Triage is a UX problem, mostly.

After six months of watching analysts work, I am convinced that what SOC teams need is less AI and more reorganization.

The good AI helps with that too, but only if it starts from the workflow: what gets grouped, what gets hidden, what needs evidence, and where a human should be asked before the system gets clever.