Back

AI Enhancements in SOCs Transform MDR Response Times

Severity: Low (Score: 39.9)

Sources: Msspalert

Published: 2026-05-29 · Updated: 2026-05-29

Keywords: sophos, agentic, real, response, security, business, cases

Severity indicators: mss

Summary

Sophos has implemented an agentic SOC model in its managed detection and response (MDR) service, achieving an average case resolution time of 89 seconds. This model, which utilizes AI to automate responses, has allowed AI to close 52% of cases without human intervention. The company reports a 39% year-over-year increase in customers, now protecting 40,000 organizations. The shift towards AI in security operations is driven by demands for faster response times and improved outcomes. However, governance and trust in AI's decision-making processes remain critical challenges for managed security service providers (MSSPs). Additionally, Google Cloud launched its AI Threat Defense platform to help organizations identify and remediate vulnerabilities more efficiently. The evolving landscape of cybersecurity emphasizes the need for MSSPs to adapt to AI technologies while managing the complexities of modern attack surfaces. Key Points: • Sophos's agentic SOC model reduces MDR response time to 89 seconds. • AI handles 52% of cases autonomously, allowing analysts to focus on complex tasks. • Google Cloud introduced AI Threat Defense to enhance vulnerability management.

Detailed Analysis

**Impact** Sophos MDR now protects 40,000 customers globally, with a 39% year-over-year increase, indicating broad adoption across multiple sectors. AI-driven automation resolves 52% of MDR cases end-to-end, reducing response times to 89 seconds for authorized cases. MSSPs face operational pressure to deliver faster, scalable security services without proportionally increasing analyst headcount. Increased use of SaaS, browser tools, and remote access expands attack surfaces, with 82% of IT professionals reporting web-based security incidents and half experiencing moderate to severe impacts. **Technical Details** The primary attack vectors involve stolen credentials, cookie theft, and activity mimicking normal user behavior across SaaS and web platforms. AI is integrated into SOC workflows using agentic models that automate routine triage and response, with human analysts providing oversight and handling complex cases. Google Cloud’s AI Threat Defense platform combines Gemini, Wiz, CodeMender, and Mandiant tools to predict attack paths, validate risks, and accelerate remediation across cloud, code, identity, and runtime environments. No specific malware, CVEs, or IOCs were detailed in the articles. **Recommended Response** Organizations should implement AI-driven detection and response platforms with clear governance frameworks defining AI and human roles. Continuous validation of security controls against real-world attack paths, such as those mapped to MITRE ATT&CK, is advised. Monitoring identity, browser activity, SaaS risk, and exposure validation should be prioritized to detect credential theft and anomalous behavior. Defenders should focus on maintaining human oversight of AI responses and ensure transparent documentation of automated decisions.

Source articles (2)

  • Sophos Says Agentic SOC Cuts MDR Response Time to 89 Seconds | brief — Msspalert · 2026-05-28
    Sophos says its managed detection and response business is now operating on an agentic SOC model that uses AI to investigate and respond to a large of security cases. The company reported that Sophos…
  • MSSP Market News: AI in the SOC is getting real for MSSPs — Msspalert · 2026-05-29
    AI in security operations is starting to feel a lot more real. Sophos put a clear number behind that with its agentic SOC update, saying its MDR business is now using AI to resolve authorized cases fr…

Timeline

  • 2026-05-28 — Sophos announces agentic SOC model: Sophos reveals its MDR service now resolves cases in 89 seconds using AI, impacting 40,000 customers.
  • 2026-05-29 — Google Cloud launches AI Threat Defense: Google Cloud introduces an AI-powered cybersecurity platform to help organizations manage vulnerabilities faster.

Related entities

  • seconds.it (Domain)
  • Google AI Threat Defense (Platform)
  • Ping Identity Platform (Platform)
  • Torq AI SOC Platform (Platform)
  • Google Cloud (Tool)
  • AttackIQ (Tool)
  • Mitre Att&ck (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed