Business & Technology
Lessons from deploying AI in a live SOC
When SOC teams need to cut through the noise, AI can be crucial. However, it’s true value can only be felt if it’s implemented with operational context and discipline. Through the real experience of running a live SOC, we’ve learned lessons on putting AI into production, rather than just discussing it.
The challenge facing today’s SOC isn’t hard to describe. Too many alerts, too many tools, too little time. To make matters more complicated, there aren’t enough people to keep pace with attackers who are becoming quieter, more patient, and increasingly automated.
Most security leaders already know this. The noise problem is well understood, and the skills shortage is well documented. The pressure being put on analysts is visible every day.
What’s less often shared, however, is what happens when you try to fix it. Talking about AI in SOC is easy. Implementing it inside a live, multi-customer SOC, where mistakes have consequences, is something different.
AI as a change to how the SOC operates
AI shouldn’t be approached as a feature to be added. As a managed security service provider, Gamma Communications runs a live SOC that supports multiple customer environments. Each one comes with different tools, playbooks, and governance requirements.
When we first started integrating AI into our investigative workflows, the goal was to make the SOC sustainable at scale, without endangering trust. We never set out to replace analysts or chase the next big innovation headline.
That distinction matters. Simply adding AI on top of existing processes doesn’t solve the problem. In many cases, it makes it worse.
Automation alone follows rules. It doesn’t reason, adapt or explain itself when something goes wrong. In an environment that depends on judgement and accountability, that limitation shows up very quickly.
AI only creates value when it understands the process
One lesson we learned early on was that single agent AI approaches struggle in real investigations. They can look impressive in isolation, but incidents are messy.
A single phishing case can involve headers, domains, attachments, QR codes, URLs, enrichment from threat intelligence. Not to mention the structured decision making around severity and response.
Human analysts navigate that complexity instinctively, because they have context and experience. AI, on the other hand, needs structure.
That’s why we moved towards a multi-agent approach. Different agents handle distinct parts of the investigation, and deterministic automation handles tasks that must be executed with certainty.
AI reasoning is applied where it genuinely adds value, interpreting patterns, prioritising signals, and supporting decision making. Control over judgement, escalation, and accountability is retained by humans.
An AI-powered, human-led future for SOC
Trust was the hardest thing to earn, both internally and operationally. In a live SOC, you cannot afford confident but incorrect outputs. Hallucinations must be avoided, and you shouldn’t be left with decisions that can’t be audited or explained.
Guardrails were foundational, not optional.
We constrained what the AI could see, how it could reason, and what it was allowed to produce. Strict workflows were defined, outputs were validated continuously, and human oversight over escalations and high severity incidents was maintained. Performance was also monitored over time – not just in testing, but in production, across real cases.
Consistency builds trust
The benefits didn’t show up everywhere, which is important to say. AI didn’t magically eliminate the need for skilled analysts. Instead, it changed how their time was spent.
The most measurable impact came through early investigation and triage. By accelerating data gathering, enrichment, and structuring, we saw five to ten times improvements in Mean Time to Investigate at that initial stage. Work that previously took twenty minutes could often be reduced to a few minutes, without cutting corners.
That matters, but not because speed is everything. Analysts were given the space to focus on judgement, rather than noise.
Analysts now have time to think
There’s a growing temptation in the market to treat AI adoption as a buying decision. You pick a tool, switch it on, and move on. Our experience suggests that approach rarely survives in a real-world situation
Some commercial solutions are valuable, while others lack the flexibility required in multi-customer environments. Internal development brings control, but also responsibility.
In practice, a multi-model, multi-solution approach proved necessary as it reflected how real SOCs operate. Elegance was never a driving factor.
This is where many organisations will struggle. The AI works, but implementation is often treated as a technological project, rather than an operating model change.
GenAI: Designed in, not bolted on
The uncomfortable truth is that doing nothing is no longer an option. The scale of threats, the pace of change, and the pressure on people mean the traditional SOC model will continue to fracture under load.
AI can help restore balance, but only when it’s introduced safely and deliberately. The role humans still play in security decision-making must continue to be respected.
The mistake many organisations will make is treating AI in the SOC as a technology upgrade. In fact, it’s an operating model decision, and it will expose every weakness in process, governance, and accountability that already exists.
The real question is whether your SOC is ready to absorb AI without increasing risk. That means knowing where AI should reason, where automation must remain deterministic, and where human judgement can never be removed. It means recognising that illumination comes from discipline and experience, not from adding more tools.
How do we know this? Because we’ve been there. AI was implemented inside a live, multi-customer SOC, where mistakes are visible and trust is earned the hard way.
The takeaway is simple. Illumination stems from an understanding on how people, process, and AI work together at scale.
Want to know how AI fits into your SOC? Join our live webinar on Tuesday 21st April to see how organisations can move forward with clarity rather than guesswork.
Sparky Space, a Berlin company founded by former German Air Force officer Nils Ristau and technology executive Daniel Schmitz, has launched an AI-based work platform now available worldwide.
The platform targets organisations trying to turn training and knowledge into day-to-day execution, a gap the founders argue persists despite heavy corporate spending on digital transformation, skills development and workplace tools. Sparky Space points to industry research suggesting that only 10% to 20% of learning is applied effectively in daily work.
Ristau said he founded the company after drawing on his military background and his belief that many businesses struggle less with access to information than with putting it into practice. In his view, companies often buy training, frameworks and software that remain detached from operational work.
“Most organisations don’t have a knowledge problem – they have an execution problem,” said Nils Ristau, founder of Sparky Space. “Companies are investing in training, frameworks and tools, but too often these sit in isolation from the reality of day-to-day work.
“What’s missing is the bridge between learning and doing. That’s where performance is either won or lost.”
The platform is designed to bring structured methods and AI guidance into live workflows, rather than offering separate learning modules or retrospective review tools. Teams can use it while working through business problems such as product development, strategic prioritisation and the adoption of generative AI in internal processes.
That approach reflects a wider debate in corporate technology over whether productivity and learning tools should remain separate from operational systems or be integrated into them. Businesses in sectors from manufacturing to professional services are under pressure to show returns on training and transformation budgets as economic conditions remain uncertain and teams are expected to work faster.
Ristau linked the product’s design to the discipline required in military settings.
“In military operations, success depends on disciplined execution under constantly changing conditions,” he said. “You don’t have the luxury of separating learning from action – they have to happen simultaneously.
“Modern organisations face similar complexity. Competitive advantage comes from how well teams perform – not just from what they know.”
Schmitz said the software was built for use during normal working routines rather than as another separate system employees visit occasionally. Many organisations already have enough tools and information, he said, but struggle to make them usable in real situations.
“We wanted to create something that teams would actually use in the flow of work,” said Daniel Schmitz, co-founder of Sparky Space. “There’s no shortage of tools or information in organisations today. The challenge is making them actionable.
“Sparky Space is designed to guide teams through real challenges – whether that’s developing a new product, prioritising strategic initiatives or integrating AI into everyday processes – in a way that is structured, repeatable and measurable.”
Use cases
The platform is intended to support innovation and customer-focused product development, agile project and portfolio management, strategic decision-making, leadership alignment and the use of generative AI in workflows. Cross-functional collaboration and product delivery are also among the areas it targets.
The launch comes as companies continue to test how artificial intelligence can be introduced into routine business operations without adding confusion or duplication. For many employers, the challenge is no longer simply gaining access to AI tools, but embedding them in existing processes while maintaining oversight and consistency.
Ristau said that issue helped shape the product’s approach.
“AI has enormous potential, but without the right ways of working, it risks becoming just another layer of complexity,” he said. “Organisations don’t just need access to AI – they need guidance on how to apply it effectively in real situations.
“That’s why we’ve built Sparky Space to combine human-centred methods with AI support, helping teams not only move faster, but also make better decisions along the way.”
The company is entering a crowded market that includes learning management vendors, workflow software providers and a growing number of AI assistants aimed at workplace use. Its argument is that these categories often leave a gap between knowing what to do and carrying it out consistently across teams.
Berlin remains a significant base for software start-ups serving international business customers, particularly in workflow, automation and applied AI. Sparky Space is seeking to tap that market with a product that links management methods with operational use across teams.
Ristau said the companies that succeed will not be those with the most information, but those that can consistently turn that information into action.
BackLite UK has launched a new digital out-of-home advertising installation at the Piccadilly Underpass in Knightsbridge as part of its Landmark Series.
The installation, known as The Knightsbridge, was developed with asset owner Wildstone. It features two 2.8m x 14.4m screens on the eastbound and westbound approaches near Hyde Park Corner.
BackLite UK says the location reaches traffic moving through Knightsbridge, Belgravia and Mayfair, with the displays visible to motorists and pedestrians travelling between some of central London’s best-known retail and leisure districts. The two screens generate more than 3 million fortnightly impacts, according to the company.
The site is close to luxury retail destinations, including Harrods and Harvey Nichols. Advertisers already appearing on the screens include Burberry, Club Med and Franck Muller.
London Refurbishment
The launch forms part of a wider refurbishment programme linked to an agreement between Wildstone and Multiply Media Group, the Abu Dhabi-based parent of BackLite UK, covering more than 10 London sites. Multiply Media Group entered the UK out-of-home market through its partnership with Wildstone.
Wildstone owns the Knightsbridge assets, while BackLite UK handles media sales. Westminster Council awarded Wildstone a long-term licence for the underpass through a competitive tender process.
BackLite UK has positioned The Knightsbridge within its Landmark Series, a collection aimed at advertisers seeking large-format digital sites in prominent urban locations. The range also includes The Cube @ Flannels, the Shoreditch Stack and the Wandsworth Roundabout.
At the centre of the upgrade is a pair of 1440 x 280-pixel digital screens supplied by Daktronics, a US LED manufacturer. BackLite UK selected Daktronics 10mm Outdoor Blue displays for the project.
The development adds to competition for premium outdoor advertising sites in central London, where supply is limited and large-format digital inventory near affluent shopping districts remains relatively scarce.
