Sophos, a global cybersecurity leader, today announced production results from a full year of agentic operation inside Sophos Managed Detection and Response (MDR), now defending 40,000 customers worldwide at 39% growth year-over-year. The results define what an agentic Security Operations Center (SOC) looks like at scale. The volume of telemetry, complexity of the modern stack, and structural imbalance between cybersecurity demand and available expertise have outpaced what traditional SOC structures can manage, while adversaries adopt AI without procurement cycles or governance friction.
89 seconds from case creation to fully automated response.
52% of MDR cases closed end-to-end by AI without human intervention.
40,000 customers on agentic model; 39% year-over-year growth.
Ranked #1 across five categories in G2 Summer 2026 (Endpoint Protection, EDR, XDR, MDR, Firewall).
Named 2026 Gartner Peer Insights Customers' Choice for MDR with 4.8/5 rating (most-reviewed vendor).
Named Overall Leader in KuppingerCole Leadership Compass for MDR.
"The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production," said Raja Patel, president, Sophos. "When you run the world's largest SOC, every threat encountered makes every customer's defense stronger. No other vendor operates with our breadth, from small businesses to global enterprises with tens of thousands of employees, and no other vendor compounds intelligence across that scale. A customer using the Sophos Central Defense System benefits from the learnings of every other customer in it."
Sophos has re-architected the SOC so AI absorbs the volume and senior analysts focus where judgment matters, scaling expert response to organizations that cannot run full security operations in-house. Through Sophos Central—the industry's first AI-Native Cybersecurity Defense System—endpoint, firewall, identity, SIEM, network, email, cloud, threat intelligence, XDR, and MDR share a unified context lake, integrated AI, and a single workflow. Open by design, it supports 350+ third-party integrations and delivers one of the most complete solutions for Microsoft environments.
For Sophos MDR customers, the outcome is clear: threats neutralized before they disrupt the business, and a defense system that keeps pace with adversaries moving at AI speed.
The production data from the past twelve months sets a new benchmark for managed security operations:
89 seconds from case creation to fully automated response. This metric measures how fast the Sophos Central Defense System acts on cases AI is authorized to resolve, translating directly into faster response and stronger resilience against attacks that move at machine speed.
52% of MDR cases closed end-to-end by AI, without human intervention required, inside boundaries continuously calibrated by analysts. This metric measures the volume of work AI is doing autonomously, not just alert triage or threat containment.
40,000 customers on the agentic model: Every Sophos MDR customer benefits from the same agentic operating model, regardless of size or segment, with intelligence compounding across every threat encountered.
Sophos operates both a human-on-the-loop (HOTL) and human-in-the-loop (HITL) model within the agentic SOC: human-on-the-loop for the high-volume, well-bounded work where speed matters, and human-in-the-loop for high-stakes decisions where context, business impact, or novel adversary behavior require an analyst's judgment before action.
AI now handles the volume that previously consumed Tier 1 and much of Tier 2 analyst time. Human analysts have shifted to higher-value work: threat hunting, investigation, customer advisory, and governance of the autonomous systems themselves.
"The 52% gets the attention, but the 48% is just as important," said Rob Harrison, SVP product management, Sophos. "When AI takes the volume off the human queue, our analysts get the bandwidth to do the work that requires their judgment: the novel attack patterns, the high-stakes decisions, the cases where context and business implications matter. AI speed and human judgment are the two halves of the same operating system, and intelligence compounds across both with every threat we stop."
Sophos has been recognized as a leader in MDR and across the broader portfolio that supports it:
G2 Summer 2026: ranked #1 across five categories. Sophos was named the top overall solution in Endpoint Protection, EDR, XDR, MDR, and Firewall in the G2 Summer 2026 Reports, based entirely on verified customer reviews. No other vendor has achieved this across all five categories in a single season. This is the eighth consecutive quarter that Sophos MDR has been named the overall leader.
2026 Gartner Peer Insights Voice of the Customer for Managed Detection and Response (MDR). Sophos was named a 2026 Gartner Peer Insights Customers' Choice with an overall rating of 4.8/5.0 based on 290 reviews, making Sophos the most-reviewed vendor in the report.
KuppingerCole Analysts Leadership Compass for Managed Detection and Response 2026. Sophos was named an Overall Leader in four categories: Overall Leadership, Product Leadership, Innovation Leadership, and Market Leadership.
Sophos is extending the agentic operating model across the rest of the company's portfolio via Sophos Central through 2026. Investments include the integration of XDR and Next-Gen SIEM capabilities into a unified context lake, expansion of Secure AI capabilities for the new generation of customer AI tooling, and the launch of Sophos CISO Advantage in fall 2026, which will bring strategic security guidance to organizations with and without security leadership in place. Each of these capabilities operates on the same agentic foundation and Defense System that Sophos MDR has demonstrated this past year.
About Sophos
Sophos, a global cybersecurity leader, defends more than 600,000 organizations worldwide with the industry's first AI-native defense system: a single, connected architecture where every control point operates as one. Powered by agentic AI and elite human expertise, Sophos detects, investigates, and neutralizes threats before they become business-disrupting events. Working alongside a global ecosystem of managed service providers, resellers, and technology partners, Sophos compounds intelligence from every threat encountered and every environment defended to make every customer's defense stronger than the last.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.