HACKER Q&A
📣 dense_rep

In the age of AI, why is incident handling still manual?


Beyond simple triage, I get the sense most incident resolution is still manual. Environments are fragmented with different tools for SaaS, cloud, endpoints, identity, … In the end, only the ITops humans can piece together what's actually happening in an incident.

Curious how others see it.

  👤 saidnooneever Accepted Answer ✓
there are many working on implementing AI (read:LLM agents) on soc and IR. I do to, but there is inherent problems with hallucinations which are imho totally killing it. RL might help, but its realy new still for llms.

currently the best i think is that it can guide humans (a little bit) and help with process more than implementation of IR