A six-month practitioner study documents a consistent gap between vendor claims and operational outcomes for AI-assisted detection, triage, and SOAR tooling deployed in live SOC environments, with tuning cycles, alert quality issues, and analyst trust deficits identified as primary friction points. This is not a CVE or campaign item but represents an operational risk signal relevant to CISOs evaluating or managing AI SOC tooling investments. Organizations should audit triage override rates, tuning cycle status, and integration dependencies for deployed AI tools, and require proof-of-concept performance validation using their own telemetry before procuring new AI SOC capabilities.