Sumo Logic has taken a significant step forward in AI-driven security operations by expanding its SOC Analyst Agent to recommend remediation actions, thereby accelerating threat detection, investigation, and response (TDIR). Announced at RSAC 2026, the company is showcasing its advanced Dojo AI agents, which now go beyond simply providing context. Instead, they actively guide security teams with actionable recommendations to close the loop across the entire security lifecycle.
In today’s rapidly evolving cybersecurity landscape, organizations face an overwhelming influx of telemetry data. In fact, more than half of security leaders report dealing with excessive point tools in their security stacks. As cloud adoption increases and identity ecosystems expand, security teams encounter a critical challenge—having abundant data but lacking clear decision-making pathways. While traditional SIEM platforms effectively identify anomalies and suspicious patterns, they often fall short in guiding analysts on the next steps. Consequently, analysts must manually interpret data and create response strategies, which delays remediation and increases operational pressure.
To address this gap, Sumo Logic is redefining the modern Security Operations Center (SOC). The platform integrates both the data layer and the decision layer, starting with logs as a reliable system of record. It further enhances insights through Cloud SIEM correlation and leverages Dojo AI to transform traditional SIEM capabilities into a powerful recommendation engine. As a result, analysts no longer just receive alerts—they also receive intelligent, context-driven guidance on how to respond.
“The industry is redefining what a SOC does,” said Chas Clawson, VP of Security Strategy at Sumo Logic. “It’s no longer enough to surface context and say, ‘here’s a suspicious login, go figure it out.’ Our Dojo AI SOC Analyst Agent can now recommend, for example, ‘This user has suspicious logins to three apps from these two locations. Click to temporarily suspend access as I help you investigate.’ We’re closing the loop on TDIR with agentic workflows that guide analysts to faster and more confident decisions.”
Moreover, Sumo Logic emphasizes that its AI doesn’t just detect threats—it acts on them. The Dojo AI suite includes several specialized agents designed to streamline operations. The SOC Analyst Agent helps reduce mean time to response (MTTR) by combining automation with human-led investigations. Meanwhile, the Query Agent simplifies complex search processes by translating intent into precise queries. Additionally, the Knowledge Agent provides real-time answers using official documentation, while the MCP Server extends AI capabilities across multiple tools to ensure seamless workflows.
Importantly, all these agents operate on a trusted foundation powered by Sumo Logic’s Logs for Security and Cloud SIEM. This ensures that every AI-driven recommendation is backed by high-quality data and explainable logic, reinforcing trust and accuracy in decision-making.
“Sumo Logic’s Dojo AI is transforming our Security Operations team by enabling natural language log analysis and delivering contextual insights that accelerate investigations,” explained Scott Steenhoek, Sr. IT Cybersecurity Engineer, Sammons Financial. “The platform reduces noise, improves detection precision, and allows our analysts to focus on response rather than manual query building.”
Overall, Sumo Logic’s latest innovation marks a shift toward intelligent, action-oriented cybersecurity, where AI not only identifies threats but also empowers teams to respond faster and more effectively.
Recommended Cyber Technology News:
- Cerro Coso Community College Secures $1.1 Million to Expand Cybersecurity Program
- Cyberify Launches QuantumReady for Post-Quantum Security
- Netwrix Expands 1Secure To Govern AI Data Access
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
