Winning the war against adversarial AI needs to start with AI-native SOCs

Stay Ahead, Stay ONMINE

Winning the war against adversarial AI needs to start with AI-native SOCs

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Faced with increasingly sophisticated multi-domain attacks slipping through due to alert fatigue, high turnover and outdated tools, security leaders are embracing AI-native security operations centers (SOCs) as the future of defense. This year, attackers are setting […]

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More

Faced with increasingly sophisticated multi-domain attacks slipping through due to alert fatigue, high turnover and outdated tools, security leaders are embracing AI-native security operations centers (SOCs) as the future of defense.

This year, attackers are setting new speed records for intrusions by capitalizing on the weaknesses of legacy systems designed for perimeter-only defenses and, worse, of trusted connections across networks.

Attackers trimmed 17 minutes off their average eCrime intrusion activity time results over the last year and reduced the average breakout time for eCrime intrusions from 79 minutes to 62 minutes in just a year. The fastest observed breakout time was just two minutes and seven seconds.

Attackers are combining generative AI, social engineering, interactive intrusion campaigns and an all-out assault on cloud vulnerabilities and identities. With this playbook they seek to capitalize on the weaknesses of organizations with outdated or no cybersecurity arsenals in place.

“The speed of today’s cyberattacks requires security teams to rapidly analyze massive amounts of data to detect, investigate and respond to threats faster. This is the failed promise of SIEM [security information and event management]. Customers are hungry for better technology that delivers instant time-to-value and increased functionality at a lower total cost of ownership,” said George Kurtz, president, CEO and cofounder of cybersecurity company CrowdStrike.

“SOC leaders must find the balance in improving their detection and blocking capabilities. This should reduce the number of incidents and improve their response capabilities, ultimately reducing attacker dwell time,” Gartner writes in its report, Tips for Selecting the Right Tools for Your Security Operations Center.

AI-native SOCs: The sure cure for swivel-chair integration

Visit any SOC, and it’s clear most analysts are being forced to rely on “swivel-chair integration” because legacy systems weren’t designed to share data in real time with each other.

That means analysts are often swiveling their rolling chairs from one monitor to another, checking on alerts and clearing false positives. Accuracy and speed are lost in the fight against growing multi-domain attempts that are not intuitively obvious and distinct among the real-time torrent of alerts streaming in.

Here are just a few of the many challenges that SOC leaders are looking to an AI-native SOC to help solve:

Chronic levels of alert fatigue: Legacy systems, including SIEMs, are producing an increasingly overwhelming number of alerts for SOC analysts with to track and analyze. SOC analysts who spoke on anonymity said that four out of every 10 alerts they produce are false positives. Analysts often spend more time triaging false positives than investigating actual threats, which severely affects productivity and response time. Making an SOC AI-native would make an immediate dent in this time, which every SOC analyst and leader has to deal with on a daily basis.

Ongoing talent shortage and churn: Experienced SOC analysts who excel at what they do and whose leaders can influence budgets to get them raises and bonuses are, for the most part, staying put in their current roles. Kudos to the organizations who realize investing in retaining talented SOC teams is core to their business. A commonly cited statistic is that there is a global cybersecurity workforce gap of 3.4 million professionals. There is indeed a chronic shortage of SOC analysts in the industry, so it’s up to organizations to close the pay gaps and double down on training to grow their teams internally. Burnout is pervasive in understaffed teams who are forced to rely on swivel-chair integration to get their jobs done.

Multi-domain threats are growing exponentially. Adversaries, including cybercrime gangs, nation-states and well-funded cyber-terror organizations, are doubling down on exploiting gaps in endpoint security and identities. Malware-free attacks have been growing throughout the past year, increasing in their variety, volume and ingenuity of attack strategies. SOC teams protecting enterprise software companies developing AI-based platforms, systems and new technologies are being especially hard-hit. Malware-free attacks are often undetectable, trading on trust in legitimate tools, rarely generating a unique signature, and relying on file-less execution. Kurtz told VentureBeat that attackers who target endpoint and identity vulnerabilities frequently move laterally within systems in under two minutes. Their advanced techniques, including social engineering, ransomware-as-a-service (RaaS), and identity-based attacks, demand faster and more adaptive SOC responses.

Increasingly complex cloud configurations increase the risks of an attack. Cloud intrusions have surged by 75% year-over-year, with adversaries exploiting native cloud vulnerabilities such as insecure APIs and identity misconfigurations. SOCs often struggle with limited visibility and inadequate tools to mitigate threats in complex multicloud environments.

