PwC announces QA analyzer agent, bringing Security Operations Centers complete incident transparency

Example pattern for mobile
Example pattern for desktop

Chris O'Connor

Managing Director, Cyber Managed Services, PwC US

Email

Rich Kneeley

Managing Director, Cyber, Data and Technology Risk, PwC US

Email

PwC’s new AI agent reviews every security ticket, giving SOC and business leaders assurance that quality is holding across the overall operation, even as threats accelerate.

Many Security Operations Centers run on a blind spot. Phishing attempts, endpoint detections, and SIEM-generated incidents all carry real risk if mishandled, but the sheer daily volume often makes thorough review impossible. Instead, teams sample, usually about 10%, leaving most closed security tickets unreviewed. This gap in QA coverage can allow issues to go undetected. Quality can also vary from analyst to analyst, making consistent standards hard to enforce. The result is a QA process that’s largely reactive. By the time an issue is caught and feedback delivered, the same mistake has often already recurred across dozens of tickets.

From sampled QA to full coverage

PwC's QA analyzer agent was built to close this gap. The solution can automate the quality assurance review of analysts' tickets by assessing work against client-specific standard operating procedures (SOPs) and industry-recognized frameworks such as NIST and MITRE ATT&CK, identifying gaps and scoring ticket quality in real time.

Each finding is annotated and traceable back to the ticket that produced it, and accuracy improves over time as reviewers confirm or correct what PwC's solution flags. Instead of relying on partial sampling and guesswork, this enables consistent, objective QA across the overall ticket population.

The deeper change is in what full coverage quality assurance can reveal. A 10% sample can catch an individual analyst who skipped a step but struggles to show whether that lapse is isolated or systemic, a single error or a fault line running through the operation.

Total coverage makes that distinction plain. A high-risk phishing playbook applied inconsistently across nearly a third of cases is exactly the kind of systemic issue that sampled review can miss for months. Patterns like this become visible only when the overall population of work is analyzed.

What changes when QA scales

  • 100% of ticket reviewed, instead of ~10% sampling
  • Issues caught earlier, before the mistake recurs across dozens of tickets
  • Patterns across the full ticket population identify systemic causes, like SOP gaps or training needs, which sampling is more likely to miss
  • Hands-on QA drops to about an hour a week, so reviewers can focus on dashboards and AI-surfaced insights instead of working through tickets one at a time
  • Analyst time redirects to higher-value work such as threat investigation, process improvement, and client-facing activities

The result is a SOC that can absorb higher volume without adding headcount.

What full-coverage QA can make possible

Full coverage can replace guesswork with a complete view of the work and the insights to act on it. With PwC's QA analyzer solution, SOC leaders can see how the operation is performing, find the weaknesses that matter, and act on them before small gaps become patterns. This turns quality assurance from a routine check into a real security advantage. As threats multiply and grow more capable each quarter, reviewing only a sample of the work is a risk fewer business can afford to take.  

Improve QA visibility across your SOC

See how AI-enabled QA can expand coverage and uncover systemic operational issues.

Learn more

Next and previous component will go here

Follow us