Saved in:
Bibliographic Details
Main Authors: De La Cruz, Elyson A., Sahay, Rishikesh, Mamun, Md Rasel Al
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.09534
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917479143440384
author De La Cruz, Elyson A.
Sahay, Rishikesh
Mamun, Md Rasel Al
author_facet De La Cruz, Elyson A.
Sahay, Rishikesh
Mamun, Md Rasel Al
contents Engineering managers increasingly must decide how to introduce generative artificial intelligence (AI), retrieval-augmented generation, and coding agents into high-risk operational functions without weakening accountability, privacy, cost discipline, or auditability. The central message of this study is that AI-assisted operational decision support should be managed as a governed engineering capability before it is scaled as automation. Security operations centers (SOCs) provide a suitable setting because they combine privileged telemetry, specialist expertise, software repositories, cloud services, and evidence-sensitive decisions. This study uses Kusto Query Language (KQL) and Microsoft Azure security capabilities as a bounded technical instantiation of that broader engineering management problem. KQL is read-only in ordinary query use, but read-only does not mean risk-free: AI-assisted queries can still create privacy, cost, performance, schema-validity, and decision-quality risks through broad scans, sensitive-field exposure, stale intelligence, and misleading interpretations. Using design science research, the study develops a governed AI query-broker artifact that separates AI planning from operational execution through schema-grounded retrieval, approved templates, policy validation, read-only adapters, normalized outputs, auditable agent traces, and engineering review board gates. The contribution is not a new KQL technique, security product, or detection algorithm. Rather, the study contributes a management framework for governing AI-assisted operational decision support in high-risk digital infrastructure by specifying design propositions, role accountability, maturity stages, quality gates, evaluation criteria, and evidence boundaries.
format Preprint
id arxiv_https___arxiv_org_abs_2605_09534
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Governing AI-Assisted Security Operations: A Design Science Framework for Operational Decision Support
De La Cruz, Elyson A.
Sahay, Rishikesh
Mamun, Md Rasel Al
Cryptography and Security
Artificial Intelligence
Engineering managers increasingly must decide how to introduce generative artificial intelligence (AI), retrieval-augmented generation, and coding agents into high-risk operational functions without weakening accountability, privacy, cost discipline, or auditability. The central message of this study is that AI-assisted operational decision support should be managed as a governed engineering capability before it is scaled as automation. Security operations centers (SOCs) provide a suitable setting because they combine privileged telemetry, specialist expertise, software repositories, cloud services, and evidence-sensitive decisions. This study uses Kusto Query Language (KQL) and Microsoft Azure security capabilities as a bounded technical instantiation of that broader engineering management problem. KQL is read-only in ordinary query use, but read-only does not mean risk-free: AI-assisted queries can still create privacy, cost, performance, schema-validity, and decision-quality risks through broad scans, sensitive-field exposure, stale intelligence, and misleading interpretations. Using design science research, the study develops a governed AI query-broker artifact that separates AI planning from operational execution through schema-grounded retrieval, approved templates, policy validation, read-only adapters, normalized outputs, auditable agent traces, and engineering review board gates. The contribution is not a new KQL technique, security product, or detection algorithm. Rather, the study contributes a management framework for governing AI-assisted operational decision support in high-risk digital infrastructure by specifying design propositions, role accountability, maturity stages, quality gates, evaluation criteria, and evidence boundaries.
title Governing AI-Assisted Security Operations: A Design Science Framework for Operational Decision Support
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2605.09534