< Go Back
Blog

Automating Incident Response with Agentic AI – A Live Demonstration


In a world where cyber threats are advancing at an unprecedented pace, businesses face the challenge of staying one step ahead. In this webinar, Moritz Mann, Craig Jones, and Meena Rajendra explore the revolutionary role that agentic AI is playing in modern security operations, including practical applications and a live demonstration of Ontinue’s Autonomous Investigator – a capability that has been in production since late 2024. 

The Changing Landscape of Cyber Threats

Moritz Mann opens with a discussion of the evolving cyber threat landscape. Cybercrime is no longer a niche issue but has escalated to alarming proportions. If measured as an economy, cybercrime would rank as the third-largest GDP globally, contributing a staggering $8 trillion in damages annually and growing at a compound annual growth rate of 15%.

This growth is attributed to increasingly scalable and efficient attacks, many of which leverage AI. AI democratizes access to tools that simplify coding, writing, and various tasks, but it also empowers attackers. For example, AI-generated phishing emails show click-through rates of 45-55%, significantly higher than the 12% rate for human-written ones. These targeted, ambiguous, and polymorphic attacks are becoming more challenging to detect, presenting new hurdles for security teams worldwide.

The Challenges Faced by Security Operations Centers (SOCs)

Today’s SOCs are facing several critical challenges:

  • Information sharing and collaboration: Ineffective practices lead to delayed incident resolution, with 68% of SOCs struggling to manage breaches promptly.
  • Alert overload: Security teams are increasingly overwhelmed by high-priority alerts, making it difficult to prioritize and respond effectively.
  • Missed incidents: The sheer volume and sophistication of attacks result in overlooked threats, further compounding security vulnerabilities.

Agentic AI: A Game-Changer in Incident Investigation and Response

Agentic AI represents a paradigm shift in security operations. Unlike conventional AI, it introduces agency, enabling systems to solve complex problems autonomously without human intervention. This approach is not only innovative but essential in addressing the challenges posed by modern cyber threats.

According to Mann, agentic AI bridges the gap between defenders and attackers, offering a proactive solution that can scale efficiently to counter the cost-effective yet devastating attacks we see in the market. By leveraging AI, security operations can regain the upper hand, ensuring faster threat detection, more effective responses, and streamlined workflows.

Real-World Applications

To illustrate the practical benefits of agentic AI, Craig Jones shares how ION MXDR uses agentic AI to go further in customer investigations. Craig and Meena provide insights from a practitioner’s perspective, demonstrating how agentic AI gives them a significant head start on every investigation, improving mean time to investigate on behalf of customers.

Meena’s live demo showcased how agentic AI augments Ontinue Cyber Defenders in their investigations:

  • The starting point of every ION investigation is an actionable investigation report, based on an automated investigation that the ION SecOps platform has run in advance.
  • The automated investigation is hypothesis-based, using human-level reasoning, planning, and execution.
  • Meena showed how every step of the automated investigation is auditable, down to the KQL query used or choice of tool.
  • Meena explained how the result is an actionable report that is comparable to having a senior human analyst pre-investigate the incident for them. Meena and her team are always in the driver’s seat as to how to use the investigation report.
  • Meena also highlighted how her team provides direct feedback to the AI system on the reasoning and choices of the autonomous investigator, all within the workflow of their investigations. Additionally, Meena and her team meet regularly with the Ontinue AI Engineering team to provide qualitative feedback on how the autonomous investigator can further improve their ability to investigate and resolve incidents on behalf of customers.

Why Now is the Moment for Agentic AI

The adoption of agentic AI is not just a response to current trends but an essential evolution in the cybersecurity industry. With attackers leveraging AI to create more sophisticated and scalable threats, defenders must embrace similar tools to stay competitive.

As Mann notes, modern SecOps teams need AI to “even the odds” against attackers and, ideally, outpace them in terms of efficiency and scalability. By integrating AI into their operations, organizations can achieve a more balanced and proactive security posture, protecting critical assets and maintaining business continuity.

Sharing
Keywords

Related Articles

Blog
Defend Your Time: Applying Agentic AI to SecOps (Part 1 of 3)

Read More >
Blog
Defend Your Time: Applying Agentic AI to SecOps (Part 2 of 3)

Read More >
Blog
Defend Your Time: Applying Agentic AI to SecOps (Part 3 of 3)

Read More >