DOI: 10.3390/app16136454 ISSN: 2076-3417

AI-Driven Threat Detection and Automated Incident Response for Securing Cloud Workloads

Anton Chagovec, Teodora Bakardjieva, Antonina Ivanova, Fatima Sapundzhi, Veselina Spasova, Andriana Ivanova

The increasing adoption of cloud computing has expanded organizational attack surfaces and created additional opportunities for identity abuse, ransomware operations, data exposure, and configuration-related security incidents. Conventional monitoring environments based primarily on static rules, fragmented telemetry, and manual triage often struggle to prioritize high-severity incidents in real time. This study evaluates the operational impact of an integrated AI-augmented cloud-native SIEM/XDR/SOAR architecture for cloud threat detection and automated incident response. A sequential mixed-methods comparative case study was conducted across two enterprise-style security environments: an AI-augmented architecture combining cloud-native SIEM, XDR telemetry unification, behavioral analytics, AI-assisted correlation, generative-AI analyst support, and SOAR automation, and a conventional baseline environment based on manual triage and signature-based controls. Three attack scenarios were analyzed: phishing-led account takeover, multi-stage ransomware, and shadow-IT data exfiltration. The AI-augmented architecture reduced mean time to triage from 17.4 h in the conventional baseline to 10.7 min and enabled ransomware containment in under five minutes through pre-configured automated response playbooks. The results also showed improved prioritization of high-severity incidents, reduced analyst review burden, and a high automated closure rate. The findings provide operational evidence for the evaluated security architecture. Limitations include single-vendor dependency, non-equivalent false-positive classification mechanisms, proprietary model internals, calibration requirements, and detection gaps involving legitimate third-party services and password-protected content.

More from our Archive