Skip to content

ESKme/genai-in-the-soc-paper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
appendix
appendix
 
 
assets
assets
 
 
figures
figures
 
 
paper
paper
 
 
.gitignore
.gitignore
 
 
CITATION.cff
CITATION.cff
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
REPOSITORY_STRUCTURE.md
REPOSITORY_STRUCTURE.md
 
 

Repository files navigation

GenAI in the SOC

Preview

GenAI in the SOC Paper - Acceleration v. Responsibility

Abstract

Generative AI is increasingly integrated into Security Operations Centers (SOCs) to accelerate alert triage, investigation, and response workflows.

This paper analyzes both the opportunities and risks of this integration, focusing on the fundamental tension between operational acceleration and the need for human responsibility, validation, and accountability.

Core Argument

Generative AI should be treated as a decision-support system, not as an autonomous decision-maker.

While AI can significantly accelerate analysis and pattern recognition, the final responsibility for security-critical decisions must remain with human experts.

Conceptual Model

Paradigm Shift

This model illustrates the transition from deterministic, rule-based systems to probabilistic, AI-assisted analysis, emphasizing the shift in epistemic certainty and the continued necessity of human oversight.

Human-in-the-Loop Architecture

Human-in-the-Loop

This architecture demonstrates how generative AI integrates into SOC workflows as an analytical layer, augmenting human analysts while preserving human decision authority in incident response.

About the Paper

This repository contains the full research paper, supporting figures, and supplementary material.

The work focuses on the role of generative AI in incident response and explores how efficiency gains can be achieved without compromising accountability and correctness in security-critical environments.

Repository Structure

See Repository Structure for an overview of the project layout.

  • /paper/ → Full paper (PDF)
  • /paper/source/ → Source files (ODT)
  • /figures/ → Diagrams and conceptual models
  • /appendix/ → Terminology and supporting material
  • /assets/ → Visual assets (social preview, cover)

Repository Layout Overview

.
├─ README.md
├─ LICENSE
├─ CITATION.cff
├─ .gitignore
│
├─ paper/
│  ├─ ESKme-GenAI-im-SOC-Paper-EN-v1.0.pdf
│  ├─ ESKme-GenAI-im-SOC-Paper-DE-v1.0.pdf
│  └─ source/
│     ├─ ESKme-GenAI-im-SOC-Paper-EN-v1.0.odt
│     └─ ESKme-GenAI-im-SOC-Paper-DE-v1.0.odt
│
├─ figures/
│  ├─ paradigm-shift-ai-soc-en.jpg
│  ├─ paradigm-shift-ai-soc-de.jpg
│  ├─ human-in-the-loop-architecture.png
│
├─ appendix/
│  └─ terminology.md
│
└─ assets/
   ├─ cover-en.jpg
   ├─ cover-de.jpg
   └─ social-preview.png

Citation

If you use this work, please cite it using the information provided in CITATION.cff.

License

This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.

ESKme ∴ Ethical.Shift.Keeper.//me

About

Generative AI in SOCs: incident response, human-in-the-loop design, and the balance between acceleration and responsibility.

ESKme.net

Topics

incident-response cybersecurity soc decision-support bias human-in-the-loop security-analysis threat-detection ai-governance generative-ai security-operations-center genai ai-in-security automation-bias

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0 - Initial Release Latest
Apr 13, 2026

Contributors