AI-Driven SecOps: Evolution, Threats, and the Future of Threat Hunting

The video features a discussion between Ashish from Cloud Security Podcast and Axa Taylor, Chief Security Evangelist at Exo Force, on the evolution of security operations (SecOps) with AI, termed 'wbe hunting.' Key threats highlighted include credential stuffing (390 authentication attempts across 14 accounts), supply chain attacks via GitHub (e.g., Hackerbot Claw and Team PCB npm package exploits), and North Korean actors posing as fake employees. The conversation emphasizes the need for AI-driven SecOps to integrate context—such as identity mapping, posture data, and peer behavior analytics—to improve detection and response accuracy. Exo Force’s platform demonstrates how AI can automate threat hunting, reduce false positives, and bridge silos between cloud, identity, and SecOps teams. The four pillars of AI SecOps discussed are detection, investigation, triaging, and response, with triaging identified as the easiest starting point for organizations. Axa stresses that while advanced AI models aid defenders, they require skilled oversight to validate outputs and avoid misconfigurations, such as autonomous shutdowns of production systems. The video also references real-world attacks like the Iran Striker campaign targeting healthcare institutions.