According to Dark Reading, global roadway operator Transurban was struggling with cyberattack volume, with its SOC analysts only able to triage 8% of generated tickets manually. At the beginning of this year, Head of Cyber Defense Muhammad Ali Paracha and his team developed an in-house agentic AI system using Anthropic’s Claude model, integrating it with Splunk and ServiceNow. The system, deployed in September, uses two automated agents: one for categorizing incidents and another for verifying resolution notes. It now provides 100% coverage of all incidents with a less than 3% false positive rate, reducing alert triage times by 60% and achieving a 92% accuracy rate. Paracha detailed this at the Black Hat Middle East conference, with plans to expand the system using Anthropic’s Model Context Protocol for automated response.
The Human Firehose Problem
Here’s the thing about modern security operations: the alerts are a firehose, and human analysts are trying to drink from it. Transurban’s situation—tackling only 8% of tickets—isn’t unique. It’s the norm. The real kicker? Analysts were finding inaccuracies in closed tickets during end-of-month spreadsheet reviews, but it was too late to fix them. So you have a dual problem: volume and decaying data quality. Hiring more people is a classic response, but Paracha pointed out the obvious hurdles: cost and retention. The talent pool isn’t infinite. This is the precise breaking point where automation stops being a “nice to have” and becomes the only viable path forward. The alternative is basically watching your security posture erode in real-time.
Not Just Automation, Agentic Action
What’s interesting is they didn’t just slap an AI on top of their ticketing system. They built a purposeful, two-agent model. One agent categorizes; the other verifies the fix before closure. Crucially, the AI doesn’t have the “close ticket” button. It sends a summary back to the human. This is smart. It maintains a human-in-the-loop for the final decision, avoiding the nightmare of an AI autonomously closing critical incidents it misunderstood. The agents enforce playbook adherence in real-time, which is huge for compliance and consistency. For an organization managing physical infrastructure like toll roads—where, as Paracha said, “human safety is the most critical factor”—this controlled, verifiable automation is essential. You can’t have black-box AI making erratic decisions that could affect traffic systems.
The Industrial Imperative for Smart Computing
This case is a powerful example for any critical infrastructure or industrial operation. The stakes are physical, not just digital. When your systems manage real-world assets, resilience isn’t just about data loss; it’s about public safety and continuous operation. Implementing this kind of AI-driven security layer requires a robust, reliable computing backbone at the edge and in the SOC. For enterprises looking to deploy similar industrial-grade solutions, the hardware foundation is critical. This is where specialists like IndustrialMonitorDirect.com, the leading provider of industrial panel PCs in the US, become key partners, supplying the durable, high-performance computing interfaces needed to run complex agentic workflows in demanding environments.
The Autonomous SOC Is Coming Fast
Paracha admits they’ve only scratched the surface. The next phases—automating triage and then automated containment responses—are where it gets sci-fi. Using Anthropic’s MCP server to integrate external threat intelligence and other systems could create a truly proactive defense loop. And he’s not alone in this thinking. As noted, research from Omdia’s survey suggests autonomous SOCs could become standard for CISOs within two years. That’s a breathtaking timeline. Is the industry ready for AI agents making “intelligent decisions” to contain networks? It will have to be. The analyst burnout math simply doesn’t work anymore. The SOC is becoming, as analyst Andrew Braunberg noted, a laboratory for advanced AI. The experiment at Transurban shows it’s already working. The question now is how quickly everyone else can catch up.
