Arctic Wolf CEO On How AI Will ‘Revolutionize’ The SOC, MSP Opportunities In 2026

In an interview with CRN, Arctic Wolf CEO Nick Schneider says the cybersecurity skills shortage will to a large degree be solvable as AI and agentic capabilities become more available in the Security Operations Center (SOC).

The cybersecurity skills shortage will to a large degree be solvable in the future as AI and agentic capabilities become more available in the Security Operations Center (SOC), according to Arctic Wolf CEO Nick Schneider.

In an interview with CRN, Schneider said that security operations platform provider Arctic Wolf is looking to propel the segment forward when it comes to applying GenAI and AI agents to the SOC, through capabilities including the vendor’s Alpha AI portfolio of technologies.

“There’s this massive opportunity here to take the core of what Arctic Wolf’s offering has always been around security operations—take the scale of the operation that we have built on top of the platform that we have built—and leverage those key ingredients to deliver a revolutionary change in the cyber market,” he said. “That is where you can get these skillsets [delivered] via technology.”

Ultimately, “that’s where I think the age of AI could really transform and revolutionize the Security Operations Center—which is, arguably, the only proven solution to combating cyber risk,” Schneider said.

During the interview, Schneider also discussed opportunities for MSPs in 2026 with Arctic Wolf, following the debut this year of a revamped MSP program.

Additionally, the Arctic Wolf CEO spoke about the momentum for Aurora Endpoint Security, which is the company’s offering in endpoint detection and response (EDR). The Aurora EDR offering is based on Arctic Wolf’s $160 million acquisition of Cylance from BlackBerry in February.

What follows is more of CRN’s interview with Schneider.

What have been the biggest themes for Arctic Wolf in 2025?

We obviously brought Cylance into the business and entered the endpoint space, which has been great. We’re overachieving what we expected to do as we brought the business in. That’s a testament to our belief that, yes, customers want tools and capabilities—but what they’re really looking for is a broader security operations outcome. Endpoint is one component, but a broader platform and broader outcome-based approach is what they’re really after. We’ve continued to expand internationally, and those markets all continue to grow exceptionally fast. And then we’ve done a lot of work on the platform. The platform now is operating at massive scale. It’s 10 trillion-plus security events per week. It’s tens of millions of investigations per week being processed through that platform. And it’s now servicing, in a unified way. multiple different products—detection and response, endpoint, vulnerability management, awareness training and some incident response use cases—all in a centralized, easy-to-use way for our customer base. The second piece was really around how we would set that platform up—and set the data within the platform up—in a way that it would allow us to really reimagine the SOC. I think this is a revolutionary change in the marketplace. Cybersecurity has always suffered from a multitude of tools that add a ton of complexity to a customer’s environment, which is behind the drive toward platforms, which we’ve addressed. But secondly, even with a platform, how do I operationalize these platforms into my environment or into my ecosystem, when I may or may not have all the requisite skillsets to be able to make them work in my environment? And that’s where I think the age of AI could really transform and revolutionize the Security Operations Center—which is, arguably, the only proven solution to combating cyber risk.

How do you envision this SOC transformation occurring because of AI?

You move the skills gap within cybersecurity to being able to be serviced by AI and an agentic framework. We’ve spent a lot of time building the platform, building the knowledge graphs on top of that platform, so that we can make use of not only the data, but the diversity of that data—[which comes from] 10,000 customers across hundreds of different sources of telemetry. Then also, [we have] probably approaching 100 million people hours of real-world SOC experience to provide this context to the agents, so that we can build something out that is provably workable in a customer’s environment. We have the world’s largest SOC to continue to iterate, tune and do reinforcement learning on what we’re building with regards to AI as well. So there’s this massive opportunity here to take the core of what Arctic Wolf’s offering has always been around security operations—take the scale of the operation that we have built on top of the platform that we have built—and leverage those key ingredients to deliver a revolutionary change in the cyber market. That is where you can get these skillsets [delivered] via technology.

When you say, “world’s largest SOC,” is there a certain metric you’re looking at?

There’s a few things. One is the volume and diversity of the datasets. And two is just the resources that we have behind it, with regards to skills and expertise. [Headcount] is part of it, with regards to skills and experience, but only a piece of the overall pie—which is rounded out by significant volumes of data and diversity of that data, with regards to the sources of the telemetry and the sources of the information.

Given that many of the major endpoint security leaders are now getting into SOC platforms, how big of a competitive boost is Arctic Wolf getting from having its own endpoint offering?

EDR has been great for us. I think customers and the market, by and large, are starting to move value further toward the outcomes, away from individual tools. So it was really important that we had the ability to perform a capability for a customer if they wanted to leverage our broader platform, and [with] endpoint being one of those critical attack surfaces. But I think what our customer base is really valuing is the combination of endpoint with our platform, and the manner in which we deliver them security operations. We’ve seen that resonate across the board, with regards to all different industry verticals, all different industry segments and sizes of organization. It’s something that has really helped propel Arctic Wolf into the platform space, materially. But it also gears us up really well to be able to show what I think is arguably going to be the largest differentiation for Arctic Wolf—which is how to leverage the platform, our expertise and our capabilities on the various attack surfaces, to be able to really revolutionize how the SOC is embedded in a customer’s environment.

Why specifically does having your own endpoint offering make the SOC platform stronger?

No. 1, customers are looking to reduce complexity in their environment. They can do so with a best-in-class application on top of a platform. I think the Aurora endpoint solves that problem for customers. No. 2, generally speaking, when you’re leveraging a platform as opposed to a multitude of different disparate capabilities or tools, you get some economies of scale. Customers can save some money and get the same or better outcome. And then thirdly, by adding the endpoint to our platform, it allows us to enter and/or have strength in areas that require that telemetry source. So for example, we’re able to do a lot more with regards to our incident response business, and we’re able to leverage the endpoint in that incident response practice to be able to deliver outcomes more effectively or efficiently for customers. However, I think it’s important to remember that our platform is an open platform. So while we have our own endpoint, we also know that customers have long-term contracts with other endpoint providers, or have had luck with other endpoint providers, and that’s OK. And the reason it’s OK is that we know that over time, as a customer leverages our platform and gets the benefit of what we’re building with Alpha AI, and understands the manner in which we can deliver some of those beneficial outcomes—that they’ll look towards our endpoint as well. And as a result, because it’s our own product, they could expect a tighter integration, some economies of scale, and some additional benefits that might not be quite as readily accessible if you’re leveraging a third-party endpoint.

What is the biggest opportunity in 2026 for your partners, especially MSPs, in working with Arctic Wolf?

I think the biggest opportunity is to really lean in to the Arctic Wolf platform. We have four core products now. It’s not enough to just have a great platform. You have to have great applications and products on top of that platform. And we do. I think the platform solves a multitude of problems for end customers and drives efficiencies within their SOC. And I think the outcomes that the platform can deliver are really important for the channel community to lean in to and understand—but also to understand how the security operations and the use of AI will come together, in terms of the way in which they’ll integrate with Arctic Wolf. But it’s also about the way in which they’ll talk to, integrate and work with their customer bases. Because I do think it will become a pretty material focus of conversation.