Your AI SOC Won’t Catch Ransomware by Itself

Cristina Anghel

July 06, 2026

Your AI SOC Won’t Catch Ransomware by Itself

Customers ask me how many analysts the MDR team still needs. The question implies AI has already made the answer “smaller.” Unfortunately, the organizations asking this question are usually the same ones that have not yet solved their telemetry gaps, their unmanaged endpoints, or their MFA coverage. They want AI to close problems that AI cannot see.

I understand why the question gets asked: the dominant pitch in the market right now is that AI will replace SOC analysts. That framing is not just wrong. It is operationally dangerous because it tells buyers to defund the things that make AI useful: telemetry, business context, and analyst judgment.

The organizations that benefit most from AI in the SOC are those that already have the foundations in place. The organizations that skip the foundations and buy the AI tooling first are still struggling with the same visibility gaps, except now they have a dashboard that processes the gaps quickly.

I discussed this topic with my colleagues recently during our webinar: The Lab, the SOC, the Red Team: Why Prevention Still Wins.

Screenshot 2026-07-01 160602

What Does AI in the SOC Handle?

AI has made real, measurable operational changes to how MDR teams work. Telemetry correlation that once required an analyst to manually connect events across dozens of sources now surfaces as a prioritized alert. Investigation summaries that took thirty minutes to build from raw logs take seconds. Noise reduction is genuine: the ratio of alerts that require human attention has shifted, and that shift matters enormously when a team covers hundreds of environments simultaneously.

In well-scoped environments, AI can execute predefined containment actions without waiting for an analyst. That is a real capability. Isolating a known-compromised endpoint based on specific behavioral triggers, queuing a password reset on a compromised account, blocking a process execution that matches an established behavioral signature: these are low-uncertainty, low-operational-impact actions where automation earns its keep.

The honest way to describe what AI does well is: it handles the work where the answer is already known, the uncertainty is low, and the operational impact of being wrong is contained. Enrichment, correlation, prioritization, predefined response. Everything inside those boundaries is genuine AI territory in a modern SOC.

Why is the Ransomware Binary the Wrong Detection Target?

The most damaging version of the “AI SOC” pitch focuses on catching malware at execution. That focus is wrong, and I want to explain precisely why, because it shapes everything about how an MDR program should be built.

Ransomware deployment is one of the last things that happens in a ransomware incident. Before the binary executes, the attacker has already been inside the environment for hours, days, or longer. They have accessed the network, scanned it, identified credential stores, dumped credentials, moved laterally to the systems they need, and confirmed that the environment is ready. By the time the ransomware binary appears, the investigation is largely over. The question is only whether containment happened before or after encryption.

One case illustrates this clearly. We identified suspicious Advanced IP Scanner activity running from a temporary user directory. That observation, on its own, looks like noise. Legitimate network administrators use Advanced IP Scanner regularly, and the process is not inherently suspicious. But the SOC team had investigated several ransomware incidents that started with this exact combination: VPN access to the environment, then internal scanning with a tool running from an anomalous path. We had seen where that sequence goes.

The full Akira ransomware progression, across multiple mid-sized enterprise environments in different industries, followed the same chain:

  1. VPN access
  2. Internal scanning
  3. Remote registry activity (querying credential-related areas of the registry remotely, which can happen in legitimate administration but is also a standard technique in early credential-harvesting stages)
  4. Credential dumping
  5. RDP movement
  6. Ransomware deployment

Six steps. The detection that prevented impact happened at step two, not step six.

Initial access in that case involved exploiting the SonicWall VPN. Based on our findings from prior investigations, we immediately isolated the affected host and advised the customer to disable external VPN access, verify patch status, and reset privileged credentials. No ransomware deployed. The binary never ran because the analyst recognized the progression pattern at the second step rather than the last.

The cross-environment learning that made that early detection possible is not a feature in a product. It is what happens when analysts have investigated the same progression multiple times, across different customers, different industries, different architectures. The pattern becomes recognizable before it completes. We see the same operational learning with newer social engineering techniques, including ClickFix-style attacks (a category of user-tricking techniques that prompt victims to manually execute malicious commands). Delivery methods evolve quickly, but many behavioral patterns repeat. When a new case arrives, the analyst is not starting from zero.

What Signature Coverage Cannot See

Signature coverage and vendor guidance do not move at the same speed as modern attackers. That gap is where behavioral detection earns its keep, and it is also where the “AI replaces analysts” framing most visibly breaks down.

On July 18, 2025, Bitdefender MDR identified suspicious encoded PowerShell activity on an on-premises SharePoint server, attempting to deploy malicious code into the SharePoint web directory. The relevant vulnerabilities, CVE-2025-49706 (an authentication bypass in SharePoint) and CVE-2025-49704 (an insecure deserialization vulnerability enabling remote code execution), had been published by Microsoft on July 8. The CVEs were public. What was not yet widespread was the public acknowledgment that these vulnerabilities were being actively exploited in the wild.

