Todyl has introduced Janus, an AI investigation agent built into its unified cybersecurity and assurance platform, with a focus on a core MSSP challenge: how to resolve more incidents, across more tenants, without increasing analyst workload.
Janus works inside an active case, correlating incident evidence and enriching it with threat intelligence and vulnerability context. Analysts can ask natural-language questions and receive a structured explanation of what happened, why it matters, and what to do next. That removes much of the manual consolidation that typically slows investigations and delays remediation.
James Pellizzi, Co-founder, SVP Product at Todyl told MSSP Alert, “What we've built with Janus helps eliminate the manual consolidation work that slows analysts down by surfacing the context, analysis, and remediation steps needed to resolve incidents faster. For MSSPs, that means analysts can handle more cases across more tenants without adding headcount, which will have a direct impact on scale and margin. Newer analysts will ramp faster, experienced analysts will operate more efficiently, and the entire team will deliver better cybersecurity outcomes for customers.”
The same workflow changes how incidents move through MXDR. By pulling in a wider set of data during investigations, more cases can be resolved before they reach the provider or the customer.
“And by drawing from a broader pool of data sources, Janus helps our MXDR team resolve more cases internally before they ever reach the customer, which significantly reduces ticket volume and response times,” Pellizzi said.
That reduction in escalations is an operational shift for service providers. Fewer tickets and faster resolution times mean analysts spend more time on remediation and advisory work and less time interpreting alerts or preparing follow-up explanations.
A consistent way to explain security outcomes
Customer communication often determines whether a managed service is seen as a cost or a strategic function. Janus can create incident reports that can be tailored to technical and non-technical stakeholders, giving providers a repeatable way to show what was detected, what actions were taken, and what risk was reduced.
“Janus also raises the bar on client communication by helping MSSPs deliver incident details in a clear, actionable format that clearly communicates the relevant steps of an investigation with recommended next steps,” Pellizzi said. “Janus also has the intelligence to customize that communication to provide the right level of detail for the intended audience, whether they’re technical or non-technical, and their level of cybersecurity and compliance expertise.”
That visibility supports service expansion. When customers understand the outcome of the work, quarterly reviews shift from activity metrics to proof of protection and control effectiveness.
“Janus isn't sold as a standalone service, but for MSPs it becomes a powerful value tool for demonstrating value that directly supports upsell and package expansion opportunities,” Pellizzi said. “When you can show a customer in a clear, readable format exactly what threats were detected, how they were handled, and what was done to protect them, they have a much greater understanding of the value that they’re receiving.”
“It moves MSPs/MSSPs away from the traditional ‘Here's what we blocked this month.’ QBR and toward a much more compelling narrative around proven controls, active protection, and measurable outcomes,” he added. “Paired with AI-driven MXDR delivering 24x7 expert protection with rapid incident resolution, Janus gives MSPs the storytelling capability to position themselves as strategic security partners rather than just vendors. That shift in positioning is where the real monetization opportunity lives.”
Multi-tenant isolation with portfolio-level intelligence
Each customer environment is assigned a dedicated AI agent that can only access data within that tenant. That model maintains data separation while allowing detection and response to improve across the platform.
“Each tenant will continue to get their own dedicated AI agent, and currently agents are strictly isolated to their environment so that their data never crosses tenant boundaries,” Pellizzi said.
At the same time, threat analysis performed by the MXDR team feeds back into detection engineering and threat intelligence, so new activity in one environment strengthens protection across the install base.
“Our MXDR team can analyze and correlate threat activity across the entire install base without ever compromising individual tenant privacy. When a new threat surfaces in one environment, that immediately informs threat hunting across every customer,” Pellizzi said.
For partners, that creates a portfolio-level security story that individual customers cannot build on their own.
“They're not just offering isolated protection to individual customers, they're able to deliver a continuously improving intelligence engine that gets smarter with every detection, across every tenant, every day,” Pellizzi said.
One workflow across security, risk, and insurability
Because Janus operates across prevention, detection and response, GRC, and cyber-insurance readiness, incidents can be tied directly to control gaps and compliance exposure. That connection gives providers a way to link response activity to broader risk reduction programs and ongoing advisory services.
The result is faster remediation, more consistent reporting, and a clearer path to positioning managed security as a long-term program rather than a reactive function.