MDR, SOC, MSSP, MSP, EDR, AI/ML, Vulnerability Management, Threat Management, Identity, SIEM, SOAR

Agentic MXDR can handle most SOC investigations autonomously: CyberProof

AI is already changing how SOC teams work - from investigations, detection tuning, and risk prioritization. But most security teams are managing a range of tools like SIEM, SOAR, EDR, cloud security, identity, and vulnerability that generate their own alerts and recommendations. And this is where the work gets complicated for security teams. While AI is speeding up one part of the process, security teams are still managing separate workflows and alerts.

CyberProof’s newly launched Agentic MXDR solves this complexity by connecting multiple AI agents to detect, investigate, threat hunt, and carry out exposure management in a more coordinated SOC workflow. The company is positioning it as a co-managed security operations model that connects AI agents with human analysts and its Reveal360 platform. CyberProof says the service is designed for large enterprises and midmarket organizations with complex hybrid cloud environments.

Why this matters now

Traditional MDR and MXDR services have often centered on monitoring alerts, investigating suspicious activity, and escalating confirmed incidents to the customer. CyberProof is framing Agentic MXDR as a more connected operating model, where AI agents support the full lifecycle of security work instead of helping with one task at a time.

Edy Almer, CPO and VP of Product at CyberProof, told MSSP Alert that the company’s differentiation is that it is not treating AI as another tool added to a traditional SOC workflow.

“While many providers deploy isolated AI tools for narrow use cases, CyberProof’s core differentiation lies in embedding cross-discipline capabilities into a unified operational framework,” Almer said. “By tightly integrating threat intelligence, threat hunting, and detection engineering into an always-on workflow, the system eliminates the need for separate teams to manually coordinate during an investigation.”

Moving MXDR beyond alert queues

The service is meant to reduce manual work in alert triage, threat hunting, and detection tuning. CyberProof says the system can autonomously handle up to two-thirds of security investigations, while escalating more complex or higher-risk cases to human analysts. Its framework maps AI agents to each customer’s security architecture, which is especially important for enterprises with mixed environments, where Microsoft, Google, identity, endpoint, cloud, SIEM, and SOAR tools may all play a role in daily security operations. CyberProof’s broader strategy also includes threat-led defense, asset visibility, exposure management, defense management, and Reveal360 as a visibility hub for security posture.

Almer said the company sees that as a structural change in the SOC operating model, not just a productivity gain.

“CyberProof’s Agentic MXDR service transitions the traditional SOC into a hybrid cyber fusion center by natively integrating AI agents across all core disciplines, including SIEM, SOAR, incident response, threat hunting, cyber threat intelligence, and detection engineering,” Almer said. “Because AI agents perform the foundational heavy lifting of initial triage and execution, the daily operational boundaries between these historically siloed engineering units merge into a highly collaborative model.”

Human governance will remain central

CyberProof is careful to position the service as human-governed, not fully autonomous. The company says Agentic MXDR combines SOAR playbooks with trained and tested AI agents. Those agents support work such as alert triage, targeted threat hunting, detection rule tuning, and exposure-driven prioritization. Human experts remain responsible for validating critical risk decisions.

Almer said the shift changes what human analysts spend their time doing.

“The primary operating model for human talent shifts from reactive data gathering to proactive oversight, repositioned to systematically review, validate, and communicate the autonomous actions and strategic recommendations generated by AI,” Almer said. “With routine technical validation completely automated, Level-2 and Level-3 analysts are empowered to act as broad-spectrum cyber experts.”

Exposure management becomes part of response

CyberProof is also connecting MXDR and exposure management and tying active defense to vulnerabilities, control validation, and threat exposure.

Almer said CyberProof’s model is designed to answer those questions faster by moving beyond alert review and into hypothesis-based hunting.

“This multi-agent approach enables autonomous, hypothesis-based hunting, allowing CISOs and their security teams to confidently answer two critical questions in near real time: ‘Do I currently have Threat Actor X in my environment?’ and ‘Can my current tool stack detect Threat Actor X?’” Almer said.

CyberProof says its service uses a closed learning loop, where each case improves agent logic, detections, automation, and future response. The company also says the service can adapt defenses to new adversary campaigns or vulnerabilities within minutes rather than weeks.

Almer said the company is also embedding daily quality assurance routines into the service, so agent configurations, logic optimization, and control fixes can be handled within the same business day.

A multi-agent model for mixed security stacks

CyberProof is trying to avoid locking customers into one vendor’s AI SOC ecosystem.

Almer said, “We prevent vendor lock-in by operating as an open, federated orchestrator rather than a closed, single-vendor platform,” Almer said. “The framework supports any SIEM, any EDR, any firewall, any cloud, and any OT security vendor, allowing the customer to keep their current security stack investment while still agentizing the processes.”

For large enterprises and co-managed security customers, where the security environment is rarely clean or standardized, they have already invested heavily in endpoint, identity, cloud, SIEM, SOAR, and OT security tools. Replacing that stack to adopt AI-driven security operations is often unrealistic.

“Instead of forcing a customer to change, we fully adapt to their existing environment and customizations,” Almer said.

What buyers should watch

Agentic MXDR includes a quality control framework that measures agents by effectiveness, speed, and cost. AI-driven SOC work can get expensive fast, and CISOs need to know whether an agent is worth using for a task, or whether a smaller model, playbook or analyst can handle it just as well.

Almer said CyberProof measures success through CDC Reveal360 business intelligence, using service-level objectives and performance metrics tied to speed, response time, autonomous resolution, and investigation accuracy.

“Traditional, alert-focused SLAs are obsolete; AI-driven threats can now compress an entire attack lifecycle into minutes,” Almer said.

According to Almer, CyberProof tracks the time from a new adversary campaign to proactive threat hunting and exposure containment. He said the multi-agent model can reduce mean time to respond by up to 80%, handle an average of 75% of case investigations autonomously before escalating critical risk decisions to senior human-in-the-loop layers, and deliver up to 30% higher structural accuracy than variable human Level-1 baseline triage logs.

For service providers, the economics of agentic security will also matter. Almer said the platform’s quality control framework continuously benchmarks agents by graphing security effectiveness against real-time processing costs.

“By allowing security teams to mathematically define a customized organizational cost threshold, providers can achieve long-term financial predictability without sacrificing defensive coverage,” Almer said.

CyberProof’s Agentic MXDR launch does not remove the need for experienced SOC analysts. The goal is to let automation handle routine investigations, enrichment, and tuning, while human analysts focus on the cases that need real judgment.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds