In November 2025, a tier-1 analyst at a US regional bank watched Claude take over her browser, pivot from a Splunk alert to ServiceNow, open the related ticket, query CrowdStrike Falcon for the host, pull the user from Okta, and draft the containment ticket. She approved one step, denied another, and closed the incident in eleven minutes. Her previous average for the same alert class was forty-three minutes.
That is Anthropic's Computer Use capability in production. It graduated from public beta in October 2024 and crossed into what most enterprises consider production-class in Q4 2025, when Claude Sonnet 4.5 hit a 61.4% success rate on OSWorld, the cross-application benchmark for computer-using agents. The previous best was 38%. Gartner is now forecasting that 25% of SOC tier-1 work will be agent-mediated by end of 2026, up from less than 3% at the start of 2025.
What actually changes inside the SOC
Three things are shifting at once, and only one of them is the obvious one.
The triage queue collapses
Computer Use closes the gap that SOAR platforms never closed. Phantom, Tines, Torq, and Cortex XSOAR all required someone to build the playbook in advance. Computer Use does not. You point Claude at the analyst's screen, give it a runbook in plain English, and it reads the dashboards a human would read. That removes the build-cost economics that kept SOAR adoption uneven. According to a CSA survey published in February 2026, 68% of SOC managers said playbook authoring was the top blocker on their automation program. Computer Use makes that blocker mostly disappear.
The audit trail problem gets worse before it gets better
When a human pivots from Splunk to ServiceNow to Okta, every system logs the human. When Claude does it, every system logs the service account Claude is using. Unless you instrument the bridge, you lose the chain that says “Claude was acting on behalf of analyst Maria, who approved step three at 14:22:08.” The MAST framework that OWASP published in January 2026 calls this out as Risk MAST-AGT-04 (Agent Action Attribution), and it is going to be a finding on every SOC 2 Type II report in 2026 unless your MSP has solved it.
The analyst job becomes governance, not triage
The skill that mattered last year was speed in a console. The skill that matters now is writing the policy that says when Claude is allowed to click and when it has to stop and ask. Forrester's Q1 2026 Now Tech for Security Operations puts “agent policy authoring” as a new top-five skill for tier-2 analysts. The same report estimates that 40% of SOC headcount budget will shift from L1 toward L2 governance roles by 2027.
What MSPs are getting wrong about this
The reflex move is to add Computer Use to your existing SOC offering and price it as a productivity gain. That is the wrong frame for three reasons.
- The liability geometry changes. When a human analyst clicks the wrong button on a customer's tenant, your professional liability carrier handles it. When Claude clicks the wrong button, the question of whose policy authorized that click is open in most MSP contracts written before 2026. The American Bar Association's Cyber Practice Group flagged this in their March 2026 advisory.
- Per-seat pricing breaks. The whole point of agent-mediated work is that one analyst supervises five-to-ten parallel sessions. If your MSA bills per analyst-FTE, you are leaving margin on the table or, worse, your customer renegotiates as soon as they figure out the math.
- SIEM-native vendors are about to repackage this. Splunk's announcement at .conf 2025 made it clear that an agent layer is coming inside the platform. Conifers, Torq, Prophet, and Radiant are all racing to ship Claude-native or model-agnostic agent overlays. If your MSP is not building governance-first, you will be reselling someone else's agent in eighteen months.
The MSP playbook for 2026
This is where AiT SOC Sentinel sits in our stack. Sentinel is not a Computer Use replacement and it does not try to be. It is the governance plane around it. The product solves three concrete problems: it captures the action-attribution trail (which analyst's policy authorized which agent click), it enforces step-approval gates on customer-defined risk thresholds, and it keeps the multi-tenant boundary clean so an agent acting on Customer A's tenant cannot pivot into Customer B.
The companies who get this right will look like Arctic Wolf circa 2018, but with a 4x leverage ratio on tier-1 work. The companies who do not will be reselling Conifers or Prophet by 2027, and the customers will know it.
What to ask your current MSP this week
- Are any of your analysts using Computer Use, Claude Code, or any computer-using agent today on our tenant? Show me the audit trail for the last seven days.
- If yes, who at your firm signs off on the policy that says what those agents are allowed to click? Show me the policy document and the date it was last reviewed.
- If a Claude session takes a wrong action on our environment, what does our MSA say about liability? Get me a written answer from your legal counsel by end of Q2.
- What is your roadmap for action-attribution logging across the agent boundary? If the answer is “we are watching the space,” that is a problem.
Get the Sentinel governance playbook
We wrote a 14-page reference architecture on agent-mediated SOC operations: action attribution, step-approval gating, multi-tenant boundary enforcement. It is the same pattern we run on our own tenant.
The bottom line
The bottom line: the SOC analyst job is not going away in 2026, but the analyst who survives is the one who writes agent policy, not the one who clicks fastest. MSPs that ship governance-first will own this transition. MSPs that bolt Computer Use onto an unchanged operating model will be the case studies in the 2027 Forrester report on why agent-era SOC contracts churned.