The AI-Embedded SOC: An Operating Model for the Asymmetry Era

This report describes the industrialization of generative-AI offensive capabilities: LLMs are being used to find semantic/logic vulnerabilities (AI-written zero-days), produce polymorphic malware on demand, power agentic frameworks that automate reconnaissance and exploitation (e.g., PROMPTSPY's GeminiAutomationAgent), and create high-fidelity phishing/vishing and influence content; multiple state-aligned APT clusters are already operationalizing these techniques at scale.