Q&A with The Last Watchdog: How Adaptive AI Is Reshaping Security Operations
Crogl CEO Monzy Merza recently sat down with Pulitzer Prize-winning journalist Byron V. Acohido for a Q&A published in The Last Watchdog. The conversation explored how adaptive AI is reshaping security operations — and why the fundamental challenge isn't speed, but smoothing process.
The Threat Intelligence Gap
The 2023 disclosure of the Volt Typhoon campaign illustrated a persistent gap in security operations. Despite CISA publishing a comprehensive 47-page advisory, breaches connected to this threat actor continued unfolding for months afterward. The failure wasn't in knowledge acquisition but in execution velocity.
As Merza identifies: "SOCs must reverse-engineer every advisory into their own context." Threat intelligence doesn't automatically align with organizational systems. Analysts typically interact with 40+ different tools, each employing distinct data schemas.
Why SOAR Falls Short
Unlike Security Orchestration, Automation, and Response (SOAR) platforms that depend on structured, normalized data and predetermined workflows, Crogl's approach operates differently. The system accepts messy, fragmented data across inconsistent log formats and evolving API schemas.
"Where traditional tools enforce structure, we learn from the lack of it," Merza explained. Crogl identifies emerging patterns, maps dependencies dynamically, and generates context-specific response procedures rather than applying static playbooks.
Process Intelligence
Understanding organizational workflows — not just identifying isolated anomalies — defines effective security. Each organization maintains unique operational rhythms, approval mechanisms, and business requirements. Crogl learns these organizational nuances, preventing false positives that would otherwise overwhelm analysts.
Architecture Choices
Crogl deliberately rejected conventional SaaS models to prioritize transparency and customer control. Organizations can inspect models, data flows, and output logic completely. This transparency matters particularly for regulated sectors like healthcare, defense, and finance where algorithmic opacity creates compliance complications.
The platform enables deployment flexibility, including air-gapped environments, accommodating organizations preferring to avoid additional cloud dependencies.
The Bigger Picture
As workload volumes expand faster than security teams can scale, SOCs require tools that adapt without breaking. Merza anticipates evolution toward systems that don't merely answer queries but pose more valuable questions — identifying threats, suggesting appropriate actions, and helping analysts maintain threat awareness.
Crogl's approach represents a major shift in the role of AI within the SOC. It's not about replacing humans with automation — it's about enabling analysts to focus on what matters, supported by systems that adapt, learn, and evolve alongside them.