SECURITY OPERATIONS · THE IRONIES OF AUTOMATION

“Automate the SOC and you won’t need analysts.” A researcher took that apart in 1983.

Lisanne Bainbridge’s Ironies of Automation was written about cockpits and power plants — but it reads like a memo to every security team rolling out AI today: the more you automate, the more you need your best human, and the harder you’ve quietly made their job.

Every SOC pitch sounds the same right now: automate the alerts, bolt on an AI copilot, and your team finally gets ahead of the queue. Fewer humans, less grunt work. It’s a good promise — and it’s almost exactly the promise Lisanne Bainbridge dismantled more than forty years ago.

In 1983 she published a short, sharp paper called Ironies of Automation. She was writing about aircraft and industrial control rooms, long before SOAR pipelines or large language models existed. But every line lands on the modern security operations center, because the trap she described was never really about the technology. It was about what automation does to the people left holding it.

The three ironies, in SOC terms

The human gets the hardest 5%

Automation handles the routine alerts beautifully. What it hands the analyst is everything strange, novel, and ambiguous — the incidents with no playbook — usually cold, with no warm-up and the clock already running.

The skills you need most quietly rot

An analyst who only supervises the machine slowly loses the hands-on instinct to take the wheel when it fails. Bainbridge’s sharpest point: automation erodes the exact expertise you are counting on in a crisis.

Humans are bad at watching

Staring at a green dashboard for hours is precisely the task human attention cannot sustain. In 1983 they called it the “vigilance decrement.” We call it alert fatigue. Same prophecy, new acronym.

Now point all of that at AI

Everything Bainbridge warned about gets amplified when the automation is an AI model instead of a rules engine. An LLM triaging alerts is more capable and more confident — which means it takes on more of the easy work, leaves an even thinner and stranger slice for the human, and is harder to second-guess when it’s quietly wrong. The better the demo, the deeper the irony.

This is the same lesson we keep relearning the hard way. We recently cleaned up a WordPress site that three automated scans had declared healthy while it was hacked for 37 days — the tools were “green,” the site was compromised, and only a human who knew where to look caught it (that whole story is here). AI can scan. It can’t be accountable. Bainbridge could have told you that in 1983.

What good automation actually does

The fix isn’t less automation — it’s automation designed around the analyst instead of against them. Automate the toil, never the judgment. Keep humans in the loop on the calls that matter, so their instincts stay sharp for the day the model is wrong. Build systems that explain themselves, surface the weird cases early instead of burying them, and treat the operator as the most important component in the design, not the cleanup crew for whatever the bot couldn’t handle.

That’s the whole philosophy behind how we build automation and AI at AZ Technology Solutions: tools that make a skilled human faster and sharper, not tools that pretend the human isn’t needed until the moment everything is on fire. The goal of a SOC was never “fewer people.” It’s protecting real people and their data — and that still takes humans and machines working as one system.

Reference: Bainbridge, L. (1983). “Ironies of Automation.” Automatica, 19(6), 775–779. doi.org/10.1016/0005-1098(83)90046-8

Rolling out automation or AI in your security stack?

Let’s make sure it makes your team sharper instead of setting up Bainbridge’s trap. Bring your stack and your goals — you’ll get an honest read from someone who has built SOAR playbooks and AI agents in production. No alarm, no hard sell.

ABOUT THE AUTHOR

Angel Menendez — Founder, AZ Technology Solutions

Former Staff Developer Advocate at n8n, with 20+ years at the intersection of cybersecurity, automation, and AI — SOAR playbooks at Palo Alto Networks, AI-agent infrastructure at n8n, and production systems for organizations that can’t afford “AI that demos.” I build the tools and stay accountable for what they protect.

See what I speak about →  ·  Grab free office hours →

Stay curious out there.