Most domains deploying agents are discovering the same problem: the agent completes the task, the output is contestable, and there's no workflow for contesting it. Security operations is the interesting exception. SOC workflows have always assumed that technically correct outputs can be operationally wrong, and they built accordingly.
False positive classification, severity reassignment, escalation queues, evidence timelines. These predate any agent. When Microsoft's Dynamic Threat Detection Agent generates an alert at 80.1% precision across tens of thousands of Defender customers, that alert flows into an existing incident queue with existing triage vocabulary. A miscategorized finding already has a name and a correction path.
The phishing-triage RCT showed something subtler: analysts spent 53% more time on malicious emails when agent-augmented, not less. The queue shaped attention rather than replacing judgment. The middle case had somewhere to land, so it landed well.
NIST 800-61 Rev. 3 names the two hardest detection problems as volume and false-positive adjudication. SOC built its operational grammar around those problems decades before agents arrived. Every other domain deploying agents is now trying to invent that grammar on the fly.
The pre-existing infrastructure: SOC workflows already have named incidents as work objects, severity taxonomies, false-positive classification, escalation paths, evidence timelines, queue prioritization, and post-incident review. Built for human analysts, they absorb agent output without modification.
DTDA design detail: Outputs that fail validation are suppressed, not emitted. The agent's architecture assumes it will be wrong sometimes and builds around that assumption.
Phishing RCT results: 6.5x more true positives per analyst minute, 77% better verdict accuracy, no observed rubber-stamping of malicious verdicts.
The caveat: Published precision data is vendor-authored. Independent teams haven't broadly shared false-positive rates or analyst trust metrics. Whether agent-generated alerts reduce or merely redistribute alert fatigue remains an open question at scale.

