The AI SOC Analyst Is Already Here — Are You Ready to Rethink the Role of Your Security Team?
By Sean Martin and Marco Ciappelli, Co-Founders of ITSPmagazine
There is a prediction circulating the cybersecurity conference circuit that Monzy Merza, Co-Founder and CEO of Crogl, finds not just wrong but backward: that AI is going to reduce the number of security engineers organizations need. We put it to him directly in this Brand Spotlight recorded ahead of RSAC Conference 2026, and his counter-argument landed with the kind of clarity that tends to stop a conversation in its tracks.
His reasoning is grounded in history. When the phone contact list made it unnecessary to memorize numbers, people did not communicate less — they communicated with far more people at far greater volume. Automation expanded human capacity. Merza argues AI in security will do exactly the same thing: raise the surface area of what practitioners must handle, not shrink the need for them. He is prepared to wager there will be more security engineers next year than today, just doing different, higher-leverage work.
What Makes Crogl Different From the AI SOC Tools Crowding the Market?
Crogl was founded in 2023 around a proposition that sounds straightforward and is anything but: make every security practitioner as effective as their entire team. The platform handles alert investigation, threat hunting, and automated documentation — across whatever footprint, tools, and data stores an organization already has.
The architectural decision that sets Crogl apart is a refusal to require data normalization before anything useful can happen. Real enterprise environments have multiple data stores, multiple SIEMs, and multiple SOAR platforms because different tools serve different purposes. One Crogl customer runs investigations across three SIEMs and two SOAR platforms simultaneously. Rather than treat that complexity as a prerequisite to fix, Crogl builds a semantic knowledge graph that maps data relationships across whatever exists — without transforming the underlying data. Analysts work in their real environment, not an idealized version of it.
How Can Organizations Use Multiple AI Models Without Getting Locked In?
Crogl applies the same logic to language models that it applies to data. If you accept that different data stores serve different purposes, why accept that a single language model is the right answer for every security scenario? Crogl lets organizations choose their model, swap models as needs evolve, and deploy on any footprint — including fully air-gapped environments. For government agencies, energy utilities, financial services firms, and manufacturers, that is not a convenience. It is the difference between a product that can actually be deployed and one that cannot.
When Merza sat down with 15 financial services security leaders in New York, the feedback came back unprompted and consistent: the investment in an enterprise semantic knowledge graph is what they see Crogl doing right. Their argument was direct — you cannot solve enterprise security operations at scale with AI if you do not know where data lives without forcing it to move. Anyone not building at that layer either does not understand the problem or cannot deliver on the promise. These were practitioners talking, not vendors.
What Is Crogl Bringing to RSAC Conference 2026?
The week before RSAC Conference, Crogl hosted the first AI SOC Summit near Washington, DC — no NDAs, no directed demos, no oversight. Attendees brought their own laptops, received access tokens, and used Crogl on their own problems, completely unattended. That same ethos will be on the show floor. The head of AI, the UX designer, and the chief architect will all be there — not to pitch, but to listen and be challenged. Practitioners can walk up and run real scenarios without anyone driving the demo.
What struck us in this conversation is how consistent Merza's position is from first principle to final product decision. The organizations building AI security strategy around eliminating people are making a bet that history does not support. The smarter path — and the one Crogl is built around — is enabling practitioners with tools that meet them where they are, on the data they have, with the models they trust, in the environments they control. RSAC Conference 2026 is where that argument meets the people who will decide if it holds up.
Watch the full Brand Spotlight conversation and connect with Monzy Merza on LinkedIn. Learn more about Crogl at crogl.com and explore the AI SOC Summit at aisocsummit.com.