Managed detection and response solved a real staffing problem for a decade, but new data on 25 million alerts suggests the model leaves roughly 60% of alerts unreviewed. Here's what's driving the shift toward AI-led security operations, and what to actually evaluate before your next renewal.
Managed detection and response was built to answer a problem that has not gone away: most security teams cannot staff a 24/7 analyst desk, cannot hire fast enough, and cannot keep up with the alert queue on their own. MDR stepped into that gap and, for most of the past decade, it worked well enough.
The argument now circulating among security leaders, pushed hard by vendors like Intezer but echoed by independent practitioners, is that the model is straining against a different kind of adversary. Attackers are using AI to generate convincing phishing at scale, automate reconnaissance, and spin up malware variants faster than signature-based detection can catch them. The attack surface now spans endpoint, identity, cloud, and network at the same time. The MDR response, routing alerts to human analysts who triage what they can in the order they can reach them, has not fundamentally changed.
The coverage gap nobody advertises
The most striking number in the current debate is about what MDR actually covers. The promise is 24/7 human coverage. What gets delivered, in practice, is 24/7 human capacity to triage high-severity alerts. Those are not the same thing.
Across the industry, roughly 60% of alerts go unreviewed. That is not a knock on any particular provider. It is a description of what happens when finite human teams face the alert volume that modern environments generate. They prioritize. P1s and P2s get worked. P3s and P4s accumulate. And that deprioritized pile is precisely where patient attackers prefer to operate.
Intezer's analysis of 25 million alerts across enterprises in 2025 found that nearly 1% of real threats originate in low-severity and informational alerts. Run the math on an organization generating 450,000 alerts a year, with 60% never investigated and a fraction of those representing genuine incidents, and you land at roughly 54 real incidents annually sitting in the queue nobody is watching. About one a week. The vendor framing is self-interested, but the underlying arithmetic is the kind of thing every CISO should run against their own numbers.
Investigation quality is not a constant
Even the alerts that do get reviewed receive uneven treatment. The depth of an investigation is bounded by who is on shift, how deep the queue is at that moment, and the time of day. A P1 at 3 a.m. with a tired, thinly staffed team gets a different look than the same alert at 10 a.m. when the bench is full. When an investigation runs shallow, threats get filed as noise, and early lateral movement reads as routine behavior. The intruder who slipped in through a low-severity alert keeps moving because no one had the time or context to connect the signals.
This variance is structural. Any human-executed process running at high volume, under pressure, around the clock will produce it.
The feedback loop that never closes
There is also an architectural complaint worth taking seriously. In most MDR deployments, detection engineering and investigation live in separate silos. When an analyst closes an alert as a false positive, that insight rarely flows back into the detection rules. Noisy rules keep generating noise. Broken rules stay broken. New attacker techniques show up without matching detections. Coverage measured against the MITRE ATT&CK framework drifts lower than teams assume, getting tuned only when a customer complains about volume or a major CVE hits the news.
Layered on top is the visibility problem. Many MDR services operate as a black box. Customers receive escalations and summaries but cannot inspect the evidence trail, verify the verdict, or audit what the analyst actually reviewed before closing a case. When an incident is missed, you cannot diagnose why. When regulators ask what was investigated and how, there may be no satisfying answer.
The ownership question
There is a quieter issue that becomes sharper as organizations start experimenting with AI in their security operations. Detection rules, triage logic, case history, and the years of tuning specific to your environment accumulate inside the vendor's platform. When the contract ends, that knowledge does not necessarily leave with you.
That creates a real readiness problem. If you want to deploy an AI agent for SOC work, it needs a knowledge foundation to reason over: detection rules, case history, behavioral baselines, forensic verdicts. If all of that lives in a vendor's platform you do not control, your agent starts from near zero. For teams planning to build internal capability or supervise AI systems rather than outsource wholesale, owning that foundation is a prerequisite, not a nice-to-have.
What an AI SOC actually proposes
The alternative being marketed is the "AI SOC," and the core idea is straightforward: move investigative execution out of the human queue and into AI, so humans focus on decisions rather than discovery. Instead of sampling or filtering by severity, the claim is that 100% of alerts across endpoint, identity, cloud, network, phishing, and SIEM get triaged and investigated automatically.
Intezer reports that across its 25 million alerts, less than 2% required human escalation, with the rest resolving autonomously at sub-minute median triage time and 98% verdict accuracy. Translated to that 450,000-alert enterprise, roughly 441,000 alerts get fully investigated without human intervention, and the 54 genuine threats that would have slipped through traditional coverage get caught with remediation recommendations attached.
Treat vendor accuracy figures with appropriate skepticism, because they are measured on the vendor's own platform under conditions the vendor defines. The directional point still holds: applying consistent forensic depth to a P4 at 3 a.m. is something automation can do that a human queue structurally cannot.
Depth is what separates investigation from summary
The useful distinction here is between pre-processing and investigation. AI can summarize an alert and enrich it with threat intelligence. That is helpful, but it is not investigation. Genuine forensic interrogation asks what actually executed, where it originated, what it did, and whether there is evidence of compromise in memory that the alert never surfaced.
That matters because the most dangerous threats are designed to dodge surface-level detection. Fileless malware lives in memory and writes nothing to disk. Code injection hides inside legitimate processes. Early credential theft looks like ordinary authentication. Research cited in the discussion found that more than half of confirmed compromised endpoints had already been marked "mitigated" by the EDR vendor, a sobering reminder that a clean dashboard is not the same as a clean environment. Without memory forensics, binary analysis, and code reuse detection, any AI investigation is only as deep as the alert data it was handed.
Forensic depth is also what builds the trust threshold, the point where verdicts are accurate and evidence-backed enough to act on without a human double-check. Below that line, AI assists analysts. Above it, AI can carry the investigative load and escalate only when the evidence warrants it.
Practical takeaways before your next renewal
If you run security operations, here is the useful core stripped of the sales pitch:
- Run your own coverage math. Pull your annual alert volume, estimate what percentage actually gets reviewed, and ask honestly how confident you are that the unreviewed remainder contains no real threats.
- Check who owns your detection content. Find out whether the detection rules, case history, and tuning built during your contract move with you at the end of it. If they do not, factor that lock-in into renewal decisions.
- Ask for the evidence trail. Whether you stay with MDR or evaluate an AI-led model, demand the ability to audit investigation logic and verdicts. A black box is a liability in a regulated environment.
- Watch the pricing model. Per-alert pricing recreates the cherry-picking problem, because it penalizes you for investigating low-severity signals. Per-endpoint pricing removes that economic disincentive and makes budgets predictable, since endpoint counts are stable while alert volumes spike during incidents.
- Consider augmentation over replacement. The lower-risk path is to run AI investigation alongside an existing MDR contract, observe what it surfaces that the incumbent missed, and let months of evidence inform a clean decision at renewal rather than a disruptive mid-contract switch.
The MDR model was designed for a world where attackers moved at human speed and the hard problem was staffing coverage. Attackers running AI-assisted campaigns, moving faster than triage queues can clear, and deliberately targeting the low-severity blind spots have changed the inputs to that equation. Whether the answer is a full AI SOC, a hybrid arrangement, or a tougher set of contract terms with your current provider, the question worth answering is the uncomfortable one: of the alerts your team never gets to, how sure are you that none of them matter?
Comments
Please log in or register to join the discussion