Data overload and tool sprawl create defense gaps that SOC teams are called on to fill. Legacy perimeter-based systems, including many decades-old SIEM systems, struggle to process and analyze the immense amount of data generated by modern infrastructure, endpoints, and sources of telemetry data. Asking SOC analysts to keep on top of multiple sources of alerts and reconcile data across disparate tools slows their effectiveness, leads to burnout and holds them back from achieving the necessary accuracy, speed and performance.

How AI is improving SOC accuracy, speed and performance

“AI is already being used by criminals to overcome some of the world’s cybersecurity measures,” warns Johan Gerber, executive vice president of security and cyber innovation at MasterCard. “But AI has to be part of our future, of how we attack and address cybersecurity.”

“It’s extremely hard to go out and do something if AI is thought about as a bolt-on; you have to think about it [as integral],” Jeetu Patel, EVP and GM of security and collaboration for Cisco, told VentureBeat, citing findings from the 2024 Cisco Cybersecurity Readiness Index. “The operative word over here is AI being used natively in your core infrastructure.”

Given the many accuracy, speed and performance advantages of transitioning to an AI-native SOC, it’s understandable why Gartner is supportive of the idea. The research firm predicts that by 2028, multi-agent AI in threat detection and incident response (including within SOCs) will increase from 5% to 70% of AI implementations — primarily augmenting, not replacing, staff.

Chatbots making an impact

Core to the value that AI-driven SOCs bring to cybersecurity and IT teams are accelerated threat detection and triage based on improved predictive accuracy using real-time telemetry data.

SOC teams report that AI-based tools, including chatbots, are providing faster turnarounds on a broad spectrum of queries, from simple analysis to more complex analysis of anomalies. The latest generation of chatbots designed to streamline SOC workflows and assist security analysts include CrowdStrike’s Charlotte AI, Google’s Threat Intelligence Copilot, Microsoft Security Copilot, Palo Alto Networks’ series of AI Copilots, and SentinelOne Purple AI.

Graph databases are core to SOCs’ future

Graph database technologies are helping defenders see their vulnerabilities as attackers do. Attackers think in terms of traversing the system graph of a business, while SOC defenders have traditionally relied on lists they use to cycle through deterrent-based actions. The graph database arms race aims to get SOC analysts to parity with attackers when it comes to tracking threats, intrusions and breaches across the graph of their identities, systems and networks.

AI is already proving effective in reducing false positives, automating incident responses, enhancing threat analysis and continually finding new ways to streamline SOC operations.

Combining AI with graph databases is also helping SOCs track and stop multi-domain attacks. Graph databases are core to SOC’s future because they excel at visualizing and analyzing interconnected data in real time, enabling faster and more accurate threat detection, attack path analysis, and risk prioritization.

John Lambert, corporate vice president for Microsoft Security Research, underscored the critical importance of graph-based thinking for cybersecurity, explaining to VentureBeat, “Defenders think in lists, cyberattackers think in graphs. As long as this is true, attackers win.”

AI-native SOCs need humans in the middle to reach their potential

SOCs that are deliberate in designing human-in-the-middle workflows as a core part of their AI-native SOC strategies are best positioned for success. The overarching goal needs to be strengthening SOC analysts’ knowledge and providing them with the data, insights and intelligence they need to excel and grow in their roles. Also implicit in a human-in-the-middle workflow design is retention.

Organizations that have created a culture of continuous learning and see AI as a tool for accelerating training and on-the-job results are already ahead of competitors. VentureBeat continues to see SOCs that put a high priority on enabling analysts to focus on complex, strategic tasks, while AI manages routine operations, retaining their teams. There are many stories of small wins, like stopping an intrusion or a breach. AI should not be seen as a replacement for SOC analysts or for experienced human threat hunters. Instead, AI apps and platforms are tools that threat hunters need to protect enterprises better.

AI-driven SOCs can significantly reduce incident response times, with some organizations reporting up to a 50% decrease. This acceleration enables security teams to address threats more promptly, minimizing potential damage.

AI’s role in SOCs is expected to expand, incorporating proactive adversary simulations, continuous health monitoring of SOC ecosystems, and advanced endpoint and identity security through zero-trust integration. These advancements will further strengthen organizations’ defenses against evolving cyber threats.

Daily insights on business use cases with VB Daily

If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.

Read our Privacy Policy

Thanks for subscribing. Check out more VB newsletters here.