Jack Fleming, Head of Sales at BackLite UK, said: “The Knightsbridge is a fantastic addition to our Landmark Series, fitting perfectly within our most prestigious collection. There are very few OOH assets in the vicinity, and certainly none of this size and calibre. We quickly recognised the site was much more than an underpass, and worked closely with Wildstone to develop something that really stands out.”
Wildstone says the site was always intended for advertisers targeting the premium end of the central London market. The company has been expanding its role as an owner of outdoor advertising infrastructure while working with media operators on digitisation and upgrades.
Andrew Foster, Group Partnerships Director at Wildstone, said: “With its location in the heart of prime central London, we always believed this site was ideally suited to the premium end of the market. We were therefore excited to secure BackLite UK as our media partner, as its focus on luxury brand advertisers meant we were fully aligned on what the upgrade should entail. This is one of a number of high-end refurbishments we’re carrying out in partnership with BackLite UK and, given our success here, we’re excited to see what the future holds.”
Ricoh UK has published research showing that UK workers spend more time on administrative tasks than employees in other surveyed European markets. The study found that UK workers spend 31% of their time on non-core admin.
The research covered workers in the UK, France, Spain, Italy, the Netherlands and Germany. Italy recorded the lowest share of time spent on admin at 21%.
The UK ranked ahead of Spain at 29%, Germany at 27%, France at 26%, and the Netherlands at 23%. UK office workers surveyed reported losing 15 hours a week to administrative work, or nearly two working days.
Only 51% of UK office workers surveyed said they spend most of their day on tasks that deliver direct value. The research also pointed to growing pressure on retention, with 15% saying they had considered leaving their organisation because of admin burdens alone.
Workplace Strain
The study suggests the issue is affecting team relationships as well as productivity. In the UK, 19% of workers said admin creates conflict or tension within their team, while 16% said they feel resentful towards colleagues with lighter admin loads.
Just 21% said administrative work is distributed equally, and 16% reported generational tension, with younger colleagues seen as resisting such tasks. Nearly a quarter, or 24%, said admin limits their productivity, while 21% said it leaves them less motivated or disengaged. Another 19% said it stifles their creativity.
Across Europe, 48% of employees surveyed said they were considering a new role within the next 12 months. The UK findings indicate admin is one of several pressures shaping how employees view their working day and their employer.
Ricoh also found a gap between how workers view the problem and how they think managers respond. Only 20% of UK workers said they feel their employer cares about admin overload, while 27% said managers underestimate the time it consumes.
Technology Questions
The research comes as businesses continue to review the role of automation and artificial intelligence in office work. In Ricoh’s survey, 34% of respondents reported feeling anxious about the prospect of being replaced.
Uncertainty over how technology will be introduced can add to frustration in workplaces already dealing with heavy administrative demands. The figures suggest the debate is not only about job redesign, but also about employer communication and staff confidence.
Ed MacArthur, Practise Lead – Process Automation at Ricoh UK, said: “UK organisations have pushed hard on digital transformation over the past decade, but that investment hasn’t always translated into simpler workflows for employees. Instead, many are dealing with layers of systems, reporting requirements and compliance processes that sit alongside their core role. That creates duplication, manual workarounds and a heavier administrative load than in markets where processes are either more standardised or less fragmented.”
He said the issue also reflected a mismatch between employee expectations and workplace systems.
Time Reclaimed
MacArthur added, “There is also a clear expectation gap. UK employees are used to consumer-grade technology in their personal lives and expect the same level of ease and integration at work. When workplace tools fall short or when automation is introduced without being properly embedded into day-to-day workflows, it adds friction. The result is a disconnect between the technology organisations believe they’ve invested in and the reality employees experience.”
The survey also asked workers what lighter admin loads would mean for their working lives. Nearly a third (31%) said they would enjoy their job more if they had more freedom to focus on creative tasks.
Another 30% said they would use the time to recharge, while 28% said they would invest it in learning new skills. These responses suggest employees see administrative work not only as a drain on time, but also as a barrier to development, recovery and engagement.
MacArthur said, “When a large share of the week is taken up by repetitive admin, it quickly drains motivation and limits the time people can spend on meaningful work. As the pressure builds, for some, it becomes a reason to look elsewhere. At the same time, uncertainty around AI is adding to the strain. Without clear communication and investment in skills, technology risks creating anxiety rather than confidence, especially as organisations add too many tools. Retention comes down to whether people feel supported and see a future for themselves in the company.”
-
Crime & Safety5 days agoLorry overturns on Oxfordshire A43 roundabout with driver trapped
-
Business & Technology1 week agoAqilla launches AI invoice tool to speed accounts payable
-
Oxford News7 days agoOxfordshire children care provider employed illegal staff
-
Crime & Safety2 weeks agoAmerican Akita and a French Bulldog seized after dog killed
-
Crime & Safety2 days agoOxford teacher who fiddled grades wants banning order ended
-
Oxford News1 week agoHow drivers react to new monk statue on town roundabout
-
Crime & Safety5 days agoRoadworks in Oxford cause Botley Road traffic chaos
-
Oxford News6 days agoEmirates issues new travel and flight update for Brits