Search papers, labs, and topics across Lattice.
This study addresses the slow adoption of AI, specifically LLMs, in Security Operations Centers (SOCs) due to trust and reliability concerns. Researchers embedded themselves in a multinational company's SOC for six months, using ethnographic fieldwork to identify challenges and co-create LLM-based tools with practitioners. The iterative, sociotechnical co-creation process, aligned with Nonaka's SECI model, overcame traditional barriers, leading to sustained adoption and improved SOC efficiency.
Forget top-down deployment: embedding researchers directly within cybersecurity teams to co-create LLM tools can overcome skepticism and drive real-world adoption.
Technology for security operations centers (SOCs) has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models (LLMs), which exhibit issues such as hallucinations and inconsistent outputs. To assess whether LLM-based tools can improve SOC efficiency, we embedded two PhD researchers within a multinational company SOC for six months of ethnographic fieldwork. We identified recurring challenges, such as repetitive tasks, fragmented/unclear data, and tooling bottlenecks, and collaborated directly with practitioners to develop LLM companion tools aligned with their operational needs. Iterative refinement reduced workflow disruption and improved interpretability, leading from skepticism to sustained adoption. Ethnographic analysis indicates that this shift was enabled by our sociotechnical co-creation process consistent with Nonaka's SECI model. This framework explains the common challenges in traditional SOC technology adoption, including workflow misalignment, rigidity against evolving threats and internal requirements, and stagnation over time. Our findings show that the co-creation approach can overcome these old barriers and create a new paradigm for creating usable technology for cybersecurity operations.
