Q&A with The Last Watchdog: How Adaptive AI Is Reshaping Security Operations

Despite years of investment in threat intelligence platforms, detection tools, and playbook-driven automation, SOCs still struggle to translate insight into action. As Monzy Merza, CEO and co-founder of Crogl, shared in a recent Q&A with Pulitzer-winning journalist Byron Acohido for The Last Watchdog, the problem isn’t just a lack of intelligence—it’s a failure of traditional systems to adapt.

"SOCs must reverse-engineer every advisory into their own context. Intel doesn’t map cleanly to their systems," Merza said. "Analysts test hypotheses across 40+ tools, each with its own schema. It’s exhausting."

Real-World SOCs Demand Automation That Evolves, Not Just Executes

Traditional SOC automation tools, such as SOAR platforms, were designed to bring order to security workflows. But Merza points out their fatal flaw: "They rely on having well-structured, normalized data—and they assume that workflows can be cleanly templated in advance. The real world doesn’t operate that way."

Crogl was built from the opposite premise. Its compound AI system doesn’t expect perfection. Instead, it learns from fragmented logs, evolving API schemas, and inconsistent human behavior to dynamically generate response logic tailored to each organization’s unique environment.

"Where traditional tools enforce structure, we learn from the lack of it," says Merza.

Why Process Intelligence Is Essential to Effective SOC Automation

The problem isn’t just the speed of response—it’s the accuracy and relevance of that response. That’s where process intelligence comes in. "Process intelligence means understanding the workflows and norms unique to each organization—not just detecting anomalies in a vacuum," Merza explained.

Context is everything. What looks like a red flag in one organization may be standard practice in another. For instance, DevOps teams might deploy hundreds of containers late on a Friday—an anomaly in some environments, but normal for others. Crogl recognizes those patterns, adapts accordingly, and helps eliminate false positives before they drain analyst time.

The Case for Inspectable, On-Premise AI for Security Operations

With AI quickly embedding itself into the core of cybersecurity, trust and transparency are non-negotiable. "We deliberately chose an architecture that allows customers to own and inspect everything—from the models to the data flows to the output logic," said Merza.

Crogl provides a full bill of materials for every decision it makes, giving teams the ability to trace and justify actions in line with compliance mandates. This level of transparency isn’t just about building trust—it’s about regulatory defensibility.

The platform also offers deployment flexibility, including the ability to run in air-gapped environments—a critical feature for sectors like finance, defense, and

healthcare where SaaS isn’t always viable.

From Reactive to Proactive: What’s Next for SOCs

AI has the potential to reshape how SOCs operate—but not if it simply mimics traditional tooling. "SOCs need tools that adapt to data and processes without breaking," Merza noted. That means going beyond low-code playbooks and static queries to build systems that reason in real time.

And the future isn’t just AI that answers—it’s AI that asks. "Not just AI that answers queries, but AI that asks better questions—surfacing threats, suggesting actions, and helping analysts stay ahead. That’s where this is going," he said.

Crogl's approach represents a major shift in the role of AI within the SOC. It's not about replacing humans with automation—it's about enabling analysts to focus on what matters, supported by systems that adapt, learn, and evolve alongside them.

Read the complete Q&A here: https://www.lastwatchdog.com/shared-intel-qa-ai-in-the-soc-isnt-all-about-speed-its-more-so-about-smoothing-process/

See How Crogl Turns Alerts into Action—Automatically.

Security teams today are overwhelmed with alerts and under-resourced to respond. Crogl changes that by working directly on tickets across your SIEM, SOAR, and ITSM platforms—triaging, investigating, and documenting every step in real time. Our compound AI system doesn’t just promise efficiency; it delivers repeatable, auditable outcomes that let your team focus on what matters most.

Ready to reclaim your team’s time and effectiveness? Schedule a demo today.