An error occured.

Stay Ahead

Explore More Insights

Stay ahead with more perspectives on cutting-edge power, infrastructure, energy, bitcoin and AI solutions. Explore these articles to uncover strategies and insights shaping the future of industries.

FluidCloud’s Large Infrastructure Model targets the multicloud networking gap

“It’s a mixture of multiple models,” Omar told Network World. “The conversion and the core capability are not an LLM; it’s our own conditional model.” A standard LLM sits at the front end to parse user intent. The Terraform generation and cloud-to-cloud conversion work runs on custom foundation models trained

F5 brings new visibility and AI controls to Big-IP, NGINX

The demand came from a gap that general-purpose observability tools were not filling. Customers running tools like Datadog and New Relic told F5 they needed something different. F5 Insight pulls from technology acquired through the Threat Stack and Fletch acquisitions and runs on F5’s AI data fabric. It includes an

Tech layoffs surpass 45,000 in early 2026

Layoffs spread across tech sectors Beyond Amazon, Meta, and Block, several technology vendors and platform companies have also announced sizable layoffs this year. According to the RationalFX report: Semiconductor and electronics company ams OSRAM has announced 2,000 layoffs. Telecommunications vendor Ericsson has announced 1,900 job cuts. Semiconductor equipment manufacturer ASML

Eridu exits stealth with $200M to rebuild AI networking

That gap is not static. Promode Nedungadi, Chief Technology Officer, said the architectural and algorithmic trends driving AI are making the network problem harder, not easier. Techniques like mixture-of-experts models and the disaggregation of inference into separate prefill and decode stages all require more data movement. “Every one of those

Energy Department Announces $1.9B Investment in Critical Grid Infrastructure to Reduce Electricity Costs

WASHINGTON—The U.S. Department of Energy’s Office of Electricity (OE) today announced an approximately $1.9 billion funding opportunity to accelerate urgently needed upgrades to the nation’s power grid. These investments will meet rising electricity demand and resource adequacy needs, while lowering electricity costs for American households and businesses. Projects selected through the Speed to Power through Accelerated Reconductoring and other Key Advanced Transmission Technology Upgrades (SPARK) funding opportunity will deliver fast and durable upgrades to the grid with real results. In line with President Trump’s Executive Order, Unleashing American Energy, selected projects will demonstrate how reconductoring—replacing existing power lines with higher‑capacity conductors—paired with other Advanced Transmission Technologies (ATTs) can expand grid capacity, increase operational efficiency, lower prices for consumers, and improve overall system reliability and security of the nation’s electric grid. “For too long, important grid modernization and energy addition efforts were not prioritized by past leaders,” said U.S. Secretary of Energy Chris Wright. “Thanks to President Trump, we are doing the important work of modernizing our grid so electricity costs will be lowered for American families and businesses.” “The United States must increase grid capacity to meet demand, and ensure the grid provides reliable power—day-in and day-out,” said OE Assistant Secretary Katie Jereza. “Through this SPARK funding opportunity, we will stabilize and optimize grid operations to strengthen it for rapid growth.” The SPARK opportunity builds on the Grid Resilience and Innovation Partnerships (GRIP) Program, which provided up to $10.5 billion in competitive funding over five years to states, tribes, electric utilities, and other eligible recipients to strengthen grid resilience and innovation. The previous two GRIP funding rounds covered FY 2022-2023 and FY 2023-2024 funding. Today’s announcement continues the mission of the GRIP Program under the SPARK funding opportunity, focusing on the rapid deployment of reconductoring and other ATTs that expand transfer capability, strengthen reliability

United States to Release 172 Million Barrels of Oil From the Strategic Petroleum Reserve

WASHINGTON—U.S. Secretary of Energy Chris Wright released the following statement regarding the International Energy Agency (IEA) and the U.S. Strategic Petroleum Reserve (SPR): “Earlier today, 32 member nations of the International Energy Agency unanimously agreed to President Trump’s request to lower energy prices with a coordinated release of 400 million barrels of oil and refined products from their respective reserves. “As part of this effort, President Trump authorized the Department of Energy to release 172 million barrels from the Strategic Petroleum Reserve, beginning next week. This will take approximately 120 days to deliver based on planned discharge rates. “President Trump promised to protect America’s energy security by managing the Strategic Petroleum Reserve responsibly and this action demonstrates his commitment to that promise. Unlike the previous administration, which left America’s oil reserves drained and damaged, the United States has arranged to more than replace these strategic reserves with approximately 200 million barrels within the next year—20% more barrels than will be drawn down—and at no cost to the taxpayer. “For 47 years, Iran and its terrorist proxies have been intent on killing Americans. They have manipulated and threatened the energy security of America and its allies. Under President Trump, those days are coming to an end. “Rest assured, America’s energy security is as strong as ever.” ###

