Report: Security Teams are Drowning in Alerts, Turning to AI

Prophet Security, an agentic AI SOC platform provider, has recently released its State of AI in SecOps 2025 report, which found that enterprises of 20,000+ employees face over 3,000 security alerts daily. 

Report shows orgs face 500-3,000 alters daily and struggle to keep up

The report surveyed 282 CISOs, SOC leaders, and SecOps practitioners regarding pressing security challenges, their use of AI to address these issues, and the roadblocks to overcoming them.

Smaller enterprises and middle-market companies generate approximately 500 alerts per day, while larger organizations face a significant influx of data, with around 3,000 alerts per day.

A significant finding from this report is that, on average, around 40 percent of alerts are never investigated, and roughly 60 percent of security teams have reported that an ignored alert proved to be critical. This leaves companies vulnerable to significant, yet avoidable security risks, and directly impacts an organization’s security posture.

“Imagine logging in each morning to find a thousand new emails– some urgent, some easily replied to, and some clearly spam– but all demanding our time and attention,” said Grant Oviatt, Prophet Security co-founder and head of security operations. “Most of us sort, filter, prioritize, and still miss a few important messages. That’s a similar reality for SOC teams, where analysts are overwhelmed with security alerts that need investigation, leading to fatigue and eventually missed detections. AI provides a way to handle repetitive and tedious tasks at a fraction of the time, ultimately freeing up analysts’ time to focus on high-value work.”

Pain point for the alert problem

When it comes to addressing this alert problem, companies are actively suppressing detection rules, leaving their organizations open to increased risk and susceptible to sophisticated attacks. About 57 percent of companies are actively suppressing detection rules, especially for cloud and identity.

Alerts are being ignored due to constrained SOC resources. The process of understanding and responding to alerts is time-consuming, and teams struggle to keep up with the volume. 

Further, respondents face issues with continuous monitoring, which means that alerts during off-hours, weekends, or holidays might not be seen or properly addressed promptly. Analyst burnout and turnover are other contributing factors to constrained SOC resources.

“When analysts are overwhelmed by the volume and complexity of alerts, it leads to burnout, which in turn causes turnover,” the report states. “A constantly rotating or fatigued team will struggle to maintain vigilance, preserve institutional knowledge, and effectively respond to alerts.”

AI for security is now a top priority for leaders

The report also found that AI for security has become a top-three priority for security leaders, just after data security and cloud security. 

Those surveyed said that the top uses for AI in the SOC are alert triage and investigation, followed by detection engineering & tuning, and threat hunting.

Among respondents, 67 percent said that alert triage and investigation are primary applications for AI. It can be utilized to automate the process of sifting through high volumes of alerts, prioritizing critical incidents, and providing context for faster human analysis and decision-making.

Next, 65 percent of respondents stated that detection engineering and tuning are a top use case, indicating a desire for AI to refine detection rules, reduce false positives, and ensure the efficacy of security controls. This helps to mitigate the need to suppress detection rules due to capacity constraints.

Lastly, threat hunting with AI was viewed by 64 percent of respondents as valuable for proactive security activities. AI can analyze vast datasets for subtle patterns and anomalies, enabling analysts to uncover hidden threats before they escalate.

“The AI SOC transformation wave is no longer a vision, it’s happening now,” said Filip Stojkovski, the founder and lead researcher at SecUps Unpacked. “This report puts hard numbers behind what many of us in the field already see; the alert problem has reached a breaking point, and AI is being applied first where it matters most: triage, investigation, and tuning. It’s a rare report that captures both the urgency and the practical direction of where SecOps is heading.”

The future of the SOC: why automation is crucial for long-term success

While approximately 55 percent of the organizations surveyed currently use AI in some capacity to triage, investigate, and/or remediate alerts, 83 percent believe that over half of SOC workloads will be completed by AI in the next three years.

Looking more closely at the numbers:

• Five percent of respondents believe that AI will complete 100 percent of SOC workloads 
• 34 percent believe that AI will complete 75 percent of tasks
• 44 percent believe that AI will complete 50 percent of the tasks

“What stands out in this report is that SOCs don’t struggle with visibility anymore; we’re buried in it,” said Stojkovski. “The real problem is the constant flood of alerts, and too many of them never get touched. The numbers here back that up: almost 40 percent of alerts go ignored, and more than half of teams admit they’ve missed something critical. The useful part of this report is that it shows where AI is actually being used: alert triage, investigation, and detection engineering. These aren’t nice-to-have features; they’re the only way for teams to keep up. If AI helps reduce the noise and gives analysts back in time, that’s the shift that matters.”

Establishing strong partnerships to utilize security services is an opportunity for channel players to boost their security posture. Read more about how solutions providers are even helping NFL teams stay in the game.