
By Chuck Gallagher — Business Ethics Keynote Speaker and Trainer
TL;DR
Chuck Gallagher, AI ethics speaker and author, analyzes Google Cloud’s finding that 82% of security analysts fear missing real threats due to alert fatigue and examines the ethical stakes of a security operations center that defends with AI agents against attackers who are also weaponizing them.
Article
There is a statistic buried in the Google Cloud report that should reset every boardroom conversation about cybersecurity. Eighty-two percent of security analysts are concerned or very concerned that they may be missing real threats because of the sheer volume of alerts and data they face. That is not a staffing problem. That is an architectural problem. The people defending the enterprise cannot physically process what the enterprise is producing, and the gap between what they see and what they miss is exactly the space attackers use. Google’s framing is blunt. Alert fatigue is the attacker’s greatest advantage. They only need to be right once. The defender has to be right every single time.
The proposed answer is the agentic security operations center, where a system of task-based AI agents handles triage, investigation, threat research, malware analysis, detection engineering, and response. Humans stay in the loop for escalation and final recommendations. Forty-six percent of executives at organizations with AI agents in production are already using them for security operations and cybersecurity. Torq, running on Google infrastructure, reports 90% automation of tier-one analyst tasks and 10x faster response times. Specular builds offensive cybersecurity agents on Gemini 2.5 Pro. Google DeepMind’s CodeMender agent has already found zero-day vulnerabilities in well-tested software. These are not pilots. This is production work, right now.
Chuck Gallagher, AI ethics speaker and author, has been making one argument to security leaders for the last year that he keeps having to repeat because it keeps being underweighted. Everything that makes agentic AI a defense multiplier makes it an offense multiplier. The same capabilities that let a defender triage ten thousand alerts in minutes let an attacker generate ten thousand plausible phishing variants in minutes. The same reasoning that lets a defender’s agent correlate across systems lets an attacker’s agent probe for misconfigurations across systems. Francis deSouza, Google Cloud’s COO for Security Products, says it directly in the report. Security professionals must be deeply bilingual in both AI and security. That bilingual requirement is not a training suggestion. It is the operational reality of 2026.
The ethics question sits in a specific place. When a defensive agent takes an autonomous action, quarantining a machine, blocking an IP range, resetting credentials, it is making a decision that could disrupt a legitimate business process. When the decision is right, nobody notices. When the decision is wrong, a customer-facing system goes down and someone has to explain why. The traditional security operations center handled this through tiered human review. The agentic SOC compresses that review, sometimes eliminates it for common cases. The efficiency gain is real. The accountability question is also real. Who authorized this agent to shut down that system, and under what conditions, and how would we know if those conditions were wrong?
Google’s response is the Secure AI Framework 2.0, an expanded framework designed to address the risks posed by autonomous AI agents specifically. That matters because agentic systems expand the attack surface in ways traditional frameworks did not contemplate. Every agent with tool access is a potential entry point. Every agent with data access is a potential exfiltration path. Every agent that can act on another agent’s instructions is a potential cascade. The infrastructure that makes agentic AI powerful, the model context protocols, the agent-to-agent handoffs, the grounded enterprise data, is the same infrastructure an attacker will try to subvert. Defenders have to design for that from day one, not patch it in after an incident.
Chuck Gallagher, AI ethics speaker and author, frames the choice facing security leaders in terms that translate to every other part of the business. You can treat the agentic SOC as a cost-reduction play, where the goal is to replace tier-one analyst work and cash the savings. That is the path that will produce, within eighteen months, a significant breach at some organization that went too fast and gave too much authority to under-supervised agents. Or you can treat it as a capability upgrade, where the human analysts get elevated to strategic work, the agents handle the volume, and the governance around what agents can and cannot do is tightened before, not after, it is tested by a real incident. The second path is harder. It is also the one that survives.
There is a specific operational practice that separates the organizations that will get this right. They are writing down, per agent, the rules of engagement. What is the agent authorized to do autonomously. What triggers a human review. What actions require multi-party sign-off. What happens when the agent produces a confidence score below a threshold. Jon Ramsey, Google Cloud’s general manager for security, describes agents elevating SOC analysts from tactical responders to strategic defenders. That elevation only happens when the analysts have something meaningful to defend. If the agents are acting in a governance vacuum, the analysts are not strategic defenders. They are witnesses to whatever the agents decide to do.
The 2026 security story is not going to be told in defense versus offense terms. It is going to be told in governance versus improvisation terms. The organizations that built the framework first will absorb the attacks and recover. The organizations that moved fast and hoped the agents would behave will contribute case studies to every conference talk in 2027. Sandra Joyce, Google Cloud’s head of threat intelligence, says AI is already being used to find zero-days, identify malicious code, and uplift defenders. It is also being used by the other side. Which side wins depends less on the technology and more on which side thought through the accountability structure before they needed it.
Frequently Asked Questions
What is an agentic security operations center?
An agentic SOC is a security operations model where task-based AI agents handle triage, investigation, threat research, malware analysis, detection engineering, and response, with human analysts overseeing escalation and final recommendations. Google Cloud describes this as a semi-autonomous security operations cycle.
How serious is alert fatigue in security operations?
According to Forrester Consulting research conducted for Google in July 2025, 82% of security analysts are concerned or very concerned that they may be missing real threats or incidents due to the volume of alerts and data they must process.
How many organizations are using AI agents for security?
Google Cloud’s 2025 research found that 46% of executives at organizations with AI agents in production have deployed them for security operations and cybersecurity, based on a survey of 1,814 executives leveraging agentic AI.
How are attackers using AI?
The same agentic capabilities that help defenders also help attackers, including generating phishing variants at scale, probing for misconfigurations across systems, and finding software vulnerabilities. Google Cloud’s Secure AI Framework 2.0 is designed specifically to address risks posed by autonomous AI agents on both sides.
Who is Chuck Gallagher?
Chuck Gallagher is an AI ethics speaker and author who works with security leaders and executive teams on governance, accountability, and ethical decision-making in AI deployments. His perspective is informed by his background as a former white-collar offender turned ethics advocate. More at ChuckGallagher.com.
Where This Leaves You
The agentic SOC is a genuine defense multiplier and a governance minefield, and the difference between the organizations that will come through 2026 intact and the ones that will contribute case studies depends entirely on the work done before an agent is given authority to act. The five questions below are what Chuck Gallagher uses with security leaders and boards to pressure-test an agentic security rollout.
Five Questions for Leaders
- For every defensive agent that can take autonomous action, have you written down the rules of engagement in terms a non-technical board member could understand?
- What actions require human review, what actions require multi-party sign-off, and are those thresholds documented and auditable?
- How would you know if one of your defensive agents took an action it should not have, and how fast?
- Are your security analysts being trained as supervisors of agents, or just as users of agent output?
- Have you stress-tested your agentic defenses against the assumption that attackers are using the same class of tools against you?
Related Articles:
AI Ethics in Funeral Service: When Convenience Crosses the Line
