The State of Agentic Security 2026 survey, compiled by Maidar Secure in partnership with Strike48, reveals a startling chasm between what South African security chiefs say should happen in their SOCs and what they are actually ready to deploy. Out of 100 senior cyber‑defence leaders, a 62‑point gap emerged between ideal and real‑world adoption of AI agents, signalling that trust—not technology—is the biggest hurdle standing in the way of a faster, machine‑speed response to today’s threats.
A striking 84 % of respondents agree that AI agents ought to manage routine level‑1 alerts, yet only 22 % have confidence to let those agents operate autonomously. At present, merely 36 % of the organisations surveyed run an AI agent in production for a single use case, underscoring the reluctance to hand over even the most basic SOC chores to software.
“Adversaries are already operating at machine speed. Defenders mostly aren’t,” explains Tim Leehealey, Vice‑President of Corporate Strategy and Operations at Strike48. “The data shows security leaders know where they need to go. They just don’t trust the road yet.” His comments echo the report’s central finding: trust is the primary barrier to wider AI‑agent adoption.
Trust gap widens adoption of AI agents in SOC
| Metric | What leaders think should happen | What they are doing today |
|---|---|---|
| AI agents handling L1 alerts | 84 % say they should | 22 % have deployed |
| Full‑scale AI‑agent production | 100 % envision broader use | 36 % run a single use case |
| Confidence in autonomous action | 52 % trust agent outputs | 48 % remain skeptical |
| Access to complete log data | 84 % require full visibility | 57 % lack comprehensive data |
The table makes clear that while optimism is high, execution lags far behind. The most common concerns—hallucinations, incomplete data, and unintended actions—affect 64 % of leaders, many of whom flag three or more trust issues simultaneously.
Data visibility further compounds the problem. 57 % of respondents admit they cannot trust agents because the agents might act on partial information, and an overwhelming 84 % say their current tools fail to reach all the log data needed for thorough investigations. In practice, an AI agent built on a patchy data foundation simply inherits those blind spots, reinforcing hesitation among decision‑makers.
The urgency of closing this trust gap is amplified by a joint briefing from the SANS Institute and the Cloud Security Alliance titled The AI Vulnerability Storm. The authors warn that organisations that continue to rely on purely human‑driven SOCs will see a “widening capability gap against AI‑augmented adversaries, regardless of their existing technical skill.” Their top recommendation? Introduce AI agents into the cyber workforce without delay.
Additional insights from the 2026 report paint a broader picture of the market’s trajectory:
- 46 % of security leaders are actively researching or evaluating agentic solutions.
- 60 % would first automate alert triage and prioritisation, the most time‑consuming SOC task.
- 80 % cite the cost of keeping log data “hot, live, and searchable” as a major budget pain point.
These figures suggest a growing appetite for AI‑driven assistance, even as budget constraints and data‑access challenges loom large.
Key takeaways for South African organisations
- Layer, don’t rip‑and‑replace – Integrating AI agents into existing security stacks, rather than overhauling them, appears to be the fastest path to real‑world benefits.
- Prioritise data completeness – Ensuring agents have unfettered access to all relevant logs dramatically reduces the risk of false positives or missed threats.
- Evolve the analyst role – As agents take over repetitive triage, L1 analysts can transition to “agent‑manager” positions, focusing on oversight and strategic response.
Leehealey stresses that “security teams don’t have time to wait for the perfect agentic solution.” Those that start by layering agents into the stack they already have and giving them visibility to as much data as possible will have a major advantage over AI‑enabled adversaries.
Maidar Secure, with its African‑wide managed‑security services, is positioning itself to help local enterprises navigate this transition. By coupling its SOC expertise with Strike48’s agentic platform—offering end‑to‑end log visibility, automated detection engineering, and 24/7 response—Maidar aims to bridge the trust gap and deliver the machine‑speed defence that today’s threat actors already wield.
The full State of Agentic Security 2026 report is available as a free download from Strike48, providing a deeper dive into the data and recommended steps for organisations ready to modernise their security operations.
As South African businesses grapple with rising cyber risk, the message is clear: the future of SOCs will be AI‑augmented, but getting there will require confronting trust issues head‑on, tightening data pipelines, and re‑skilling analysts to work alongside intelligent agents.