot explain intent, model reasoning, or the full task chain, so SOC monitoring must extend to the entire agent execution pipeline.
AI Runtime Telemetry
To make agents observable, a new data source called AI Runtime Telemetry is required. It records user prompts, context sources, model outputs, database accesses, tool invocations, and approval logs. Monitoring is split into four layers: content, data, permission and operation security, with the latter three being most relevant for enterprise agents.
Collecting telemetry from model gateways, agent platforms, IAM, DLP, endpoint and network sensors creates a unified view of each agent task.
Agentic SOC Design
The SOC architecture adds three capabilities:
See – discover shadow agents, ingest telemetry, and maintain an agent inventory with risk grading.
Contain – enforce unified controls over identity, permissions, tool usage, approvals, DLP and audit.
Intelligent counter‑measure – use Agentic SOC, model evaluation, red‑blue agent drills and automated containment within controlled boundaries.
Implementation requires 3–6 months to build data foundations and 6–12 months to expose MCP/CLI/API interfaces for agents.
Workflow: L1 Screening and L2 Autonomous Planning
Two layered workflows handle alerts:
L1 – standard SOPs encoded in a workflow engine perform automatic triage; clear cases are resolved, ambiguous or high‑risk alerts are escalated.
L2 – an autonomous planning agent uses expert‑crafted Skills to query assets, intelligence, logs and tools, then produces a full evidence chain before handing off to downstream agents for containment, reporting and forensics.
In internal tests the same Skill executed ~100 times with >95 % consistency, proving stable autonomous reasoning when backed by structured SOPs.
Performance Gains
For a mining‑backdoor incident, traditional response took 2–3 hours. The Agentic SOC reduced analysis to ~2 minutes, tool‑based investigation to ~5 minutes, sandboxing to ~10 minutes and trace‑back to ~15 minutes, completing end‑to‑end response in ~20 minutes.
Key to speed is shared context, unified orchestration and clear human‑in‑the‑loop checkpoints for high‑risk actions.
Human‑in‑the‑Loop and Control
Only tasks that involve data modification, firewall changes, network isolation or business‑impacting actions require expert approval. All other read‑only or advisory steps are delegated to agents. Control logic resides on the service side, not in prompts, ensuring that even if an agent is tricked, underlying permission services limit damage.
Next‑Gen SOC Vision
The ultimate goal is a real‑time decision system that can:
Detect shadow AI and ingest AI Runtime Telemetry.
Maintain a comprehensive agent inventory and risk grading.
Enforce unified identity, permission, tool and data controls.
Conduct intelligent counter‑measures through Agentic SOC, model testing and automated red‑blue exercises.
When business agents continue to expand, the SOC must trace identity, context, permission, tool, data, action and outcome along a single auditable chain, and close the loop from detection through investigation, response and verification.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
360 Tech Engineering
Official tech channel of 360, building the most professional technology aggregation platform for the brand.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
