Securonix brings autonomous decision-making to security operations

Securonix announced the next phase of Securonix EON, introducing modular GenAI Agents. These specialized, decision-capable agents are designed to perform high-impact jobs to be done (JTBD) across the threat detection, investigation, and response (TDIR) lifecycle. These intelligent security agents represent the future of security operations: autonomous, explainable, human-aligned—and ready to scale with the threat landscape.

“Our customers and prospects are interested in increasing the efficiency and accuracy of their Security Operation Centers, and reducing the burden on their SOC analysts,” said Kash Shaikh, CEO of Securonix. “Our innovations in agentic AI as a part of EON directly target this demand, and have been a driving factor in our new business growth, which has grown 40% year-over-year. The market is demanding a future-proof platform that unifies SIEM, SOAR, UEBA and Data Pipeline Management, all scaled with an agentic AI experience. Securonix is responding.”

This next phase moves Securonix EON beyond co-pilot assistance into modular autonomy, with AI agents that can function independently while aligning with human intent and organizational policies. With these innovations, Securonix offers a pathway to agentic mesh, a new open architecture that enables agent-to-agent communication not just within the platform, but across third-party tools and vendor ecosystems. By leveraging standard-based protocols and APIs, our agents can exchange data, trigger actions, and cooperate with any compatible system—extending the mesh beyond Securonix to wherever your defenses live.

“At NTT DATA, we believe the future of cybersecurity will be shaped by agentic AI—technology that can think, adapt, and act autonomously. We’re excited to partner with Securonix as they lead this shift. Their vision for an intelligent, agent-driven SOC aligns closely with our commitment to innovation, resilience, and delivering next-gen security outcomes at scale,” said Pranay Anand, VP of Technology Solutions, NTT DATA.

Modular multi agents built for security jobs to be done

The new agents are each purpose-built to take on jobs to be done in security operations by every member of the team and relieve cumbersome SOC analyst 1/2/3 workloads by up to 50%. Together, they streamline detection, investigation, and response so your team can focus on what matters most:

Policy Agent: Turns analyst intent into high-precision detection content, faster. Policy Agent transforms natural language objectives into deployable detection rules. It simulates outcomes before deployment, flags issues, and enables analysts to craft and refine detection content with unprecedented speed and clarity.

Response Agent: Accelerates threat response by executing high-confidence containment actions without delay. When a validated threat is detected, the Response Agent initiates containment and remediation actions—like user lockouts, host isolation, or session revocation—while enforcing escalation policies. It’s designed to reduce MTTR and lighten analyst workloads by handling routine, policy-cleared threats.

Insider Intent Agent: Detects early indicators of insider threats through psycholinguistic analysis, behavioral drift and contextual risk. Insider Agent will leverage access patterns, HR signals, and UEBA telemetry to flag risky behavior tied to insider threats. It builds adaptive profiles that evolve over time, allowing SOC teams to act on emerging risk before damage is done—without alert overload.

Noise Cancellation Agent: Suppresses false positives and reduces alert fatigue to keep analysts focused on real threats. Noise Cancellation Agent uses LLM reasoning, behavioral patterns, and analyst feedback to classify, deduplicate, and suppress irrelevant alerts—cutting down noise while preserving visibility into what matters most.

Spotter Agent: Helps analysts investigate faster by querying data lakes and surfacing relevant anomalies. Spotter Agent functions as an autonomous threat hunter. It translates analyst intent from natural conversational requests into optimized queries across Snowflake and other data lakes, surfacing anomalies using behavioral baselines and risk scores, and continuously learns through analyst feedback to fine-tune investigations.

Investigate Agent: Surfaces contextual intelligence in real time by analyzing global threat indicators and assigning confidence scores and threat categories—like ransomware, phishing infrastructure, or botnet activity—to observed IOCs. The Investigate Agent empowers other agents to prioritize and classify alerts more accurately, streamlining investigations and accelerating threat triage across the SOC.

Threat Intel Agent: Curates investigation results, annotating and enriching with plain language summaries and advice, ensuring analysts do not waste time interpreting large amounts of correlated data and can quickly understand the severity and context of an investigation.

Data Pipeline Management Agent: Orchestrates intelligent data flow by classifying, filtering, and routing security telemetry based on context, value, and urgency. The Data Pipeline Manager Agent enables real-time analysis for high-priority events while deferring low-risk data for forensics or compliance, reducing noise and storage overhead. It empowers all agents with the right data at the right time—optimizing detection, accelerating investigations, and maximizing cost-efficiency across the SOC.

Building toward an open agentic mesh

While each agent can execute jobs to be done independently today, Securonix is actively building the revolutionary framework for an open agentic mesh – a self-orchestrating interconnected system of agents that share memory, context, and intent to solve problems together with Securonix and with other multi-vendor agents to provide flexibility. In this agentic mesh, agents will register themselves, collaborate on jobs to be done, and coordinate with other agents or humans to get jobs done.

The mesh will enable:

• Context-passing between agents (e.g., Investigation → Response)
• Orchestration logic that adapts in real-time based on outcomes
• Policy-governed autonomy, where agents operate within defined human-led guardrails

“As a rapidly expanding company, we’re selective when it comes to the technology and partners we choose to engage with, and Securonix’s innovative approach to autonomous, AI-driven security operations truly sets them apart,” said Neehar Pathare, MD, CEO / CIO of 63SATS Cybertech. ”We’re excited to dive into how their agentic architecture can enhance the intelligence and agility to the Security Operations Center.”

From co-pilot to agent to agentic: Human-in-the-loop at the core

Securonix’s agentic philosophy is grounded in trust and transparency. Agents may act autonomously, but analysts retain full control. Organizations define the rules of engagement—role-based permissions, escalation paths, and playbook override logic—to ensure that human intent remains central to every action. This balance ensures speed without sacrificing oversight. The system adapts but never overrides human authority.

“As organizations look to move beyond traditional SIEM use cases, they’re demanding predictive analytics, real-time threat detection, actionable insights, and intelligent automation. Securonix delivers all of this—now powered by GenAI agents,” said Kevin Leong, CISO, Managed Services Business Unit, NEC Asia Pacific Pte Ltd. ”Their advanced platform strengthens our portfolio, giving customers deeper visibility and faster response to the threats that matter most.”

The future of AI-driven cyber defense

Together, these agents represent the next stage in autonomous, modern SOC —intelligent, explainable, and built to scale. In this next phase, Securonix is not only delivering powerful new capabilities but also constructing the architecture needed to transition from modular agents to a coordinated, intelligent mesh.

“Securonix is helping us reimagine what’s possible in the SOC. With GenAI at the core, we’re detecting threats faster, responding smarter, and reducing the noise that would have overwhelmed our team,” said Richard Henderson, Executive Director and CISO, Alberta Health Services.

This is what it means to bring autonomous decision-making to security operations—not just faster responses, but smarter, more consistent, and deeply explainable actions that scale with your environment.

Ashok Prabhu, Chief Executive – Sales of Noventiq ValuePoint, emphasizes the need for smarter security operations, stating, “As organizations look to move beyond traditional SIEM use cases, they’re demanding real-time threat detection, actionable insights, and intelligent automation. Securonix delivers all of this—now powered by GenAI agents. Their advanced platform strengthens our portfolio, giving customers deeper visibility and faster response to the threats that matter most.”