Occidental Petroleum, 1PointFive STRATOS DAC plant nears startup in Texas Permian basin

Occidental Petroleum Corp. and its subsidiary 1PointFive expect Phase 1 of the STRATOS direct air capture (DAC) plant in Texas’ Permian basin to come online in this year’s second quarter. In a post to LinkedIn, 1PointFive said Phase 1 “is in the final stage of startup” and that Phase 2, which incorporates learnings from research and development and Phase 1 construction activities, “will also begin commissioning in Q2, with operational ramp-up continuing through the rest of the year.” Once fully operational, STRATOS is designed to capture up to 500,000 tonnes/year (tpy) of CO2. As part of the US Environmental Protection Agency (EPA) Class VI permitting process and approval, it was reported that STRATOS is expected to include three wells to store about 722,000 tpy of CO2 in saline formations at a depth of about 4,400 ft. The company said a few activities before start-up remain, including ramping up remaining pellet reactors, completing calciner final commissioning in parallel, and beginning CO2 injection. Start-up milestones achieved include: Completed wet commissioning with water circulation. Received Class VI permits to sequester CO2. Ran CO2 compression system at design pressure. Added potassium hydroxide (KOH) to capture CO2 from the atmosphere. Building pellet inventory. Burners tested on calciner.

Brava Energia weighs Phase 3 at Atlanta to extend production plateau

Just 2 months after bringing its flagship Atlanta field onstream with the new FPSO Atlanta, Brazil’s independent operator Brava Energia SA is evaluating a potential third development phase that could add roughly 25 million bbl of reserves and help sustain peak production longer than originally planned. The Phase 3 project, still at an early technical and economic evaluation stage, focuses on the Atlanta Nordeste area; a separate, shallower reservoir discovered in 2006 by Shell’s 9-SHEL-19D-RJS well. According to André Fagundes, vice-president of research (Brazil) at Welligence Energy Analytics, Phase 2 has four wells still to be developed: two expected in 2027 and two in 2029. Phase 3 would involve drilling two additional wells in 2031, bringing total development to 12 producing wells. Until recently, full-field development was understood to comprise 10 wells, but Brava has since updated guidance to reflect a 12-well development concept. Atlanta field upside The primary objective is clear. “We believe its main objective is to extend the production plateau,” Fagundes said. Welligence estimates incremental recovery could reach 25 MMbbl, increasing the field’s overall recovery factor by roughly 1.5%. Lying outside Atlanta’s main Cretaceous reservoir, Atlanta Nordeste represents a genuine upside opportunity, Fagundes explained. The field benefits from strong natural aquifer support, and no water or gas injection is anticipated. Water-handling constraints that affected early production using the Petrojarl I—limited to 11,500 b/d of water treatment—are no longer a bottleneck. FPSO Atlanta can process up to 140,000 b/d of water. Reservoir performance to date has been solid, albeit with difficulties. Recurrent electric submersible pump (ESP) failures and processing limits on the previous FPSO complicated full validation of original reservoir models. With the new 50,000-b/d FPSO in operation since late 2024, reservoir deliverability has become the main constraint. Phase 3 wells would also use ESPs and require additional subsea

California Resources eyes ‘measured’ capex ramp on way to 12% production growth thanks to Berry buy

