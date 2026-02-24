Druva announced a major expansion of DruAI, adding Deep Analysis Agents that automate complex multi-day forensic and compliance investigations.

IT and security teams spend too much time not just fixing problems, but proving what happened and why across incident response, forensics, audits, and operational reviews. Much of that effort goes into manual correlation and report preparation, keeping teams tied up in documentation instead of investigation and remediation. Druva addresses this challenge with long-running Deep Analysis Agents that investigate independently, intelligently connect signals across systems, and deliver ready-to-share reports in minutes.

“IT teams are drowning in evidence collection and manual reporting,” said Stephen Manley, CTO at Druva. “This release turns AI from a conversational assistant into a partner that completes work. We are enabling teams to delegate multi-day investigations to agents that finish in minutes and deliver a final report that can be immediately shared with security, compliance, or operations teams.”

Deep Analysis Agents for the autonomous enterprise

Deep Analysis Agents are built on Dru MetaGraph, Druva’s tenant-specific, graph-powered foundation for real-time data intelligence. Dru MetaGraph connects and contextualizes data, enabling Deep Analysis Agents to conduct extended investigations independently and deliver complete, ready-to-share reports in minutes.

Deep Analysis Agents are AI agents that conduct extended investigations across telemetry, logs, identity data, configurations, and historical signals. They break complex tasks into steps, coordinate across systems, and analyze findings over time to produce clear, actionable insights and reports. Investigations that once took 2 to 3 days can now be completed in 8 to 10 minutes, with results formatted for direct use by security, compliance, or operations teams.

Example queries include:

“We are investigating a cyber attack this month. There may be some signals of the attack in the admin logs. Can you review them and compare them to last month’s baseline? Use the MITRE ATT&CK framework as the methodology to analyse the logs and keep your analysis to 2 pages in length.”

“Can you review our enterprise workloads audit trails logs for ISO/IEC 27001:2022 compliance gaps. Focus on behavioural patterns rather than just activity volume. Provide a graded Executive Summary and a Remediation Roadmap.”

With a new ‘Notify Me’ workflow, users can trigger a deep analysis and walk away. DruAI processes the investigation in the background and emails a comprehensive report upon completion.

Agentic memory and personalized intelligence

This release introduces Agentic Memory, a new capability that allows DruAI to store, recall, and apply information over time. Unlike traditional chat-based tools, DruAI maintains both short-term session context and structured long-term memory of an organization’s environment, terminology, and investigative history.

Agentic Memory enables personalized intelligence across roles and workflows. DruAI recognizes whether a user is a SOC analyst, IT administrator, or compliance officer and tailors dashboards, responses, and reports accordingly. Over time, it also adapts to user preferences, such as reporting formats, areas of historical focus, and common investigative paths, reducing repetitive setup and accelerating decision-making.

Image-based assistance

DruAI supports multimodal interaction, allowing users to upload screenshots of errors, alerts, configuration pages, or system behavior directly into the console. DruAI interprets the image, understands the technical context, and provides guided steps to resolve the issue, bringing the speed and intuition of frontier AI into practical enterprise workflows.

“For the first time, we have an AI tool that delivers actionable insight right out of the gate,” said Hunter French, Senior Vice President for Impact Services at Goodwill Industries of the Valleys. “It analyzes weeks of log data and surfaces findings we can immediately put to work, saving hours of compliance reporting and manual review.”