SOC pipelines look sophisticated on architecture diagrams, but in reality they behave more like a collection of enthusiastic components trying their best under questionable conditions. Everyone wants reliable detections, but most teams still test with one or two replayed incidents and a quiet hope that nothing unexpected happens. Foundation models finally give SOCs something better…