Red Canary, a leader in Managed Detection and Response (MDR), unveiled a suite of expert AI agents on June 10, 2025, designed to revolutionize Security Operations Center (SOC) efficiency. These agentic AI tools automate threat detection, investigation, and response, reducing investigation times by 90% and enabling faster, more confident security operations.
Red Canary launches AI agents for SOC automation on June 10, 2025.
Cuts investigation time from 20+ minutes to under 3 minutes.
Handles 2.5M+ investigations across endpoint, cloud, and SIEM.
Trained on 10 years of data with 99.6% true positive rate.
Includes SOC Analyst, Response, and Threat Intelligence agents.
Integrates with Microsoft Sentinel, Okta, and AWS GuardDuty.
Red Canary’s AI agents tackle alert overload and manual processes that bog down SOC teams. “Automation remains core to how Red Canary finds more threats and stops them faster,” said Brian Beyer, CEO and Co‑founder of Red Canary. Built on a decade of operational data and guided by elite security operators, these agents automate Tier 1/Tier 2 workflows, completing over 2.5 million investigations with a 99.6% customer-validated true positive rate, ensuring enterprise-grade reliability.
The AI suite includes:
SOC Analyst Agents: Automate investigations across endpoint (Microsoft Defender), cloud (AWS GuardDuty), SIEM (Microsoft Sentinel), and identity (CrowdStrike Falcon) environments.
Response & Remediation Agents: Deliver specific response tactics and hardening steps to mitigate future risks.
Threat Intelligence Agents: Match threats against known profiles, identifying trends for rapid intelligence.
User Baselining Agents: Flag anomalies by comparing real-time user behavior to historical patterns.
These agents reduce noise and provide actionable insights, enabling analysts to focus on high-priority threats.
Salesforce Login Threat: Identity Investigation and User Baselining agents detected a suspicious Salesforce login from a high-risk IP, missed by other tools. The threat was contained within minutes via password reset.
Compromised Account: SIEM and Identity Investigation agents for Microsoft Sentinel and Entra ID identified a compromised access token through unusual login patterns, enabling swift containment.
Customers report slashing investigation times from over 20 minutes to under 3 minutes, enhancing operational efficiency.
Unlike generic AI agents, Red Canary’s are trained on millions of real-world investigations and standardized procedures, ensuring consistent, high-quality outputs. Integration with tools like Okta and Microsoft Sentinel enhances compatibility with existing SOC workflows. The agents’ ability to enrich alerts and recommend actions streamlines triage, helping teams stay ahead of evolving threats without added complexity.
Red Canary’s AI agents set a new benchmark for SOC automation, empowering security teams to respond faster and with greater confidence. By reducing manual workloads and enhancing threat detection, this innovation strengthens enterprise resilience in a complex cybersecurity landscape.
Red Canary is a leader in managed detection and response (MDR). We serve companies of every size and industry, focusing on finding and stopping threats before they can have a negative impact. As the security ally for nearly 1,000 organizations, we provide MDR across our customers' cloud workloads, identities, SaaS applications, networks, and endpoints.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.