At the Gartner Security & Risk Management Summit in National Harbor in early June 2026, the firm dropped a prediction that landed harder than most: by 2030, 75 percent of security operations center teams will experience erosion in their foundational security-analysis skills because of over-dependence on automation and AI. The line came from William Dupre, a VP Analyst at Gartner, and it was paired with a second, sharper claim — that over- or under-reliance on AI will create a "great divergence" among organizations.
It is worth pausing on what this is and is not. It is a forward-looking analyst prediction, not a measured outcome. Nobody has counted 75 percent of anything yet. But Gartner predictions tend to set the agenda for board conversations and budget cycles, and this one cuts against the prevailing narrative. For two years the story has been that the AI-powered SOC saves you from the analyst shortage. Gartner is now saying the same automation that fills the gap may quietly hollow out the people who remain.
What the prediction actually claims
Read the wording carefully. Gartner did not say AI makes SOC analysts unemployed. It said their skills erode. Those are different failure modes, and the distinction matters.
Skill erosion is the slow loss of capability that comes from not exercising it. An analyst who spends three years approving or dismissing AI-generated triage verdicts, rather than building those verdicts from raw telemetry, gradually loses the muscle for the harder work: pivoting through logs, reconstructing an attacker's path, recognizing the alert that does not fit any known pattern. The job still exists. The depth behind it thins out.
The companion point — that headcount still needs to grow even as productivity climbs — is the part most readers will skip past, and it is the most important. Gartner is explicitly rejecting the headcount-reduction pitch that AI-detection-and-response vendors have leaned on. More automation, in their framing, is not a license to shrink the team. It is a reason to invest harder in the humans, because the failure mode is no longer "we cannot hire enough people," it is "the people we have can no longer do the part the machine cannot."
Why automation erodes skill, mechanically
This is not a vague cultural worry. There is a well-understood mechanism behind it, and aviation has been studying it for decades under the name "automation complacency." When a system handles the routine cases reliably, the human supervising it stops paying close attention, loses situational awareness, and is slower and worse when the system finally hands them something it cannot handle. Security operations is now wiring itself into exactly this trap.
In a modern AI-powered SOC, the agentic layer increasingly does the first pass: it correlates alerts, enriches them with context, drafts a verdict, and in more aggressive deployments closes the benign ones without a human ever looking. The analyst's role shifts from investigator to reviewer. And reviewing is a fundamentally shallower cognitive act than investigating. You are checking someone else's reasoning, not constructing your own, and after a few hundred reviews where the machine was right, the checking gets perfunctory.
Three reinforcing dynamics make it worse:
- The easy cases disappear from the human's diet. Junior analysts historically learned the craft by grinding through routine alerts. If agentic AI eats those, there is no on-ramp. The senior analysts keep their skills; the pipeline behind them never develops any. That is how you arrive at 2030 with a team that looks staffed but is brittle.
- AI hallucinations make review untrustworthy precisely when it matters. A model that is confidently wrong about a novel attack is hardest to catch for the analyst who has stopped doing independent analysis. The skill you need to override the machine is the skill the machine is eroding.
- Adversaries adapt to the automation, not the analyst. Attackers probe for the gaps in automated detection — prompt injection against agentic triage tools, living-off-the-land techniques that read as benign to a pattern-matcher. The cases that reach a human are increasingly the ones designed to look normal. That is the worst possible moment to be working with a degraded human.
The "great divergence" is the real warning
The 75 percent figure grabs headlines, but Dupre's second claim is the strategic one. Over- or under-reliance both lose. The organizations that come out ahead are the ones that calibrate.
Under-reliance is the team that refuses to automate, drowns in alert volume, burns out its analysts on toil, and loses them to companies that do automate. That failure is familiar and we have written about it before. Over-reliance is the newer trap: the team that automates so completely that it has no one left who can function when automation fails — during a novel campaign, a poisoned model, an outage of the very tools they depend on.
The divergence is between organizations that treat AI as a layer that amplifies skilled humans and organizations that treat it as a replacement for them. Same tools, opposite outcomes. The deciding variable is not how much AI you buy. It is whether your operating model keeps humans in genuine command of the reasoning.
Countermeasures that actually work
The good news is that skill erosion is preventable, and the countermeasures are mostly about process, not procurement. A few that hold up under scrutiny:
Keep humans doing real analysis on a deliberate sample. Do not let automation close 100 percent of benign cases unreviewed. Route a randomized slice of auto-resolved alerts back to analysts for full manual investigation. It looks inefficient. It is your skill-retention budget, and it is cheap insurance against the day the model is wrong.
Make the AI show its work, not just its verdict. Automation that emits a yes/no with no reasoning trains reviewers to rubber-stamp. Automation that exposes the evidence chain, the data it pivoted through, and its confidence forces the human to engage with the substance. Explainability is a training tool, not just a compliance checkbox.
Protect the junior on-ramp on purpose. If agentic tooling removes the entry-level learning ground, you have to rebuild it deliberately — rotations through manual investigation, red-team exercises, purple-team drills, and structured mentorship. The skills that erode by 2030 are the ones nobody is practicing in 2026.
Run regular "automation-off" drills. Periodically have the team handle a shift, or a simulated incident, with the AI layer disabled. You will find out fast whether your people can still operate. Fighter pilots train for engine-out. SOCs should train for AI-out.
Measure the human capability, not just the throughput. Mean-time-to-respond looks great right up until the case the automation cannot handle. Track how your analysts perform on novel, unautomated scenarios over time. That trend line is the early-warning signal for the erosion Gartner is describing.
How Safeguard Helps
Safeguard's posture on this is that reliability — and the human judgment that depends on it — lives in the verification and orchestration layer above the model, not in the model itself. Our Multi-Agent TAOR Deep Think AI Engine and Griffin AI are built to surface the reasoning and evidence behind a finding, so the analyst reviewing it is engaging with the substance rather than rubber-stamping a verdict; multi-agent verification also cuts the false-positive noise that drives complacency in the first place. The platform is model-agnostic, so the AI components stay swappable while your team's analysis workflow and judgment remain the durable asset. If you are trying to adopt an AI-powered SOC without quietly eroding the people who run it, reach out and we will walk through how to keep humans in genuine command.
Sources: Gartner Security & Risk Management Summit 2026, National Harbor — Day 2 highlights (June 2026), prediction attributed to William Dupre, VP Analyst; supporting summary coverage of the summit's AI-SOC sessions.