@import url(‘https://fonts.googleapis.com/css2?family=Inter:[email protected]&display=swap’); a { color: var(–color-primary-main); } .ebm-page__main h1, .ebm-page__main h2, .ebm-page__main h3, .ebm-page__main h4, .ebm-page__main h5, .ebm-page__main h6 { font-family: Inter; } body { line-height: 150%; letter-spacing: 0.025em; font-family: Inter; } button, .ebm-button-wrapper { font-family: Inter; } .label-style { text-transform: uppercase; color: var(–color-grey); font-weight: 600; font-size: 0.75rem; } .caption-style { font-size: 0.75rem; opacity: .6; } #onetrust-pc-sdk [id*=btn-handler], #onetrust-pc-sdk [class*=btn-handler] { background-color: #c19a06 !important; border-color: #c19a06 !important; } #onetrust-policy a, #onetrust-pc-sdk a, #ot-pc-content a { color: #c19a06 !important; } #onetrust-consent-sdk #onetrust-pc-sdk .ot-active-menu { border-color: #c19a06 !important; } #onetrust-consent-sdk #onetrust-accept-btn-handler, #onetrust-banner-sdk #onetrust-reject-all-handler, #onetrust-consent-sdk #onetrust-pc-btn-handler.cookie-setting-link { background-color: #c19a06 !important; border-color: #c19a06 !important; } #onetrust-consent-sdk .onetrust-pc-btn-handler { color: #c19a06 !important; border-color: #c19a06 !important; } The leaders of California Resources Corp., Long Beach, plan to have the company’s total production average 152,000-157,000 boe/d in 2026, with each quarter expected to be in that range. That output would equate to an increase of more than 12% from the operator’s 137,000 boe/d during fourth-quarter 2025, due mostly to the mid-December acquisition of Berry Corp. Fourth-quarter results folded in 14 days of Berry production and included 109,000 b/d of oil, with the company’s assets in the San Joaquin and Los Angeles basins accounting for 99,000 b/d of that total. The company dilled 31 new wells during the quarter and 76 in all of 2025—all in the San Joaquin—but that number will grow significantly to about 260 this year as state officials have resumed issuing permits following the passage last fall of a bill focused on Kern County production. Speaking to analysts after CRC reported fourth-quarter net income of $12 million on $924 million in revenues, president and chief executive officer Francisco Leon and chief financial officer Clio Crespy said the goal is to manage 2026 output decline to roughly 0.5% per quarter while operating four rigs and

Petro-Victory Energy spuds São João well in Brazil

@import url(‘https://fonts.googleapis.com/css2?family=Inter:[email protected]&display=swap’); a { color: var(–color-primary-main); } .ebm-page__main h1, .ebm-page__main h2, .ebm-page__main h3, .ebm-page__main h4, .ebm-page__main h5, .ebm-page__main h6 { font-family: Inter; } body { line-height: 150%; letter-spacing: 0.025em; font-family: Inter; } button, .ebm-button-wrapper { font-family: Inter; } .label-style { text-transform: uppercase; color: var(–color-grey); font-weight: 600; font-size: 0.75rem; } .caption-style { font-size: 0.75rem; opacity: .6; } #onetrust-pc-sdk [id*=btn-handler], #onetrust-pc-sdk [class*=btn-handler] { background-color: #c19a06 !important; border-color: #c19a06 !important; } #onetrust-policy a, #onetrust-pc-sdk a, #ot-pc-content a { color: #c19a06 !important; } #onetrust-consent-sdk #onetrust-pc-sdk .ot-active-menu { border-color: #c19a06 !important; } #onetrust-consent-sdk #onetrust-accept-btn-handler, #onetrust-banner-sdk #onetrust-reject-all-handler, #onetrust-consent-sdk #onetrust-pc-btn-handler.cookie-setting-link { background-color: #c19a06 !important; border-color: #c19a06 !important; } #onetrust-consent-sdk .onetrust-pc-btn-handler { color: #c19a06 !important; border-color: #c19a06 !important; } Petro-Victory Energy Corp. has spudded the SJ‑12 well at São João field in Barreirinhas basin, on the Brazilian equatorial margin, Maranhão. Drilling and testing SJ‑12 is aimed at proving enough gas can be produced to sell locally. The well forms part of the single non‑associated gas well commitment under a memorandum of understanding signed in 2024 with Enava. São João contains 50.1 bcf (1.4 billion cu m) non‑associated gas resources. Petro‑Victory 100% owns and operates São João field.

Cisco grows high-end optical support for AI clusters

Cisco has also upgraded its Network Conversion System (NCS) with a 1RU, 800GE line card offering 12.8T capacity, with 32 OSFP-based ports for 100GE, 400GE, and 800GE clients and 800ZR/ZR+ WDM trunks. The NCS 1014 doubles the density of previous-generation NCS versions and now includes MACsec encryption (IEEE 802.1AE) to secure point-to-point links with hardware-based encryption, data integrity, and authentication for Ethernet traffic, Ghioni stated. It supports enhanced capacity and performance with C&L-band support and NCS 1014 systems with the 2.4T WDM line card based on the Coherent Interconnect Module 8 and now supports 800 GE clients, which can be mapped directly to a wavelength or inverse multiplexed across two wavelengths to maximize reach, Ghioni wrote. In the pluggable optic arena, Cisco is now offering a Quad Small Form Factor Pluggable Double Density (QSFP-DD) Pluggable Protection Switch Module that can monitor the optical link and switch traffic if it detects a fault in less than 50 milliseconds. The module occupies a quarter of the rack space compared to traditional protection devices—offering 90% rack space saving over available options, Ghioni wrote. It is aimed at Metro and DCI network customers where sub-50 ms failure recovery is essential and data centers needing fiber protection without bulky hardware, Ghioni stated. Cisco also added its Acacia developed Bright QSFP28 100ZR 0 dBm coherent optical pluggable in a standard QSFP28 form factor. It is aimed at edge, access, enterprise, and campus network deployment. Cisco has been actively growing its optical portfolio recently adding the Cisco Silicon One G300, which powers 102.4T N9000 and Cisco 8000 systems, as well as advanced 1.6T OSFP optics and 800G Linear Pluggable Optics.

Datalec targets rapid infrastructure deployment with new modular data centers

“We are engineering the data center with a new lens bringing pre-engineered system designs that are flexible and adaptable that enables a tailored solution for clients,” said John Lever, director of modular solutions at Datalec. The systems are flexible enough that these solutions cater for all types of data center, from standard server technology to AI and high-density compute. Datalec also provides “bolt-on” solutions, including a ‘digital wrapper’ including digital twinning and lifecycle and global support, Lever says. Another way Datalec says it differentiates from competing modular designs is a larger share of work is done offsite in a controlled manufacturing environment, which cuts onsite construction time, improves safety and limits disruption to live facilities, Lever says. The company competes with other modular data center vendors including Schneider Electric, Vertiv, Flex many others. DPI’s says its services are aimed at colocation providers, hyperscale and AI infrastructure teams, and large enterprises that need to add capacity quickly, safely and cost effectively across multiple regions.

Study finds significant savings from direct current power for AI workloads

The result is a 50% to 80% reduction in copper usage, due to fewer conductors and less parallel cabling, and an 8% to 12% reduction in annual energy-related OpEx through lower conversion and distribution losses. By reducing conductor count, cabling, and redundant power components, 800VDC enables meaningful savings at both build-out and operational stages. AI-first facilities can see a $4 million to $8 million in CapEx savings per 10 MW build by reducing upstream AC. For a one-gigawatt data center, you’re saving a couple million pounds of copper wire, he said. Burke says an all-DC data center is best done with a whole new facility rather than retrofitting old facilities. “[DC] is going to be in a lot of greenfield data centers that are going to be built, and data centers that are going to go to higher compute power are also going to DC,” he said. He did recommend all-DC retrofits for existing data centers that are going to employ high power computing with GPUs. Enteligent’s unnamed and as yet unreleased product is a converter that takes 800 volts and partitions it to 50 volts for the computing servers. The company will provide a new power supply, power shelf that converts 800 volts DC to 50 volts DC much more efficiently than any current power supplies. Burke said the company is doing NDA level testing and pilot programs now with its product, but it will be making a formal announcement within the next few weeks. There are a number of players in the DC arena focusing on different parts of the power supply market including Vertiv, Rutherford, Siemens, Eaton and many more.

Cisco blends Splunk analytics, security with core data center management

With the integration, data center teams can gather and act on events, alarms, health scores, and inventory through open APIs, Cisco stated. It also offers pre-built and customizable dashboards for inventory, health, fabric state, anomalies, and advisories as well as correlates telemetry across fabrics and technology tiers for actionable insights, according to Cisco. “This isn’t just another connector or API call. This is an embedded, architectural integration designed to transform how you monitor, troubleshoot, and secure your data center fabric. By bringing the power of Splunk directly into the Data Center Networking environment, we are enabling teams to solve complex problems faster, maintain strict data sovereignty, and dramatically reduce operational costs,” wrote Usha Andra is a senior product marketing leader and Anant Shah, senior product manager, both with Cisco Data Center Networking in a blog about the integration. “Traditionally, network monitoring involves a trade-off. You either send massive amounts of raw logs to a centralized data lake, incurring high ingress and storage costs. Or you rely on sampled data that misses critical microbursts and anomalies,” Andra and Shah wrote. “Native Splunk integration changes the paradigm by running Splunk capabilities directly within the Cisco Nexus Dashboard. This allows for the streaming of high-fidelity telemetry, including anomalies, advisories, and audit logs, directly to Splunk analytics.”

Execution, Power, and Public Trust: Rich Miller on 2026’s Data Center Reality and Why He Built Data Center Richness

DCF founder Rich Miller has spent much of his career explaining how the data center industry works. Now, with his latest venture, Data Center Richness, he’s also examining how the industry learns. That thread provided the opening for the latest episode of The DCF Show Podcast, where Miller joined present Data Center Frontier Editor in Chief Matt Vincent and Senior Editor David Chernicoff for a wide-ranging discussion that ultimately landed on a simple conclusion: after two years of unprecedented AI-driven announcements, 2026 will be the year reality asserts itself. Projects will either get built, or they won’t. Power will either materialize, or it won’t. Communities will either accept data center expansion – or they’ll stop it. In other words, the industry is entering its execution phase. Why Data Center Richness Matters Now Miller launched Data Center Richness as both a podcast and a Substack publication, an effort to experiment with formats and better understand how professionals now consume industry information. Podcasts have become a primary way many practitioners follow the business, while YouTube’s discovery advantages increasingly make video versions essential. At the same time, Miller remains committed to written analysis, using Substack as a venue for deeper dives and format experimentation. One example is his weekly newsletter distilling key industry developments into just a handful of essential links rather than overwhelming readers with volume. The approach reflects a broader recognition: the pace of change has accelerated so much that clarity matters more than quantity. The topic of how people learn about data centers isn’t separate from the industry’s trajectory; it’s becoming part of it. Public perception, regulatory scrutiny, and investor expectations are now shaped by how stories are told as much as by how facilities are built. That context sets the stage for the conversation’s core theme. Execution Defines 2026 After

Nomads at the Frontier: PTC 2026 Signals the Digital Infrastructure Industry’s Moment of Execution

Each January, the Pacific Telecommunications Council conference serves as a barometer for where digital infrastructure is headed next. And according to Nomad Futurist founders Nabeel Mahmood and Phillip Koblence, the message from PTC 2026 was unmistakable: The industry has moved beyond hype. The hard work has begun. In the latest episode of The DCF Show Podcast, part of our ongoing ‘Nomads at the Frontier’ series, Mahmood and Koblence joined Data Center Frontier to unpack the tone shift emerging across the AI and data center ecosystem. Attendance continues to grow year over year. Conversations remain energetic. But the character of those conversations has changed. As Mahmood put it: “The hype that the market started to see is actually resulting a bit more into actions now, and those conversations are resulting into some good progress.” The difference from prior years? Less speculation. More execution. From Data Center Cowboys to Real Deployments Koblence offered perhaps the sharpest contrast between PTC conversations in 2024 and those in 2026. Two years ago, many projects felt speculative. Today, developers are arriving with secured power, customers, and construction underway. “If 2024’s PTC was data center cowboys — sites that in someone’s mind could be a data center — this year was: show me the money, show me the power, give me accurate timelines.” In other words, the market is no longer rewarding hypothetical capacity. It is demanding delivered capacity. Operators now speak in terms of deployments already underway, not aspirational campuses still waiting on permits and power commitments. And behind nearly every conversation sits the same gating factor. Power. Power Has Become the Industry’s Defining Constraint Whether discussions centered on AI factories, investment capital, or campus expansion, Mahmood and Koblence noted that every conversation eventually returned to energy availability. “All of those questions are power,” Koblence said.

Microsoft will invest $80B in AI data centers in fiscal 2025

And Microsoft isn’t the only one that is ramping up its investments into AI-enabled data centers. Rival cloud service providers are all investing in either upgrading or opening new data centers to capture a larger chunk of business from developers and users of large language models (LLMs). In a report published in October 2024, Bloomberg Intelligence estimated that demand for generative AI would push Microsoft, AWS, Google, Oracle, Meta, and Apple would between them devote $200 billion to capex in 2025, up from $110 billion in 2023. Microsoft is one of the biggest spenders, followed closely by Google and AWS, Bloomberg Intelligence said. Its estimate of Microsoft’s capital spending on AI, at $62.4 billion for calendar 2025, is lower than Smith’s claim that the company will invest $80 billion in the fiscal year to June 30, 2025. Both figures, though, are way higher than Microsoft’s 2020 capital expenditure of “just” $17.6 billion. The majority of the increased spending is tied to cloud services and the expansion of AI infrastructure needed to provide compute capacity for OpenAI workloads. Separately, last October Amazon CEO Andy Jassy said his company planned total capex spend of $75 billion in 2024 and even more in 2025, with much of it going to AWS, its cloud computing division.

