D@S #55: Salesforce’s Mor Levi on AI Agents in SecOps
Discover how Salesforce's security team harnesses AI agents—targeting 50% autonomous triage—while keeping human expertise central to their strategy.
Detection at Scale is a podcast and a newsletter dedicated to helping security practitioners navigate the complexities of Enterprise-scale detection and response. Each episode features industry leaders who bring real-world experience and actionable lessons to help you stay ahead of the curve!
This week's conversation features Mor Levi (VP of Detection, Analysis, & Response at Salesforce). We explore the practical realities of deploying AI agents in security, the evolution of analyst roles, and why human creativity remains essential in our AI-enabled future!
With 15 years of security expertise—from military intelligence to leading enterprise security teams—Mor shares insights on implementing generative AI to enhance security operations workflows. She reveals how Salesforce achieves high automation rates in security triage while maintaining robust effectiveness and reliability.
Topics:
Implementing generative AI agents for security operations, with the goal of 50% autonomous triage by the end of the year.
The AI agents operate as an application layer on top of LLMs, functioning as context-aware models focused on specific datasets and use cases.
Security considerations for AI implementation include comprehensive threat modeling for abuse scenarios, data exfiltration, and potential hallucinations.
Evolution of security analyst roles as AI handles routine tasks, emphasizing strategic thinking and hypothesis development.
Strategies for maintaining consistency and reliability in AI-driven security operations through proper prompt engineering.
Building effective guardrails and controls for AI systems while enabling powerful automation capabilities.
While automation is increasing, human expertise remains crucial for providing vision, creative problem-solving, and high-quality input, particularly in incident response and threat hunting.
Practical advice for implementing AI in security operations, emphasizing focused use cases and clear success criteria.
Watch it on YouTube here:
Chapters
0:00 Introduction to the episode
0:55 Mor's security journey
2:06 AI integration at Salesforce
5:01 Securing LLM implementations
8:08 Understanding AI agents
10:11 Automated triage workflows
14:18 Agent memory and learning
17:03 Data quality challenges
19:59 Agent scope and limitations
21:41 Detection and threat modeling
24:02 The future of security analysts
28:57 Prioritizing AI implementation
31:42 Future security trends
Related Reading
To dive deeper into the topics discussed today, check out the blogs below:
