Security teams are drowning in alerts, and the clock isn’t slowing down. AgileBlue’s latest update,
Sapphire AI Decisioning, aims to flip the script. This new feature brings autonomous decision-making into the day-to-day workflow of SecOps teams, cutting down noise, speeding up response, and putting machine intelligence to work where it counts.
At the center of Sapphire AI Decisioning is automated confidence scoring. Every alert is analyzed and tagged with a risk-based score, giving analysts a fast read on what’s critical and what can wait. It’s a practical move away from endless triage toward faster prioritization and decisioning.
Scaling Response Without Sacrificing Human Oversight
For managed security service providers (MSSPs) juggling multiple environments, the impact is tangible. “Sapphire AI Decisioning helps scale detection and response by automating the triage of high-volume, low-risk alerts, auto-closing benign cases with high confidence and prioritizing true threats,” said
Gillian Sweny, Director of Marketing at AgileBlue. “Since initially launching Sapphire AI over a year ago our MSSP partners have seen a reduction of close to 70% in human time working benign cases. Further, we have seen an accuracy rate close to 98%. Sapphire AI Decisioning further helps our partners increase margin and effectiveness.”
But automation without accountability isn’t an option, especially in compliance-heavy industries. “Every case – whether auto closed or deeply investigated by the human analyst team – includes the same visibility and access directly in the AgileBlue Platform,” Sweny added.
Each auto-closed case in Sapphire AI Decisioning includes a full summary, the final verdict, a confidence score, and a generative AI-generated explanation of the decision. To ensure consistency over time, AgileBlue’s analyst team also reviews a sample of these cases daily. "Additionally, a selection of auto-closed cases is reviewed by AgileBlue's human analyst team on a daily basis, ensuring long term consistency in the process," says Sweny.
Autonomy with Guardrails Built In
The update doesn’t just reduce noise; it supports a hybrid model that keeps analysts in control. “As Sapphire AI Decisioning advances SecOps toward full autonomy, we maintain a critical balance by using confidence-based automation and a human-in-the-loop approach,” said Sweny. “Cases with a high confidence of a benign verdict are auto-closed to reduce noise, while ambiguous or high-stakes cases are immediately assigned for review by a human analyst. As soon as an analyst picks up a case, Sapphire AI has already correlated critical information to ensure an expedited investigation and response. Autonomous playbooks, regular reviews, and full audit trails ensure transparency and control.”
The latest release also includes a revamped interface with improved alert visualization and case tracking, helping teams manage both human-reviewed and auto-closed alerts without losing the thread.