Organizations overwhelmed by a deluge of security alerts and the escalating complexity of modern networks now have a new tool to reclaim operational efficiency. This week, a leading secure access service edge (SASE) vendor unveiled an AI-driven platform layer designed to automate repetitive tasks in security operations centers (SOCs) and network operations centers (NOCs). The new offering, called AgentSkope, embeds artificial intelligence agents directly into the vendor’s SASE platform, enabling them to triage alerts, investigate incidents, and manage policies without requiring data to be exported to external systems.
The announcement addresses a persistent challenge: According to internal surveys, nearly 40% of alerts in SOCs and NOCs go uninvestigated due to a lack of skilled personnel. As cyber threats grow more sophisticated and network environments expand with cloud adoption, human analysts find themselves drowning in low-priority alarms. The vendor’s CEO emphasized that AgentSkope acts as an “autonomous force multiplier,” providing a shared architectural foundation that allows organizations to easily deploy AI agents capable of executing end-to-end workflows. By abstracting away operational complexity, the platform aims to free up skilled staff for strategic initiatives while enabling defenses to adapt at the speed of business.
AgentSkope is not a standalone tool but a framework deeply integrated into the vendor’s SASE data layer. This design means AI agents can analyze and act on streaming telemetry, logs, and configuration data in real time, without moving large volumes of information to third-party analytics platforms. According to the company’s product and solutions marketing director, running agents directly on data sources reduces the need for costly data transfers and avoids additional integration burden. The result is faster insight generation and lower total cost of ownership, particularly for organizations already using the vendor’s SASE services.
With this launch, six AI agents become available, each targeting a specific operational domain. The DLP AISecOps Agent automates the triage of data loss prevention alerts, filtering out false positives and surfacing only priority cases that require human attention. The Insider Threat AISecOps Agent correlates user behavior with DLP data to identify potential internal risks, such as data exfiltration by disgruntled employees. For network access, the Private Access AIOps Agent audits existing VPN and zero-trust access settings, then generates policy recommendations based on actual usage patterns. The DEM Data Intelligence Agent converts raw telemetry from digital experience monitoring into actionable troubleshooting insights, while the DEM Insights Agent highlights performance issues and trends across cloud and on-premises environments. Finally, the CCI Insights Agent allows security teams to query cloud and SaaS risk data using natural language, removing the need for complex query languages. All agents, except the Insider Threat agent currently in private preview, are generally available immediately.
Industry analysts see this move as a necessary evolution in cybersecurity automation. As one research manager from IDC noted, in the face of an AI-fueled threat landscape, CIOs and CISOs must invest in agentic security automation as a force multiplier to enhance skilled human resources. The ability to intelligently triage threats, manage the increasing scope of modern attacks, and keep pace with new AI models can no longer remain a manual process. The vendor’s architecture aligns with the broader trend of agentic AI, where autonomous agents execute multi-step workflows rather than simply generating responses. In this case, agents can gather data, triage risks, initiate IT service tickets, or notify analysts, but they never take final action without human approval. This balances the efficiency gains of automation with the necessary oversight to avoid unintended consequences.
The emphasis on human oversight is deliberate. The vendor’s executives have stressed that while agents can autonomously collect evidence and suggest remediation steps, a security team member must review findings and direct the agent to act. This is especially critical in high-stakes environments where a misconfiguration or false positive could disrupt business operations. The platform’s natural language interface makes it accessible to less technical operators, while still giving experienced analysts fine-grained control. By providing a single interface to configure all agents and ensure they access all relevant data sources without additional integrations, the vendor aims to reduce internal development bottlenecks that often stall automation projects.
Beyond the immediate productivity gains, AgentSkope also promises cost savings in data management. By processing alerts and log information directly within the SASE platform, organizations can reduce the volume of data sent to security information and event management (SIEM) systems. Many enterprises pay large SIEM bills based on data ingestion volumes, and a significant portion of that data is low-value alerts that could be handled by an AI agent. By filtering and enriching alerts at the edge, AgentSkope helps lower SIEM costs while maintaining visibility into critical threats. This aligns with the growing trend of “data-first” security architectures that prioritize processing data closer to its source.
The timing of the announcement reflects a market in transition. As network and security teams grapple with hybrid work, multicloud deployments, and an expanding attack surface, manual processes are no longer sustainable. The vendor plans to expand its agent portfolio on a monthly basis, adding new capabilities for areas such as cloud security posture management, endpoint detection, and automated incident response. The agentic AI framework is designed to be extensible, allowing customers and partners to develop custom agents using the same underlying infrastructure. For now, early adopters can begin deploying the six launch agents to reduce alert fatigue, improve mean time to respond, and allow human experts to focus on the most complex and business-critical incidents.
The shift toward AI-driven automation in SOCs and NOCs is inevitable, but the vendor’s approach of embedding agents directly into a SASE data plane offers a unique combination of speed, context, and control. Instead of bolting a chatbot on top of existing tools, the new platform weaves intelligence into the fabric of network and security operations. This ensures that agents have access to the richest possible context—real-time traffic flows, user behavior, threat intelligence, and policy changes—all without leaving the platform. As one industry observer noted, the era of passive alert dashboards is fading; the next generation of operations centers will rely on autonomous agents that act as virtual team members, tirelessly triaging the noise so human analysts can focus on strategic defense. With AgentSkope now generally available, that future is one step closer.
Source: Network World News