Sophos, a global cybersecurity company, said artificial intelligence (AI) now handles more than half of the security incidents processed by its Managed Detection and Response (MDR) service, helping organizations respond to cyber threats in as little as 89 seconds.
Sophos reported that 52% of MDR cases are now resolved end-to-end by AI without requiring human intervention, based on operational data collected over the past 12 months. The capability is part of its “agentic” Security Operations Center (SOC), where AI systems can take approved actions automatically while human analysts focus on more complex threats.
The company also reported 39% year-over-year growth in its MDR business, which now serves 40,000 customers worldwide.
“The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production,” said Raja Patel, president, Sophos. “When you run the world’s largest SOC, every threat encountered makes every customer’s defense stronger.”
Cybersecurity teams worldwide continue to face growing challenges as cyberattacks become more sophisticated and organizations struggle to find enough skilled security professionals. Sophos said its AI-driven approach is designed to address this gap by automating routine threat detection and response tasks.
Through Sophos Central, the company combines data from endpoints, firewalls, identity systems, networks, email platforms, cloud services, security information and event management (SIEM) tools, and threat intelligence sources into a single platform. The system also supports more than 350 third-party integrations, including Microsoft environments.
According to Sophos, the platform processes tens of millions of security detections daily, filtering out false alarms and highlighting incidents that require action.
The company said its fastest automated responses now take an average of 89 seconds from case creation to resolution for incidents authorized for AI handling. Sophos believes this speed is critical as cybercriminals increasingly use AI tools to accelerate attacks.
Sophos uses two operating models within its SOC. A human-on-the-loop approach allows AI to handle high-volume tasks under analyst supervision, while a human-in-the-loop process requires analyst approval for high-risk or business-critical decisions.
As AI takes over many Tier 1 and Tier 2 security tasks, analysts are spending more time on threat hunting, investigations, customer guidance, and oversight of automated systems.
“The 52% gets the attention, but the 48% is just as important,” said Rob Harrison, SVP product management, Sophos. “When AI takes the volume off the human queue, our analysts get the bandwidth to do the work that requires their judgment: the novel attack patterns, the high-stakes decisions, and the cases where context and business implications matter.”