MSSP, MDR, Incident Response, SOC

Sophos Says Agentic SOC Cuts MDR Response Time to 89 Seconds

Sophos says its managed detection and response business is now operating on an agentic SOC model that uses AI to investigate and respond to a large share of security cases. The company reported that Sophos MDR now protects 40,000 customers, up 39% year over year, and said its production data from the past 12 months shows how AI is being used inside live security operations.

The headline here is response speed. Sophos is saying that the cases that AI is authorized to resolve are moving from case creation to a fully automated response in 89 seconds. The company also said AI closed 52% of MDR cases end-to-end without human intervention, within boundaries set and monitored by analysts. For MSSPs, this is a big number because the operational pressure in managed security is about reducing the time and labor required to move from signal to action.

Sophos said its model uses both human-on-the-loop and human-in-the-loop workflows. The first is used for high-volume, well-defined activity where speed matters. The second is used when a decision needs analyst judgment, business context, or closer review. In practical terms, Sophos is trying to move routine triage and response work away from human queues while keeping analysts focused on threat hunting, complex investigations, customer advisory work, and oversight of the AI systems themselves.

For MSSPs, the announcement points to where managed security operations are headed. Buyers want faster response, clearer outcomes, and services that can scale without simply adding more Tier 1 and Tier 2 analysts. Agentic SOC models may help providers manage that pressure, but the real test will be governance, customer trust, and how clearly providers can explain what AI is allowed to do, when humans step in, and how response decisions are documented.

You can skip this ad in 5 seconds