Escalating cloud adoption has multiplied organisations’ digital footprints—and their exposure to credential abuse, misconfiguration, and ransomware. This study examines how artificial intelligence (AI) analytics embedded in next‑generation Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) platforms can fortify cloud defences while relieving Security Operations Centre (SOC) fatigue.

An extensive literature review was combined with an empirical evaluation in a production‑like enterprise cloud environment that fused a modern, data‑lake‑based SIEM, a vendor‑agnostic XDR layer, and a generative‑AI assistant orchestrating automated playbooks. Three realistic attack chains—phishing‑led account takeover, multi‑stage ransomware, and shadow‑IT data exfiltration—were replayed. Key metrics captured were mean time‑to‑detect/‑respond (MTTD/MTTR), incident‑correlation precision, and false‑positive rate.

AI‑assisted correlation collapsed hundreds of raw alerts into single contextual incidents, cutting analyst triage time by 96 %. Behaviour‑profiling models in the XDR layer reduced false positives by 89 %, while automated, AI‑guided playbooks contained live ransomware in under five minutes—an 18‑fold improvement over manual response. Overall, AI integration shortened MTTD and MTTR from hours to minutes across all scenarios.

The findings demonstrate that AI‑enabled SIEM/XDR can transform cloud security from reactive monitoring to proactive, autonomous defence, simultaneously boosting protection and SOC efficiency. Future work will explore reinforcement‑learning agents for dynamic policy tuning and assess interoperability among heterogeneous XDR components in complex multi‑cloud environments.