Sign up to save your podcasts
Or
Share Can You Build an AI SOC with Claude Code? The Reality vs. Hype
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Can You Build an AI SOC with Claude Code? The Reality vs. Hype
Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.
We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .
This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".
Guest Socials - Ariful's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
-Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security Podcast
Questions asked:
(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food
View all episodes
By Cloud Security Podcast Team
5
5656 ratings
Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.
We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .
This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".
Guest Socials - Ariful's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
-Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security Podcast
Questions asked:
(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food
More shows like Cloud Security Podcast
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
373 Listeners
The Cloudcast
155 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,017 Listeners
Darknet Diaries
7,999 Listeners
Cybersecurity Today
175 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
188 Listeners
Practical AI
210 Listeners
AWS Podcast
203 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Cloud Security Podcast by Google
40 Listeners
Risky Bulletin
44 Listeners