Insights

AI SOC Economics: Costs, Pricing Models, and Who Keeps the Savings

AI SOC tools lower alert-handling costs, but vendors, MSSPs, and buyers fight over the margin. The unit economics, pricing models, and operator playbook.

By Alexej Pikovsky  ·  Updated

An AI SOC is a security operations model where AI agents triage, investigate and enrich alerts before human analysts make the judgment calls. Every AI SOC pitch promises to cut your security costs. Grant it. The savings are real, and the demos are not lying about the alert volumes an agent can chew through.

What none of the pitches answer is the only question that matters to a P&L: who keeps the money the AI saves. The tool vendor, the MSSP or MSP running the service, or the buyer at the end of the chain. That is the whole of AI SOC economics, and almost nobody is doing the math.

I read this the way I read any market, from an operator's seat, because I run growth for MSPs and cyber firms and spend my time on where the margin actually lands. This is the third piece in a series on the cyber market, after the cybersecurity market map and the MSP tool stack, and it is about the money rather than the features. The features are covered everywhere. The unit economics are covered almost nowhere, which is strange: for anyone selling security rather than buying it, the unit economics are the whole story, and they will decide who wins the next few years in this market.

The terms this article prices
TermWhat it means
AI SOCA SOC where AI agents handle triage and first-pass investigation; humans keep the judgment calls
SOCSecurity operations centre: the team and tooling that monitors and responds to alerts
MSSP / MDRManaged security service provider / managed detection and response: outsourced SOC services
XDR / SIEM / SOARThe detection stack: extended detection, log analytics, and response automation
Tier-1 / Tier-2The triage and first-investigation layers of SOC work; the toil AI absorbs first
Digital FTEPricing an AI agent like a salaried analyst: a flat fee for a defined workload
Compute-unit pricingBilling for the underlying AI work (tokens or provisioned compute) rather than per seat or alert

Why the old SOC math was broken

The average security operations centre takes in more than 4,400 alerts a day and never looks at roughly two thirds of them. That is not a staffing failure. That is the arithmetic of the old model, and it explains why the SOC was always a business losing a race with its own inbox.

The labour line

Start with the labour line, because that is what a SOC mostly is. A competent 24/7 SOC needs 8 to 12 full-time analysts, and the salaries are not cheap: Tier 1 runs $70,000 to $90,000, Tier 2 investigators $85,000 to $120,000, threat hunters $110,000 to $150,000, and a SOC manager north of $130,000. Load benefits on top (BLS data puts benefits near 30 percent of total comp, roughly a 1.43x multiplier on base) and personnel alone lands between $1.6M and $2.1M a year before a single tool. Expel puts a good in-house SOC at $2M to $2.5M a year, and real excellence above $3M.

Then the people leave. Security operations runs 20 to 40 percent annual turnover, driven by burnout, and every analyst who walks costs an estimated $100,000 to $200,000 to replace once you count recruiting, onboarding and lost knowledge. You pay premium salaries to fill a bucket with a hole in it.

The demand side

Now the demand side. Alerts scale with the attack surface. Humans do not.

The average analyst sees more than 500 alerts a shift, about half of them false positives, against a healthy-capacity target of under 50 a day. D3 Security reckons human-only throughput tops out near 85 alerts an analyst a day, and most SOCs blow well past that.

CSO Online has a good name for the bind: the SOC triangle, the trade-off between quality, consistency and cost that no team has ever fully solved. Push on one corner and another gives. Add the tool sprawl (Torq reckons the average enterprise runs more than 80 security tools, most billed per seat or per alert) and you have the real picture.

The SOC P&L was a headcount line. It only went up, and it never caught up.

What AI actually changes, and what it doesn't

Here is the number that breaks the old model: Torq claims its automation clears up to 95 percent of Tier-1 and Tier-2 tickets and lets a team absorb four times the alerts at the same headcount. If even directionally true, that severs the link the SOC was built on, the one between alert volume and headcount.

What AI genuinely does is collapse the toil. Investigations that took around 70 minutes drop to minutes. The extreme cases are startling.

D3 Security's Morpheus case study describes one MSSP deployment cutting 144,000 monthly alerts down to 200 that needed a human, a 99.86 percent reduction, and recovering 7,800 analyst-hours a year for a 10-person SOC. Treat that as what it is: a vendor case study with an unnamed customer. Directional, not audited.

The closest thing to a neutral read comes from a study the Cloud Security Alliance ran with Dropzone across 148 working analysts. AI-assisted teams finished investigations 45 to 61 percent faster and scored 85 to 97 percent accuracy against 63 to 68 percent for the manual teams. Dropzone co-published it and benefits from the result, so it is vendor-adjacent rather than academic, but the sample is real and the gap is wide.

Now the part the pitches skip. This is early. Gartner reportedly finds fewer than a quarter of enterprises running AI-enhanced security tools in production, against a wall of marketing that implies everyone already has.

Full autonomy is not on the table either. Dropzone's own founder, Edward Wu, says plainly that a fully autonomous SOC is still technically impossible, partly because much of the context needed to close a case lives in people's heads, and partly because an unsupervised quarantine action carries real liability.

So the capability is real and the deployment is early. The link between alerts and analysts is broken in the lab and on the best deployments. It is not yet broken across the market, which matters a lot for what comes next.

The variable cost nobody prices: tokens

Arctic Wolf has a phrase for the thing buyers keep missing: tokens are the new unknown. Every AI investigation is a stack of prompts, retrievals and reasoning chains, and each one costs money to run. Dropzone's Edward Wu says a single alert investigation fires off more than 100 distinct language-model calls under the hood. That is the meter, and it never stops spinning.

The per-unit numbers look small until they do not. A guided investigation runs 20,000 to 50,000 tokens, roughly $1 to $3 on Sonnet-class models, about $2 an alert across tens of thousands of real cases. A complex multi-stage incident can burn millions of tokens in minutes. LLM prices fell about 80 percent between early 2025 and early 2026, which helps, but security workloads stay lumpy because the data volume and reasoning depth are unpredictable by nature.

Practitioners feel this directly. Eric Capuano, an independent detection-engineering consultant, describes a peer who ran automated agent sessions against the Claude API in the background and woke up to a $30,000 bill. His own rule is to start with the cheapest model that can do a task, benchmark its error rate, and only pay up for a stronger model when the rework from mistakes costs more than the price gap. Model selection is a cost decision now, not just a quality one.

There is a structural twist too. Capuano flags that the flat-rate subscription usage a lot of teams leaned on for automated work is moving to metered API billing, so costs that felt fixed are about to go variable.

The FinOps problem has arrived in security. AI did not remove the SOC's cost. It moved it from payroll to compute and made it variable, and whoever eats that meter and whoever marks it up is a margin decision, not a footnote.

Who actually keeps the savings

So the AI cuts the cost. The question I promised at the top is where the cut goes, and there are only three places it can land.

The vendor can keep it through licensing and token markup. The MSSP or MSP can keep it as margin. Or the buyer can keep it as a lower price.

They cannot all keep the same dollar. That split is the core of AI SOC economics, and most operators have not clocked which way it is flowing.

The size of the prize

Start with the size of the prize. D3 Security's Morpheus case study puts a human-only MSSP SOC at 35 to 50 percent gross margin and an AI-augmented one at 70 to 85 percent. That is the number everyone quotes, so quote it honestly: vendor-reported, from an unnamed customer, directional rather than audited.

Take it as the shape of the opportunity, not a guarantee. A shift of that size, even half real, is the difference between a decent services business and a great one.

The default: the vendor captures it

Here is the trap, and this next part is my read rather than a published figure. Bolt an AI engine onto the same service tier, keep the per-seat or per-alert price, keep the service definition identical, and the efficiency shows up as lower cost to serve for whoever owns the software in the delivery path. That is the vendor.

Underdefense's 2026 trends piece names Arctic Wolf, CrowdStrike and ReliaQuest, alongside legacy MSSPs, as running AI as an assist on top of human-first workflows rather than redesigning the tier around it. Bolt it on and leave your pricing alone, and the vendor captures the gain through the license and the token bill while your MSSP margin barely moves. It is the same capture dynamic that shows up in where the venture money into MSP software went: the tools are funded on the promise of exactly this margin.

The savings are real. They are just not yours by default.

Who gets disintermediated

Who gets disintermediated is the sharpest version of the question. KuppingerCole's Matthew Gardiner splits the field cleanly. If you are an alert-forwarding MDR, you are exposed, because your customer can now triage those same alerts in-house with the same AI you were reselling. If you are a high-value provider doing real investigation and response, the automation makes your service better and your economics better at the same time.

Gardiner also notes the tell that gives the game away: AI SOC vendors are already becoming customers of MDR providers, so the disruption and the demand are running in both directions at once.

Who keeps the savings, by scenario
ScenarioWho captures the marginWhy
AI bolted onto an unchanged per-seat or per-alert tierThe vendorLower cost to serve accrues to whoever owns the software; your price and service definition never moved
Service re-tiered around outcomes or digital-FTE pricingThe MSSP / MSPFee tracks the security result, so cheaper alert handling lands in the operator's margin
Commoditised triage in a competitive marketThe buyerCompetition passes the efficiency through as a lower price
Alert-forwarding MDR with no judgment layerNobody: the model is disintermediatedThe AI does the forwarding and first pass; the human value has to move up or out

Whether the savings reach your bottom line comes down to one decision: whether you re-tier and re-price, or leave the model exactly as the vendor shipped it.

Why per-alert and per-seat pricing are breaking

Price security the old way and you build a trap for yourself: the better your AI gets, the less you earn. Everest Group calls per-alert pricing a perverse incentive, and they are right.

The whole point of a good agent is to kill false positives, so the fewer, cleaner alerts you produce, the more secure your client is and the smaller your invoice. You get punished for doing the job well.

Per-endpoint pricing breaks from the other end. Once a single agent instance can cover thousands of endpoints, the price is tied to a resource count that no longer reflects your cost to serve.

Three models are replacing them. Outcome-based pricing puts skin in the game: Arctic Wolf's breach warranty of up to $3M is the clearest example, the provider carrying part of the risk it is paid to reduce. Digital-FTE pricing rate-cards an AI agent like a contracted analyst, which is how Dropzone sells at $36,000 a year for up to 4,000 investigations, roughly one human Tier-1's annual output.

Compute-based pricing bills the underlying work: Microsoft's Security Copilot runs on compute units at $4 an hour provisioned, and one unit running around the clock costs about $35,000 a year, landing within a rounding error of Dropzone's very different model. A hybrid of the two works well: a fixed baseline plus metered usage with a hard cap, so a bad month cannot run away from you.

SOC pricing models compared
ModelHow it billsWhat happens as the AI improves
Per alertFee per alert processedRevenue shrinks as the AI kills false positives
Per seat / endpointFee per user or devicePrice stays tied to headcount while cost of delivery collapses; vendor license captures the gap
Outcome-basedFee tied to coverage, response time, risk reducedSavings land with the provider; buyer pays for results, not activity
Compute-basedBills the underlying AI work (tokens, provisioned compute)Transparent but volatile; a hard incident can spike the bill
Digital FTEFlat fee for an AI agent doing a defined analyst workloadPredictable for the buyer; margin scales for the provider as the agent gets cheaper to run

The read for an operator is simple. The pricing model is not an admin detail. In AI SOC economics it is the mechanism that decides whether you or your vendor keeps the efficiency gain from the last section.

Per-alert and per-seat hand it upstream. Outcome and digital-FTE models let you hold onto it, because your revenue tracks the result you deliver, not the unit of work the AI just made cheap. Pick the model that lets you keep the margin, then negotiate everything else around it.

What to do if you run an MSP

If you change one thing this quarter, change how you price, because that single move decides who keeps the margin the AI is about to create. The same logic sits behind how much an MSP should charge in every service line. The operator playbook runs four moves, biggest lever first.

Re-price around outcomes, not alerts or seats

This is the whole game from the last two sections. Tie your fee to the security result (coverage, response time, risk reduced) so that when the AI makes an alert cheap to handle, the saving lands in your margin instead of the vendor's license. Every month you keep billing per alert or per seat is a month you subsidise your vendor's efficiency.

Own the token line and treat it as COGS

Compute is a variable cost of goods sold now, not a footnote. Put it on the P&L, watch it per client, and negotiate a fixed-cost or capped arrangement with your platform so a complex incident cannot blow up your unit economics in an afternoon. If you cannot see the meter, you cannot price above it.

Stop scaling Tier-1 headcount, hire for judgment

The work AI absorbs is exactly the Tier-1 and Tier-2 toil you used to hire against. CSO Online's framing holds: the human role moves from throughput to judgment. Your next hire should be an incident lead who can own a hard call and a client relationship, not another pair of hands to clear a queue.

Manage the exit multiple, not just the ops

A labour-bound MSSP running a 40 percent margin and an AI-augmented one running north of 70 are not the same business at sale. The mechanics are the ones that drive MSP valuation multiples everywhere else. MDR and XDR specialists already trade at 10 to 16 times adjusted EBITDA against 7 to 10 times for pure-play, labour-heavy MSSPs. Acquirers are starting to test SOC economics against automation benchmarks, and the premium accrues to whoever owns software in the delivery path. There is now a class of venture-funded buyers of MSPs built on precisely this arbitrage. Nobody has pinned the exact AI premium yet, so I will not invent one, but the direction is not subtle.

One honest note to close on AI SOC economics. I checked the salary, pricing and multiple figures against named sources where I could, and flagged the estimates. The headline margin shift from 35 to 50 percent up to 70 to 85 percent is vendor-reported and early, so treat it as the shape of the opportunity, not a promise. If you want the tools behind all this, I mapped the full MSP tool stack and the wider cybersecurity market map in two companion pieces.

FAQ

Does the AI SOC replace security analysts?

No. It replaces Tier-1 and Tier-2 toil, the triage and first-pass investigation that burns analysts out. The people move up rather than out. The 2026 consensus across Gartner and the vendors is augmentation, with humans shifting to judgment calls, threat hunting and incident leadership. Given millions of unfilled security roles, the demand is there to absorb them.

How much does an AI SOC actually cost?

It depends on the layer. Fully managed AI-SOC-as-a-service starts around $11 to $15 per endpoint a month, and MDR contracts run $7 to $30 per endpoint. Per-investigation tools like Dropzone start near $36,000 a year for roughly one analyst's output. The variable you cannot ignore is compute, about $2 an alert, which climbs fast on complex incidents.

Is an AI SOC cheaper than in-house or a traditional MSSP?

On paper, almost always. A 24/7 in-house SOC runs $2M to $2.5M a year, and AI investigation can cost dollars where a human costs hours. The catch is who eats the token bill and how the service is priced. Bolt AI onto an old per-seat contract and the vendor keeps most of the saving, not you. Re-tier and re-price and the math flips.

What pricing model should an MSP use for AI security?

Outcome-based or digital-FTE, not per-alert or per-seat. Per-alert pricing shrinks your revenue exactly when your AI improves, and per-endpoint pricing stops matching your cost once one agent covers thousands of devices. Tie the fee to the result, or rate-card the agent like a contracted analyst, so the efficiency gain lands in your margin rather than the vendor's.

Is the jump to more than 70 percent gross margin real?

Directionally yes, audited no. The 35 to 50 percent up to 70 to 85 percent figure comes from a single D3 Security vendor case study with an unnamed customer, so treat it as the shape of the prize rather than a number to model against. The mechanism is sound: AI removes the labour that capped margin, and capital markets are already pricing tech-enabled MDR above labour-heavy MSSP. The exact figure for your own business is yours to prove, and it will depend entirely on how you price and who eats the compute.