AI has become a cornerstone in security operations centers (SOCs), with security teams and MSSPs using the technology for everything from reducing alert fatigue to accelerating the mean-time-to-response to enhancing threat detection.
For organizations with SOCs, the rapidly evolving technology acts as a force multiplier, letting them to scale without having to add too much headcount, while also increasingly leveling the playing field against adversaries that are quickly
using AI in their attacks.
That said, it isn’t always easy figuring out how best to use the technology.
“Many practitioners are still struggling to turn early experimentation into consistent operational value,”
wrote Christopher Crowley, a senior instructor with the SANS Institute and SOC consultant. “This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning to problems that are not well defined.”
In the
SANS 2025 SOC Survey, the cybersecurity training institute found that many organizations are experimenting with AI, but that 40% of SOCs use AI or machine learning tools without making them a defined part of the operations, and 42% rely on these tools out of the box, with no customization.
This creates what Crowley called a “familiar pattern. AI is present inside the SOC but not operationalized.”
A lot in two releases
Still, vendors are
building out the AI capabilities in their SOC platforms, giving organizations more ways to use the technology to their advantage.
Stellar Cyber,
in the last two releases of its AI-native SecOps platform, expanded the capabilities of its Auto Triage tool, extended detection coverage across identity, cloud, network, and application-driven threats, improved the platform’s operations, and introduced Parser Studio to create a self-service workspace for creating, testing, and activating custom parsers.
In
Stellar Cyber 6.5 (released in May) and 6.6 (introduced this month), the vendor also offered early access support for the Stellar Cyber MCP Server, giving certain AI customers a governed way to connect to the platform via the Model Context Protocol (MCP) Server, and improved network and sensor coverage.
“Taken together, 6.5 and 6.6 move Stellar Cyber closer to the goal of the human-augmented autonomous SOC by improving the full operating loop: data onboarding, threat detection quality, triage, investigation, case management, automation, and response,”
Christophe Briguet, Stellar Cyber's senior director of product management for AI and security analytics, told MSSP Alert. “That matters because SOC teams do not have one isolated problem. They need cleaner data, better context around threat alerts, faster decisions, and trusted automation, all working together.”
Everything in a single platform
Such a broad approach is something that separates what Stellar Cyber offers from competitors’ platforms, Briguet said.
“Many automated SOC offerings focus on a single layer, such as AI assistants, SOAR playbooks, or alert triage,” he said. “Stellar Cyber differentiates itself by combining AI, automation, detection engineering, case management, response orchestration, and open integrations into a single platform, while retaining human oversight and control.”
Writing about 6.5,
Mayuresh Ektare, senior vice president of product management for Stellar Cyber, noted that with Parser Studio, security teams can see built-in and custom parsers, clone supported modular parsers, test parser behavior before deployment, and activate parsers for production ingestion, which, for MSSPs, can shorten client onboarding cycles and reduce their dependency on vendor-delivered parser work.
Parser development is now a security outcome issue, not simply a back-office detail, Ektare wrote.
A security outcome issue
“Every environment has unique telemetry,” he wrote. “MSSPs see this every day. One customer uses a particular firewall. Another uses a regional VPN provider. Another has specialized infrastructure, legacy systems, DLP tools, file transfer platforms, remote access technologies, API security products, or custom applications.”
He added that “if onboarding that telemetry requires long vendor cycles or custom engineering every time, the security program slows down before it begins delivering value.”
The Stellar Cyber MCP Server lets users bring AI into existing SOC workflows with case context, tenant awareness, and access controls rather than relying on disconnected assistants outside the analyst workflow.
The vendor extended the Auto Triage feature by adding verdict visibility to the Alert Table and Threat Hunting views so analysts can more quickly see triage outcomes, filter them by verdict, and more easily act on the results.
Benefits for MSSPs
Such enhancements will benefit MSSPs, which Briguet said are under pressure to deliver better outcomes, speed up onboarding, improve reporting, and broaden their coverage without adding analysts.
“The improvements we made to 6.5 and 6.6 help them achieve all of this by enhancing parser creation, data onboarding, detection fidelity, AI-assisted triage, case visibility, and repeatable workflows, enabling MSSPs to scale services while protecting margins,” he said.
Stellar Cyber 6.5 is available now, while some updates in Stellar Cyber 6.6, like the Stellar Cyber MCP Server and Parser Studio, are available through the vendor’s Early Access Program.