CISA updated its guidance on July 20. Microsoft published “Disrupting active exploitation of on-premises SharePoint vulnerabilities” on July 22. Microsoft’s subsequent analysis attributed the broader exploitation campaign to Linen Typhoon, Violet Typhoon, and Storm-2603. The activity was later named “ToolShell” in public reporting.

The MDR detection on July 18 was not before the vulnerability was disclosed. It was ahead of the active-exploitation wave, before signature coverage and broader vendor guidance had caught up.

That is the relevant window: the gap between CVE publication and the moment the security community broadly acknowledges that real attackers are moving on it. That gap is typically measured in days to weeks. Attackers move inside it. Behavioral detection sometimes catches what signature-based tools cannot see, because behavioral detection operates on evidence that does not require knowing about the specific vulnerability first.

What AI Returns to the Analyst

There is a boundary where AI hands work back to a human. That boundary is defined by two variables: operational impact and uncertainty. When both are low, AI carries the task. When either is high, the task comes back to an analyst. That is not a limitation to be engineered away. It is the correct design.

A case I think about when explaining this involved activity that AI initially classified as likely legitimate administrative behavior. The processes involved were signed Windows binaries. There was no obvious malware execution. On the evidence AI was weighing, the classification was reasonable.

The analyst recognized something different. The activity involved remote registry access to sensitive credential-related areas of the system. That behavior can legitimately occur in administrative workflows. It can also be a standard early step in credential harvesting before ransomware deployment. The question AI could not answer was: does this fit this customer’s normal environment? The analyst had the operational context to recognize that it did not. The case was escalated, the host was isolated, and it was handled as an active credential-access incident.

This is the judgment layer working as designed. AI handled the correlation, the noise reduction, and the initial classification. The analyst made the call that required understanding what the behavior meant in the specific context of that customer and that environment. The future SOC is AI-amplified, not analyst-less. Every step toward autonomy that preserves analyst judgment at the operational-impact boundary is the right step. Every pitch that removes that boundary is the wrong one. 

Which Organizations Benefit Most from AI in the SOC?

The organizations that benefit most from AI in the SOC are the ones that already have strong telemetry coverage, MFA, prevention layers, response capability, and endpoint visibility. AI can operate on reliable context. When the context is reliable, AI accelerates the work and shifts the analyst’s time toward the decisions that matter.

Which Organizations Struggle with AI in the SOC?

The organizations that struggle with AI tooling are the ones that deploy it on top of unresolved visibility gaps: unmanaged systems that do not report telemetry, inconsistent MFA coverage, missing endpoint agents, undefined response authority. AI does not fill gaps. It processes what is there. When what is there is incomplete, AI processes the incomplete picture faster, and the analyst makes decisions based on a distorted view of the environment.

Is AI Benefiting Attackers or Defenders?

Are cyber defenders or threat actors benefiting more from AI? This is an open question, and the jury is out. The 2026 Bitdefender Cybersecurity Assessment surveyed 1,200 IT and cybersecurity professionals in six countries about their views, and 52.6% said “AI is helping attackers more than defenders.” One thing we can say for certain now: operational tempos are accelerating on both sides.

The structural edge for defenders in an MDR model is not compute superiority or model quality. It is that MDR teams investigate attacks across many environments simultaneously, and that learning compounds. When we see a new progression pattern across customer A, it changes how we interpret early signals in customer B’s environment the following week. That operational memory is what enables early detection at step two rather than step six. AI accelerates the accumulation and retrieval of that pattern knowledge. It does not replace the knowledge itself.

The AI SOC pitch, taken literally, is a description of an environment where the foundations are already solved: complete telemetry, strong prevention, consistent identity controls, well-scoped response authority. In that environment, AI does accelerate and amplify. The mistake is assuming the pitch describes where most organizations currently are, rather than where they need to get to first.

The Akira progression gets harder to complete when prevention layers compress the attacker’s early window. Good telemetry means both the analyst and the AI are working from a complete picture. MFA and identity controls mean the early steps of that chain are harder to complete before detection. The SOC and the prevention layer are not separate investments competing for the same budget. The SOC multiplies what the prevention layer has built.

The May 21 panel discussion pulled on the two threads this piece relies on: prevention-first architecture and what an AI-enabled SOC can and cannot do. I made the SOC case there alongside Bitdefender Labs and the Bitdefender Red Team. Same incidents, three vantage points, recorded in full. The on-demand recording here: The Lab, the SOC, the Red Team: Why Prevention Still Wins

Screenshot 2026-07-01 160602

 

tags


Author


Cristina Anghel

Cristina Anghel is a Senior Security Analyst and Team Lead at Bitdefender. She has more than a decade of experience in cybersecurity and is GIAC certified in Cyber Threat Intelligence (GCTI).

View all posts

You might also like

Bookmarks


loader