AI does not appear to be a miracle cure for improving the signal-to-noise ratio for SOC teams. Even though AI assists security professionals, the old issue of alert fatigue remains at large. AI tooling is not yet capable of eliminating noise, distractions, and doubts when defending against cyber threats.
Vectra AI surveyed 1,450 security professionals about their detection and response tactics. The survey revealed that 63 percent of alerts remain unaddressed. The fundamental problems that have always existed remain, despite the move to modern cloud environments and more advanced tooling. At least two days a week, security professionals have to put important tasks aside to manage alerts.
Ideally, this form of triage should be performed by AI, but that is not yet the case. Alert triage tops the AI wish list (32 percent), followed by assistance with investigation (23 percent) and reporting (22 percent).
Alert volume is decreasing, but triage hours are not
The number of security alerts per day has decreased, from 3,832 in 2024 to 2,992 in 2025. That sounds positive, but the reality is more challenging. Security teams still spend an average of 2.5 hours per day triaging alerts. Forty-one percent even spend more than three hours on it every day. Only 36 percent of all alerts can be handled.
Security teams are struggling to eliminate this noise on the line, something that has been the case since the emergence of large-scale online threats. 69 percent worry weekly that a real threat remains hidden in the stream of alerts. 44 percent admit to losing the battle to prioritize real threats. Threat detection on the network (43 percent), email traffic (40 percent), and cloud environments (39 percent) are cited as the biggest concerns in this area.
AI adoption is growing, but results remain limited
AI-powered security tools are nevertheless gaining ground. 87 percent expect to deploy more AI tools next year, primarily to replace legacy detection and response tools. It seems that modern tooling simply offers AI-driven assistance and integrates it centrally, so that modernizing the software product also means introducing AI.
Of all SOC teams surveyed by Vectra AI, 95 percent use AI agents or assistants to some extent, with 76 percent indicating that AI handles more than 10 percent of their workload. 67 percent see a positive impact of AI tools on threat detection. However, the return remains limited, as AI accounts for only 17 percent of the workload on average.
Trust in vendors remains low
All this AI adoption has not improved confidence in security vendors. Fifty-eight percent are frustrated by empty promises and products that require constant tuning, virtually unchanged from 2024. Fifty-nine percent feel that vendors flood them with meaningless alerts to avoid responsibility for breaches. Fifty-one percent say that tools increase rather than reduce their workload.
The perceived shortcomings of vendors are accompanied by procurement issues. 61 percent indicate that security tools are often purchased as a “box ticking” exercise for compliance. 73 percent would like other teams to consult them before investing in tools. 72 percent logically argue that reducing risk should really be the priority.
Tool sprawl also remains a problem. 69 percent use more than ten tools for Detection & Response, with 39 percent juggling more than twenty tools. 56 percent lose hours per week switching between tools. 55 percent say that more effective security tools alleviate the workload better than hiring additional analysts (36 percent).
AI has certainly gained a foothold in the SOC. Earlier this year, Vectra AI introduced its AI Analyst specifically to combat alert fatigue. This seems to be an answer to the question raised by this study. But while optimism about AI is growing, the fundamental question remains whether this optimism actually results in help where it is needed. The data suggests that the promise of AI has not yet delivered on the reality of fragmentation, noise, and slowness.