Fortinet Launches FortiSOC to Bring AI to Security Operations

• Fortinet launched FortiSOC, combining six security operations tools into one platform.
• FortiSOC includes AI-powered investigation and response through FortiAI-Assist.
• Fortinet retained standalone security products alongside the new unified platform.
• Company did not release performance metrics validating FortiSOC’s AI capabilities.

Cybersecurity companies have spent the past year making the same promise in different ways: let AI handle the flood of security alerts so analysts can focus on the attacks that actually matter. Fortinet’s answer is “FortiSOC”.

Announced on June 16 after an early preview at the company’s Accelerate conference in April, the new platform packages six security operations functions into a single cloud-delivered subscription.

Security information and event management (SIEM), security orchestration and automated response (SOAR), threat intelligence, user and entity behavior analytics (UEBA), case management, and identity threat detection (ITDR) now sit behind one interface instead of several. On paper, it looks like a major product launch but in practice, it is equally a packaging strategy.

One Platform, Familiar Products

Fortinet is not replacing the products many customers already use.

FortiAnalyzer, FortiSIEM, FortiSOAR and FortiTIP will continue receiving updates and remain available separately. FortiSOC simply combines those capabilities into a single SaaS platform with one subscription, one console and one management layer.

That consolidation solves a genuine enterprise problem.

Security teams increasingly operate dozens of tools from multiple vendors. Every additional dashboard introduces another login, another workflow and another integration to maintain. Reducing that operational overhead is valuable even before AI enters the conversation.

Seen through that lens, FortiSOC is less a brand-new platform than a simplification of an existing portfolio.

Where AI Changes the Pitch

The bigger claim comes from FortiAI-Assist, the AI layer embedded inside FortiSOC.

Using Model Context Protocol (MCP), Fortinet says the assistant can investigate alerts, correlate activity across identities and assets, generate response playbooks and recommend or execute actions while remaining under analyst oversight.

“The speed of AI, consistency, and clarity to stay ahead of threats without the overhead of managing multiple tools,” is how founder, president and CTO Michael Xie described the platform. Those are attractive promises. What is missing are the numbers that usually accompany them.

Fortinet has not published reductions in false positives, improvements in mean time to respond, or customer case studies showing measurable gains in production environments.

That omission stands out because competitors increasingly compete on proof rather than features.

A Crowded Market That Speaks in Metrics

FortiSOC enters one of enterprise security’s fastest-growing categories.

Microsoft, CrowdStrike and Palo Alto Networks are expanding AI-assisted SOC capabilities, while startups including Torq, Simbian, Prophet, Exaforce and Dropzone are building businesses around autonomous security operations. Many already lead with customer metrics.

One vendor says its platform automatically resolves 92% of alerts. Another reports customers saving seven analyst-hours per day. An MSSP case study from another competitor claims 82% of incidents are now automated.

These are vendor-reported figures and deserve healthy skepticism. But they establish the language the market now speaks.

Fortinet, unusually for a company that typically backs product launches with benchmark data, has yet to publish comparable evidence for FortiSOC.

Wall Street’s reaction reflected that measured rollout. Fortinet shares gained roughly 2.2% following the announcement, broadly tracking cybersecurity peers rather than signaling investors viewed the launch as category-defining.

Why Trust Matters More Than Features

The larger challenge for FortiSOC extends beyond automation. Security teams have spent years experimenting with rule-based SOAR systems that promised to automate investigations but often failed when real attacks deviated from predefined workflows. That history makes explainability more important than autonomy.

Analysts increasingly want AI systems that show why a decision was made, what evidence was used and what actions can be overridden before anything changes inside production environments.

Fortinet says FortiAI-Assist operates under analyst oversight, but the announcement offers few details about what that oversight actually looks like. It does not explain how reasoning is surfaced, what gets logged for auditing or where analysts retain final control.

Those questions matter because trust, rather than capability, remains the biggest barrier to autonomous security operations.

IDC analyst Michelle Abraham noted in Fortinet’s announcement that organizations are increasingly prioritizing cloud-delivered SOC platforms and streamlined analyst workflows. That reflects where the market is heading.

Whether FortiSOC becomes one of the platforms that defines that future is a question customers, not product announcements, will answer.

For now, Fortinet has delivered a cleaner way to buy and manage its security portfolio. Whether it has delivered a genuinely autonomous SOC is something the company will still have to prove with customer deployments, operational metrics and real-world results.