Fighting Alert Fatigue To Help Security Teams Focus
“Alert fatigue has long been a struggle in cybersecurity,” Chitrakar says. “This challenge, along with the manual nature of most security operations tasks, is notorious for burning out security teams. It also forces security operations centers into a reactive loop, preventing them from achieving a more proactive, optimized posture.”
Agentic AI can help automate some of those tasks to free analysts’ attention for more high-level matters. As an example, Chitrakar notes, Google Security Operations has an Alert Triage and Investigation agent that has processed over 5 million alerts in the past year, reducing a typical 30-minute manual analysis to 60 seconds with Gemini.
A 2025 Sophos report found that 76% of cybersecurity professionals reported experiencing burnout over the past year. When security platforms have agentic AI capabilities, security teams can start to engage with building agents using plain language instead of specialized queries.
“Additional use cases include malware analysis and vulnerability discovery. Malware analysis is especially critical because few possess the advanced reverse-engineering skill sets required to perform it,” Chitrakar says, adding that Gemini-powered VirusTotal Code Insight, for instance, can analyze binary behavior to identify emerging threats.
READ MORE: Get the strategic pros and cons of cloud computing for SMBs.
It’s critical that security teams govern their nonhuman agents with the same rigor that they do their highly privileged human analysts, she says. AI agents shouldn’t have unchecked access across a security information and event management platform; a security orchestration, automation and response tool; or downstream enforcement points.
“Strict safety guardrails and API scoping must dictate what an agent can observe versus what it can execute. For example, an autonomous agent might have the authority to query threat intelligence and quarantine a standard workstation at 2 a.m., but taking a higher-risk action — such as modifying a core enterprise firewall rule — might still require human authorization based on predefined risk policies,” Chitrakar says.
Additionally, security operations center visibility requires “extreme explainability and centralized logging,” so that when the morning shift arrives, staffers have a transparent, centralized audit trail about an incident that was resolved, she adds. That way, they know why an agent made a certain decision.
“By embedding these strict playbook boundaries and identity governance directly into the security operations platform, teams can confidently scale their autonomous, around-the-clock defense while retaining absolute control and oversight over their environment,” Chitrakar says.
LEARN MORE: Discover how AI is forcing businesses to rethink their infrastructure strategies.