John Deere unveils more autonomous farm machines to address skill labor shortage

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Self-driving tractors might be the path to self-driving cars. John Deere has revealed a new line of autonomous machines and tech across agriculture, construction and commercial landscaping. The Moline, Illinois-based John Deere has been in business for 187 years, yet it’s been a regular as a non-tech company showing off technology at the big tech trade show in Las Vegas and is back at CES 2025 with more autonomous tractors and other vehicles. This is not something we usually cover, but John Deere has a lot of data that is interesting in the big picture of tech. The message from the company is that there aren’t enough skilled farm laborers to do the work that its customers need. It’s been a challenge for most of the last two decades, said Jahmy Hindman, CTO at John Deere, in a briefing. Much of the tech will come this fall and after that. He noted that the average farmer in the U.S. is over 58 and works 12 to 18 hours a day to grow food for us. And he said the American Farm Bureau Federation estimates there are roughly 2.4 million farm jobs that need to be filled annually; and the agricultural work force continues to shrink. (This is my hint to the anti-immigration crowd). John Deere’s autonomous 9RX Tractor. Farmers can oversee it using an app. While each of these industries experiences their own set of challenges, a commonality across all is skilled labor availability. In construction, about 80% percent of contractors struggle to find skilled labor. And in commercial landscaping, 86% of landscaping business owners can’t find labor to fill open positions, he said. “They have to figure out how to do

2025 playbook for enterprise AI success, from agents to evals

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More 2025 is poised to be a pivotal year for enterprise AI. The past year has seen rapid innovation, and this year will see the same. This has made it more critical than ever to revisit your AI strategy to stay competitive and create value for your customers. From scaling AI agents to optimizing costs, here are the five critical areas enterprises should prioritize for their AI strategy this year. 1. Agents: the next generation of automation AI agents are no longer theoretical. In 2025, they’re indispensable tools for enterprises looking to streamline operations and enhance customer interactions. Unlike traditional software, agents powered by large language models (LLMs) can make nuanced decisions, navigate complex multi-step tasks, and integrate seamlessly with tools and APIs. At the start of 2024, agents were not ready for prime time, making frustrating mistakes like hallucinating URLs. They started getting better as frontier large language models themselves improved. “Let me put it this way,” said Sam Witteveen, cofounder of Red Dragon, a company that develops agents for companies, and that recently reviewed the 48 agents it built last year. “Interestingly, the ones that we built at the start of the year, a lot of those worked way better at the end of the year just because the models got better.” Witteveen shared this in the video podcast we filmed to discuss these five big trends in detail. Models are getting better and hallucinating less, and they’re also being trained to do agentic tasks. Another feature that the model providers are researching is a way to use the LLM as a judge, and as models get cheaper (something we’ll cover below), companies can use three or more models to

OpenAI’s red teaming innovations define new essentials for security leaders in the AI era

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More OpenAI has taken a more aggressive approach to red teaming than its AI competitors, demonstrating its security teams’ advanced capabilities in two areas: multi-step reinforcement and external red teaming. OpenAI recently released two papers that set a new competitive standard for improving the quality, reliability and safety of AI models in these two techniques and more. The first paper, “OpenAI’s Approach to External Red Teaming for AI Models and Systems,” reports that specialized teams outside the company have proven effective in uncovering vulnerabilities that might otherwise have made it into a released model because in-house testing techniques may have missed them. In the second paper, “Diverse and Effective Red Teaming with Auto-Generated Rewards and Multi-Step Reinforcement Learning,” OpenAI introduces an automated framework that relies on iterative reinforcement learning to generate a broad spectrum of novel, wide-ranging attacks. Going all-in on red teaming pays practical, competitive dividends It’s encouraging to see competitive intensity in red teaming growing among AI companies. When Anthropic released its AI red team guidelines in June of last year, it joined AI providers including Google, Microsoft, Nvidia, OpenAI, and even the U.S.’s National Institute of Standards and Technology (NIST), which all had released red teaming frameworks. Investing heavily in red teaming yields tangible benefits for security leaders in any organization. OpenAI’s paper on external red teaming provides a detailed analysis of how the company strives to create specialized external teams that include cybersecurity and subject matter experts. The goal is to see if knowledgeable external teams can defeat models’ security perimeters and find gaps in their security, biases and controls that prompt-based testing couldn’t find. What makes OpenAI’s recent papers noteworthy is how well they define using human-in-the-middle

Stay Ahead, Stay ONMINE