From Manual to Agentic Security Operations: A Multi-Dimensional Evaluation of AI-Driven SOC Architectures

Security Operations Centres (SOC) are increasingly encountering more alerts, overstretched analysts, and delays in responding due to the growing complexity of the infrastructure as well as the generation of cyber threats. Even though automation and SOAR platforms have brought greater levels of stability in operations, they are more of a rule-based system and rely on human judgment. New advances in artificial intelligence (AI) allow now transitioning to agentic SOC architecture, where intelligent systems identify, emphasise, and take response actions independently with minimal human oversight. In this paper, it is hypothesised that a multidimensional assessment framework with an Efficiency, Effectiveness, and Experience (3E) model can be created to consider how agentic AI has been used operationally and organisationally in SOC worlds. On the basis of imitative yet analytically valid security telemetry data obtained within a period of 90 days of simulated observation, we perform a comparative evaluation of the traditional SOC workflows, which were concerned with analysts, and the workflows based on AI that was improved. A qualitative analysis of analyst workload distribution and decision control is a complement to quantitative indicators like MTTD, MTTR, false warning frequency, and alert escalation frequency. They are found to demonstrate that agentic AI will greatly decrease the time of detection and response, stabilise operational performance with a high load of alerts, and convert the roles of the analyst to controlling management. Besides enhancing efficiency, the findings indicate a structural change in the functioning of SOCs, and autonomy is one of the aspects in the future responsibility of SOCs. The research furnishes an operational guide to assessment and furnishes strategic direction to those organisations that are advancing to intelligent security operations.