Threat intelligence leader Piotr Wojtyla joins host Mick Leach on the latest episode of SOC Unlocked to unpack how AI, behavioral modeling, and threat intelligence are converging to reshape modern security operations. Drawing from years in incident response and nation-state investigations, Piotr explains why combining known-good behavior with known-bad intelligence is critical to detecting today’s most evasive threats.

Together, Mick and Piotr explore how machine learning and LLMs are transforming the SOC from a linear alert factory into a feedback-driven decision engine—while also exposing new risks, from remote insider scams to agentic AI and SaaS token abuse. The conversation blends war stories, practical lessons, and forward-looking insight, underscoring a central theme: AI can elevate defenders dramatically, but strong security still depends on human judgment, curiosity, and fundamentals done right.

• AI detection works best when known-good behavior is combined with known-bad intelligence to add context, not just indicators.

• Security operations are moving from linear alert pipelines to continuous feedback loops powered by machine learning and LLMs.

• AI does not replace analysts; it amplifies skilled defenders who know how to question, guide, and validate its output.

• The attack surface is shifting beyond email to tokens, SaaS integrations, and third-party trust relationships, where visibility is weakest.
  

Interested in being on the podcast?

Contact us at SOCUnlockedPodcast@abnormalsecurity.com