Rapid7 has announced the integration of agentic AI workflows into its security information and event management (SIEM) and extended detection and response (XDR) platform, aiming to change how managed detection and response (MDR) environments handle security threats within security operations centres (SOCs).
The newly embedded agentic AI capabilities utilise Rapid7's AI Engine to autonomously execute core investigative tasks traditionally managed by SOC analysts. This development is intended to allow analysts to focus on deeper analysis, reduce investigation times, and enable faster resolution of security incidents for customers.
Automation in security operations
According to Rapid7, the new workflows are a response to the evolving threat landscape, where AI technologies are used by attackers to mount faster and more sophisticated campaigns. The company claims its agentic AI can handle alert triage with an accuracy rate of 99.93%, reportedly saving SOC teams more than 200 hours per week.
The integration of these workflows is part of a wider effort to scale MDR services and improve transparency into the decision-making process when security events are detected and investigated. This is particularly important given the increasing volume and complexity of alerts faced by security teams.
"AI isn't just an enhancement to security operations, it's a catalyst for a new era of scale, speed, and strategic decision-making. At Rapid7, we believe AI must be human-centric, transparent and accountable, and built on analyst expertise. The launch of agentic AI workflows for MDR represents the foundational step in our broader vision for agentic AI across the platform. Far more than just automation, this is the beginning of a system capable of intelligent and adaptive decision-making."
This statement was made by Laura Ellis, Vice President of AI and Data at Rapid7.
Focus on high-impact tasks
Agentic AI workflows have been trained on playbooks authored by Rapid7's security operations centre experts and are continually refined through use in real-world scenarios. The company states these workflows aim to improve confidence in organisations' security posture through scalable, repeatable investigations, while ensuring that analysts can reallocate time to higher complexity issues.
Further, these workflows are designed to enhance visibility into the reasoning and logic behind AI-driven decisions, providing greater control over the security process and transparency for organisations using the platform.
"A world-class SOC optimizes for the 'human' decision moment. With agentic AI workflows, we're using AI to present the right information to enable accurate and fast human decisions that allow organizations to quickly find and stop today's AI-enabled attackers. Agentic AI workflows automate repetitive tasks, surface relevant findings, and provide contextual information to support analyst decision-making. By delivering timely, actionable insights, these workflows improve the quality of decisions being made and empower analysts to move confidently to the next step in the response process."
This perspective was shared by Jon Hencinski, Vice President Detection & Response at Rapid7.
Industry observations
The approach taken by Rapid7 in embedding AI-driven workflows has also been commented on by industry analysts. Craig Robinson, Research Vice President at IDC, remarked:
"Successful AI deployment in any cybersecurity platform needs to be thoughtful and planned: from the classification of data through to disciplined workflows and orchestration of detections with responses. Rapid7's approach to AI implementation checks each of these boxes with deliberate, transparent, practical AI processes that deliver real-world efficiencies for its customers."
Continuous adaptation
Rapid7 highlights that its agentic AI workflows are iteratively improved based on operational data and expert input, aiming to provide both scale and adaptability in cybersecurity environments where attack methods and volumes are continuously evolving.
The company asserts that this focus on automation and transparency will result in improved alert fidelity, shorter investigation cycles, and a more strategic allocation of human resources within SOCs.
Rapid7's enhanced MDR experience with agentic AI is intended to offer organisations increased command of their attack surfaces while responding to the speed and complexity of AI-driven threats.
