Navigating the Next Security Inflection Point: Monzy Merza on the Future of Security and SOC Automation Tools with theCUBE’s Jon Oltsik

Crogl CEO Monzy Merza recently joined theCUBE's Jon Oltsik for an in-depth conversation about the state of modern security operations. The discussion covered everything from the failures of legacy SOAR tools to the future of autonomous SOCs powered by compound AI systems.

The SOC Fragmentation Problem

Security teams know what to do but are hamstrung by the complexity of fragmented tooling and inconsistent data schemas. Analysts "had to memorize all these different schemas" and "know a different programming language for each one of the tools," with simply too many tools in play. The average organization uses more than 45 security tools, and analysts are often forced to manually stitch insights across these disparate sources.

The Talent Problem

Merza pushed back against the notion that this is purely a hiring problem: "There's plenty of people. The problem is we're looking for these unicorns." The industry's expectation that a single analyst can master dozens of tools, schemas, and query languages is unrealistic.

SOAR Is Broken

When Oltsik asked about SOAR tools, Merza was direct: "SOARs are essentially brittle." They require "playbook writing" and "hard-coded integrations." The current security environment is too dynamic for that outdated approach to automation.

The AI-Driven Inflection Point

With the rise of generative AI, business users are capable of doing significantly more work with the same headcount. As Merza put it, "I still really have 1,000 users, but I now have 5,000 users." This shift translates into expanded digital footprints, more complex telemetry, and increased attack surface — without a proportional increase in SOC staffing.

Augment, Not Replace

Merza was emphatic: "We are not going to replace the analyst. Anybody who believes that has never done the job and does not understand the complexity." Instead of replacing humans, Crogl aims to build "the Iron Man suit" for analysts — augmenting their capabilities rather than automating them away.

Compound AI Architecture

Merza introduced the concept of a "compound AI system" — a layered architecture combining LLMs, agentic workflows, relational databases, and RAG. "AI is not a singular entity. It is a combination of things working together to produce an outcome."

Tickets as the Unit of Work

"Crogl works on tickets. And what that means for us is we have dissolved the problem into two core components of data and process," Merza explained. This ticket-based framing echoes a familiar pain point across SOCs — every alert generates work, and that work needs to be tracked, investigated, and documented.

Data Normalization Is a Dead End

Merza addressed a long-held industry belief head-on: "It is not just untenable, it is a naive proposition to ask the customer to normalize their data." Crogl's compound AI system is designed to operate across varied data schemas without requiring normalization.

Air-Gapped Deployment

"We have a customer today that's running Crogl in an internet-disconnected environment, fully functional." Crogl works in hybrid cloud settings as well as fully air-gapped, customer-managed environments.

Transparency Is Non-Negotiable

"Before Crogl takes an action, Crogl's work can be inspected beforehand," said Merza. "There is no black box." In a future increasingly dominated by agentic AI systems, Crogl is making a case for auditability as a core feature, not an afterthought.

The future of security operations won't be about choosing AI over humans — it will be about embedding compound AI systems that extend human capacity with precision, process awareness, and proof.