FinOps for SecOps: How to optimize the agentic SOC for value

Usman Chaudhary
Field CISO, Google Public Sector
Nikita Jagadeesh
Lead Group PM, Google Cloud Security
Get original CISO insights in your inbox
The latest on security from Google Cloud's Office of the CISO, twice a month.
SubscribeAutonomous agents can create a defender’s advantage in combating machine-speed threats, but CISOs need to appropriately prioritize AI workloads to scale the agentic security operations center (SOC). Otherwise, you risk exploding your budget by burning massive compute tokens on low-value tasks.
The agentic SOC is an operational necessity because the classic triage model can’t keep up with today’s machine-speed attacks.
"The mean time-to-exploit (TTE) vulnerabilities has continually decreased from 63 days in 2018 to minus-one day in 2024 and further downward to an estimated minus-seven days in 2025. A negative number indicates that exploitation of a vulnerability, on average, occurred before a patch was released. This trend is compounded by threat actors’ evolving interest in security appliances and networking infrastructure,” according to Google Threat Intelligence Group (GTIG) research in our M-Trends Report 2026.
The financial risk is both quantifiable and remarkable. “Agentic AI will autonomously make 15% of all day-to-day work decisions by 2028, up from 0% in 2024," according to GartnerⓇ. However, Gartner also warns, "Over 40% of agentic AI projects will be canceled by the end of 2027, due to escalating costs, unclear business value, or inadequate risk controls.”¹
Adopting an agentic SOC is an operational necessity to counter machine-speed threats, but blind adoption invites financial risk. The CISOs responsibility is not just as a technology leader, but as a business leader, said Chris Betz, CISO, Google Cloud, on a recent episode of the Cloud Security Podcast.
“AI, compute, and other resources exist to give leverage to our people, allow them to scale and do more,” he said. “This is about how we equip people with the tools they need... how do we let smart people solve hard problems, and computers do the rest.”
High compute is the enemy of ROI, so every workload needs to justify its token burn.
To be more resilient in AI adoption, CISOs should develop a disciplined "FinOps for SecOps" blueprint that maximizes threat disruption while keeping control over compute costs.
Balancing security value against compute cost
To capture the highest return-on-investment (ROI) while preventing runaway token costs, CISOs need to choose the security jobs to delegate to agents. We recommend mapping each workload by its AI-added security value — what an agent adds beyond your existing stack — against its compute cost.
Keep in mind that AI-added value measures what the agent contributes over your SIEM and automation, not the worth of the activity itself. High compute is the enemy of ROI, so every workload needs to justify its token burn.


Where should agents earn their tokens in the SOC? Start top-left, avoid bottom-right.
Q1: Start here, scale now — High value, low compute
-
The workloads: Detection and rule engineering, Tier 1 triage, context gathering, and investigation summaries.
-
Why it works: Bounded tasks at alert cadence give you the highest security value per token. Rule engineering should lead decisions: An agent turns fresh threat intelligence into a detection in minutes, closing the gap that standard patching can’t.
Q2: Strategic investments, justify carefully — High value, high compute
-
The workloads: Open-ended threat hunting, intelligence-driven retrospective hunts, multi-source correlation, and attack-path discovery.
-
Why it works: Reasoning no static rule can replicate has both a high impact and high cost. Given the cost, you should deploy this approach selectively and run asynchronously, since hunting isn't latency-sensitive. Once codified into a rule, a hunt graduates to the next quadrant.
Q3: Stick with SIEM, don’t use agents — Low value, low compute
-
The workloads: Alert deduplication, case clustering, ticket routing, Indicator of compromise (IOC) matching, and codified detections.
-
Why agents are wrong here: The work is valuable, but a SIEM does it faster and cheaper than an LLM. Don't pay a reasoning premium for what you already own.
Q4: The token trap, avoid — Low value, high compute
-
The workloads: Agents acting as SIEM over raw and federated data on the hot path — re-normalizing per query, "SIEM-less" real-time detection.
-
Why it fails: That prep is cheap when done once and reused with a SIEM, but forcing an agent to repeat it on every alert is slower, costlier, and worse. Keep agents above that groundwork, not in place of it.
For example, Google Security Operations will let you set token-budgets based on which agent you are using.
How to maximize ROI in the agentic SOC
The transition to an agentic SOC is a progressive journey. Because of its low compute cost and immediate high value, deploying the Triage and Investigation agent is the optimal starting point. To successfully navigate data and operational barriers, security leaders should be disciplined.
Step 1: Efficiently aggregate data: Centralizing security telemetry is critical for agent efficiency and preventing hallucinations. However, you don’t need to migrate every database to get started.
For well-formatted external databases, avoid costly migrations by using Google Cloud remote model context protocol (MCP) servers to allow custom agents to query context on-the-fly, bridging the gap between your security information and event management (SIEM) and broader IT estate.
Step 2: Titrate agent autonomy: Don’t unleash agents across the entire enterprise on day one. Throttle the agent's focus using precise business levers that have been mapped to your unified data model (UDM):
-
Filter by threat priority: Restrict the agent to your highest-priority alerts, or automatically clear out low-priority noise.
-
Filter by telemetry source: Focus exclusively on high-fidelity telemetry, such as endpoint detection and remediation (EDR) alerts.
-
Filter by target: Limit autonomous investigations to anomalous activity associated with VIP users and highly privileged administrators.
Step 3: Run parallel operations to prove value: Before shifting production workflows, execute a two to four week proof-of-value (POV) comparing traditional manual operations alongside agentic workflows. This process establishes a baseline, reveals what manual triage misses, helps build your operating model, and generates concrete, internal ROI proof points.
Step 4: Mandate verifiable autonomy with humans-in-the-loop: Analysts will ignore black box AI that only offers a generic confidence score. Build trust through verifiable autonomy: The agent must provide a deterministic risk level (high, medium, or low), explain its exact logic path, and provide direct audit trail links back to the raw SIEM logs.
Step 5: Shift the operational metrics: As analysts build trust in the system, move beyond basic mean time-to-detect (MTTD) and mean time-to-respond (MTTR). Measure success through new, high-impact lenses:
-
Massive toil reduction: Transforming an average 30-minute chore into a near-instantaneous validation step.
-
Democratization of talent: Empowering junior analysts with the enriched context and guided reasoning needed to make high-confidence decisions previously reserved for senior staff.
-
Accelerated onboarding: Bypassing the traditional six-month ramp-up period by relying on the agent's contextual summaries and actionable playbooks.
Step 6: Solve the apprentice gap: As AI automates top-tier duties, talent is elevated to proactive threat hunting. Prevent foundational skill degradation by requiring new hires to perform manual triage without AI during onboarding to prevent rubber stamping biases, and maintain persistent capture-the-flag (CTF) labs to preserve logical muscle memory.
Activating your agentic SOC
At Google, we’re building agents and relying on them to defend our customers and global infrastructure. By taking a FinOps approach to SecOps, you can safely capture the full capacity of agentic AI.
You can learn more about agentic security tokens here.
¹Gartner Press Release, Gartner Predicts Over 40% of Agentic AI Projects Will Be Canceled by End of 2027, June 25, 2025.
https://www.gartner.com/en/newsroom/press-releases/2025-06-25-gartner-predicts-over-40-percent-of-agentic-ai-projects-will-be-canceled-by-end- of-20271
GARTNER is a trademark of Gartner, Inc. and/or its affiliates.



