I've worked with companies whose infosec dept. is little more than "see tool alert, ask user what's going on", and then keep searching for the right _tool_ than injecting any human agency in that loop.

If any role is ready for an LLM to take over (or even a shell script), it's that one.