DevSecOps, AI/ML

AgileBlue Launches Sapphire AI Decisioning to Drive Autonomous SecOps Evolution

AI and security awareness training

Security teams are drowning in alerts, and the clock isn’t slowing down. AgileBlue’s latest update, Sapphire AI Decisioning, aims to flip the script. This new feature brings autonomous decision-making into the day-to-day workflow of SecOps teams, cutting down noise, speeding up response, and putting machine intelligence to work where it counts.

At the center of Sapphire AI Decisioning is automated confidence scoring. Every alert is analyzed and tagged with a risk-based score, giving analysts a fast read on what’s critical and what can wait. It’s a practical move away from endless triage toward faster prioritization and decisioning.

Scaling Response Without Sacrificing Human Oversight

For managed security service providers (MSSPs) juggling multiple environments, the impact is tangible. “Sapphire AI Decisioning helps scale detection and response by automating the triage of high-volume, low-risk alerts, auto-closing benign cases with high confidence and prioritizing true threats,” said Gillian Sweny, Director of Marketing at AgileBlue. “Since initially launching Sapphire AI over a year ago our MSSP partners have seen a reduction of close to 70% in human time working benign cases. Further, we have seen an accuracy rate close to 98%. Sapphire AI Decisioning further helps our partners increase margin and effectiveness.”

But automation without accountability isn’t an option, especially in compliance-heavy industries. “Every case – whether auto closed or deeply investigated by the human analyst team – includes the same visibility and access directly in the AgileBlue Platform,” Sweny added.

Each auto-closed case in Sapphire AI Decisioning includes a full summary, the final verdict, a confidence score, and a generative AI-generated explanation of the decision. To ensure consistency over time, AgileBlue’s analyst team also reviews a sample of these cases daily. "Additionally, a selection of auto-closed cases is reviewed by AgileBlue's human analyst team on a daily basis, ensuring long term consistency in the process," says Sweny.

Autonomy with Guardrails Built In

The update doesn’t just reduce noise; it supports a hybrid model that keeps analysts in control. “As Sapphire AI Decisioning advances SecOps toward full autonomy, we maintain a critical balance by using confidence-based automation and a human-in-the-loop approach,” said Sweny. “Cases with a high confidence of a benign verdict are auto-closed to reduce noise, while ambiguous or high-stakes cases are immediately assigned for review by a human analyst. As soon as an analyst picks up a case, Sapphire AI has already correlated critical information to ensure an expedited investigation and response. Autonomous playbooks, regular reviews, and full audit trails ensure transparency and control.”

The latest release also includes a revamped interface with improved alert visualization and case tracking, helping teams manage both human-reviewed and auto-closed alerts without losing the thread.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds