AI Productivity in Cyber-Defence Centres: Yes, But Watch Out.

Faster detection, lower costs, and less burnout.

Artificial intelligence is transforming cyber-defence centres, as the evolved successors of traditional SOCs. Autonomous and adaptive AI systems now triage, correlate, and respond to thousands of alerts daily, turning reactive teams into proactive defenders. The result: faster detection, lower costs, and less burnout. Large platform providers such as Microsoft and Google have set the pace, deploying agentic AI that refines threat models and playbooks with every interaction. The promise is compelling - more protection with fewer people. Yet in the rush toward automation, context is often lost.

The productivity paradox

AI is a powerful multiplier, but only when grounded in real-world operational context. For critical infrastructure and cyber-physical systems, in energy, manufacturing, healthcare, and defence, digital threats can have physical consequences. A line of code can stop a turbine, disrupt a supply chain, or endanger lives.

Most enterprise-grade AI tools struggle in these environments. They are built for general IT ecosystems, not for the complex interplay between industrial assets, safety systems, and legacy infrastructure. Without sector-specific workflows and contextual awareness, automation risks widening the gap between alert management and actual defence.

Context is the missing variable

Effective cyber-defence depends on relevance, and understanding the unique dependencies, data flows, and physical realities of each environment. AI without context becomes noise at scale. Many current tools fail to integrate real-time asset visibility or to adapt playbooks to the physical consequences of cyber actions. The result is a dangerous illusion of productivity: more alerts processed, but not necessarily more security achieved.

Where startups step in

This is precisely where innovative European startups can lead. Unlike global platforms built for universality, agile ventures can design AI solutions that:

  • Embed industry-specific knowledge into detection and response.

  • Bridge digital and physical systems with adaptive, context-aware automation.

  • Integrate into legacy infrastructure without requiring wholesale replacement.

  • Focus on usability and actionable insights for lean, overstretched teams.

These companies combine speed with specialisation, which is a rare advantage in a field dominated by giants optimised for scale, not nuance.

Why Telum backs this space

At Telum, we invest in founders who close these critical gaps. Europe’s resilience depends on cybersecurity innovation that is not only intelligent, but contextually intelligent. AI can, and will, redefine cyber-defence, but only when it understands the terrain it protects.

The winners will be those who pair algorithmic power with operational depth. That is where Telum plays, and where Europe must win.