AITech Interview with Mark Wojtasiak, VP of Product Research and Strategy at Vectra AI

Alert fatigue has become a systemic risk for security teams, as Vectra AI’s research reveals that only a fraction of the millions of daily alerts actually indicate an attack. The study found that 99.98% of behavioral signals are filtered out as noise before analysts even see them, creating an "attack signal problem" that drains talent and prolongs response times. This imbalance underscores the need for a paradigm shift from volume‑based triage to precision‑focused detection, where the few high‑fidelity alerts receive immediate attention.

Identity‑based threats now dominate the threat landscape, yet many SOCs overlook them because compromised credentials appear legitimate to traditional tools. Vectra’s data shows that nearly half of confirmed malicious incidents stem from identity abuse, highlighting a blind spot that persists without integrated identity, network, and cloud signals. Custom, behavior‑based detections—though representing only about 5% of total alerts—consistently surface these high‑risk events, proving that tailored rules are essential for uncovering attacks that generic models miss.

The future of SOC operations lies in AI‑driven automation paired with human expertise. AI can handle triage, stitching, and prioritization, filtering out up to 99% of noise and enabling entity‑centric workflows that improve efficiency by roughly 40%. Over the next three years, AI agents are expected to evolve from assistive tools to autonomous tier‑1 analysts, generating narrative reports and even initiating first‑response actions under strict guardrails. This balanced approach promises faster mean‑time‑to‑respond, reduced investigation effort, and stronger overall resilience against advanced attacks.