Beyond the Chatbot — Delivering an Agentic SOC for Real-World Defense

Practitioner talk presented at [[unprompted-conference-march-2026|[un]prompted Conference]] (Day 2 / Stage 1 / 15:05) by Peter Smith (Director, Agentic SOC Product Management, Salesforce) and Ravi Kiran Sharma (Lead Security Engineer, Salesforce).

Key Claim

The “copilot” era of SOC tooling — Q&A interfaces over telemetry — is a transitional pattern. The next frontier is the Agentic SOC: a system in which autonomous agents plan, reason, and act on alerts, investigations, and containment. Reaching that pattern requires architectural change away from the monolithic black-box copilot toward a Polyphonic (Supervisor-Worker) decomposition: a coordinating supervisor delegates well-scoped subtasks to specialised workers, each with constrained tool access and verifiable behaviour.

Architecture: Polyphonic (Supervisor-Worker)

The talk frames the architectural choice as the load-bearing decision for an Agentic SOC. A Polyphonic design separates planning from execution: the supervisor maintains the investigation state and decomposes the workflow; workers execute discrete, narrowly-scoped tasks (correlation, enrichment, containment, evidence collection) and return to the supervisor. The decomposition is positioned as the antidote to monolithic copilots that conflate planning, tool use, and judgement in a single unobservable forward pass.

Architecture detail not in source

The published abstract names the Polyphonic (Supervisor-Worker) pattern but does not specify the supervisor’s policy primitives, the worker contract, the orchestration substrate, or the trust boundary between supervisor and workers. Slides and transcript are not yet ingested. Treat this page as a stub until that material is captured.

Companion Salesforce Material

Salesforce contributed two talks to the same conference:

• 1.8M Prompts, 30 Alerts: Hunting Abuse in a User-Defined Agent Ecosystem (Matt Rittinghouse + Millie Rittinghouse, Stage 2 / Day 2 / 13:30) — the detection half of the Salesforce story: behavioural anomaly detection over 12,000+ unique daily agents across 55,000 tenant orgs, producing fewer than 30 high-fidelity alerts per day from ~1.8M prompts. See Prompt-Volume-to-Alert Ratio.
• Beyond the Chatbot (this page) — the response half: how the Agentic SOC consumes those alerts and acts on them through a Polyphonic architecture rather than a monolithic copilot.

Together the two talks describe the upstream (detection) and downstream (response) halves of an end-to-end agentic SOC operation at production scale.

Cross-References

• Salesforce — operator entity; the Agentforce-scale context of the talk.
• Agent Observability — the observability primitives a supervisor-worker decomposition makes feasible (per-worker traces, supervisor-level decisions).
• [[unprompted-conference-march-2026|[un]prompted March 2026]] — conference listing.
• Talks vs RA + CMM relevance ranking — companion analysis.

Open Questions

• How does the supervisor enforce trust boundaries against worker outputs? (No detail in abstract.)
• What is the policy surface — Cedar/OPA-style declarative rules, or imperative supervisor logic? (No detail in abstract.)
• How does this compose with Agentforce’s behavioural anomaly detection from the Rittinghouse talk? (Two halves of the same SOC story but the explicit handoff is not described in either published abstract.)

Status

stub-summary — based on the published 2-paragraph abstract only. Promote to summarized when slides and/or transcript are captured to .raw/talks/.