Sophos Agentic Soc Cuts Threat Response to 89 Seconds

Cybersecurity firm reports 40,000 MDR customers and one year of production data from its AI-powered security operations model.

Sophos has reported new production results from its agentic Security Operations Center, showing how artificial intelligence and human cybersecurity expertise are working together to reduce threat response times at scale.

According to the global cybersecurity company, its Sophos Managed Detection and Response service now protects 40,000 customers worldwide, reflecting 39% year-on-year growth.

The company said its AI-powered operating model can move from case creation to fully automated response in 89 seconds for cases where AI is authorized to take action.

Sophos also reported that 52% of MDR cases were closed end-to-end by AI without human intervention, within boundaries continuously monitored and calibrated by human analysts.

The results come after a full year of agentic operation inside Sophos MDR.

Sophos said the growing volume of security telemetry, increasingly complex technology environments, and shortage of cybersecurity talent have made traditional SOC models harder to scale.

Through Sophos Central, described by the company as an AI-native cybersecurity defense system, endpoint, firewall, identity, SIEM, network, email, cloud, threat intelligence, and MDR data are brought together into one shared operating environment.

This unified context allows AI agents to suppress noise, correlate signals, and surface cases that require action.

“The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production,” said Raja Patel, President of Sophos.

Sophos operates both human-on-the-loop and human-in-the-loop models.

For high-volume and well-defined security actions, AI can respond quickly under analyst-defined controls. For high-risk or complex incidents, human analysts remain directly involved in decisions where judgment, business context, and threat novelty matter.

Rob Harrison, Senior Vice President of Product Management at Sophos, said AI helps remove repetitive volume from analyst queues, giving security experts more time for threat hunting, investigations, customer advisory, and governance.

Sophos said the agentic model will continue expanding across its cybersecurity portfolio through Sophos Central in 2026, including XDR, next-generation SIEM, secure AI capabilities, and Sophos CISO Advantage.

The company has also cited recognition from G2, Gartner Peer Insights, and KuppingerCole for its MDR and broader cybersecurity portfolio.

Sophos’ agentic SOC shows how AI can help security teams respond faster to cyber threats while keeping human judgment focused on the highest-risk and most complex decisions.