Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In its January 2026 report, Emerging Tech: Tech Innovators in Domain-Specific Language Models for SecOps, Gartner examines how domain-specific language models (DSLMs) are reshaping security operations. The report explains that DSLMs are designed to address the limitations of general-purpose language models by focusing on a particular task or use case – in this case, cybersecurity.

The time between compromise and data exfiltration now occurs before most SOCs finish their first triage. Phishing breaches succeed in under 60 minutes. The average SOC investigation takes 70. This is why financial institutions are operating at a structural disadvantage.

Picture this: it’s 2am, your pager goes off, and you’re staring at a production database that’s on fire. You know exactly what’s wrong. You know exactly how to fix it. But you can’t touch anything because you’re waiting on someone to approve your access request. Meanwhile, your customers are down, your SLAs are bleeding out, and you’re refreshing Slack, and every minute you spend waiting is another minute of damage you could’ve prevented.

In many organizations, there is a dangerous unspoken rule: The SOC handles endpoints and networks; Engineering handles APIs. This silo creates a massive blind spot. We recently spoke with the Senior Manager of Security Engineering at a major insurance provider, who described this exact pain point.

Security operations have never been more complex. Analysts face more alerts, more tools, and more pressure to make the right decision at the right moment. The work feels less like running a security program and more like trying to keep an orchestra in sync while each musician plays from a different sheet of music. This is the challenge Sam was created to solve. Sam, the Securonix AI SOC Analyst, acts like a skilled conductor guiding a symphony.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo.