A growing number of cybersecurity vendors are developing AI agents for security operations centers (SOCs) and other cybersecurity tasks that hold the promise of greater speed and efficiency for corporate security teams and MSSPs.
At this week's Google Cloud Next 2025 conference in Las Vegas, the cloud giant announced two AI agents – one designed to run investigations for users, and the other focused on malware analysis. Both “aim to deliver faster detection and response, with complete visibility and streamlined workflows,” wrote Peter Bailey, Google Cloud’s vice president and general manager of security operations, and Brian Roddy, vice president of product management. The duo described the agents "as a catalyst for security teams to reduce toil, build true cyber-resilience, and drive strategic program transformation.”
While AI agents made up a significant part of a larger rush of Google security-related announcements at the event, this also reflects an industry-wide push to use the emerging AI tools to help SOCs and other security operations overwhelmed by the growth and sophistication of modern cyberattacks, an expanded attack surface due to the distributed nature of IT environments, including the ongoing shortage of experienced cybersecurity talent.
Also making moves this week included Radiant Security unveiling its Adaptive AI SOC platform, an agentic AI offering that can train itself rather than relying on a pre-trained AI engine, a key capability of AI agents, according to the co-founder and EO Shahar Ben-Hador in a statement.
Meanwhile, a Paris-based startup founded in 2023 and incubated by Meta and Microsoft, Qevlar AI announced raising $14 million for its agentic AI SOC technology. According to the co-founder and CEO Ahmed Achchak, organizations and MSSPs using the technology have cut the alert handling time from 40 minutes to three minutes, reduced workload of Level 1 and 2 analysts by 90%, increased classification accuracy rom 97% to 99.8%, and automated benign alters closure.
More Agentic AI for Cybersecurity
An expanding list of established vendors and startups such as Red Canary, Dropzone AI, Torq, ReliaQuest, Prophet Security, and Doppel are also injecting AI agents into security offerings.
The focus now appears to be on using the technology for SOCs - centralized, multi-function environments - that include the tools and people for monitoring, preventing, detecting, investigating, and responding to cyberthreats run internally or outsourced to MSSPs.
“The era of AI agents in cybersecurity, especially in SOC operations, is still young, but the potential is enormous,” Filip Stojkovski, staff security engineer for enterprise security with Snyk, wrote in a post on the Cyber Security Automation and Orchestration blog earlier this month. “By addressing alert overload and analyst shortages, AI agents offer a path from reactive firefighting toward proactive security management.”
They are a step beyond SOAR, which has been the tool for easily orchestrating security through sub-playbooks that combine to make up a single main playbook, Stojkovski wrote.
“Great concept, but often tricky to implement due to complexity,” he wrote. “AI agents simplify this orchestration dramatically, enabling automated decision-making that adapts and evolves based on context.”
'A Fundamental Shift'
Google Cloud’s Bailey and Roddy, writing about the company’s newest Gemini in AI agents, stated “Agentic AI is powering a fundamental shift in how security operations are conducted. Our vision is a future where intelligent agents work alongside human analysts, offloading routine tasks, augmenting their decision-making, and freeing them to focus on complex issues.”
An alert triage agent, housed in Google Security Operations, analyzes each alert, determines the relevant information, and decides how to address it. The agent also presents the evidence it considered and how it made the decision.
“This always-on investigation agent will vastly reduce the manual workload of Tier 1 and Tier 2 analysts who otherwise are triaging and investigating hundreds of alerts per day,” they wrote.
Google Threat Intelligence’s malware analysis agent also evaluates the code to determine if it is safe or malicious, summarizing its findings and delivering a final verdict. Both agents are expected to enter preview with select customers in Q2.
Radiant's Adaptive AI SOC
Milpitas, California-based Radiant Security has announced its Adaptive AI SOC, positioning it as a key step toward addressing challenges in today’s cybersecurity landscape—particularly alert fatigue, static playbooks, and analyst burnout. The AI-driven system processes all alerts, escalating only suspicious ones to human analysts along with remediation recommendations that can be reviewed and tailored as needed.
They stated the platform will reduce the critical mean time to respond (MTTR) from days to minutes.
“The one thing we kept hearing from our customers revolved around the need for complete alert coverage,” CEO Ben-Hador said. “Rather than pre-training our AI engine to support more use cases, we designed it to train itself. It dynamically researches every alert it receives, triages, and investigates as a top analyst would, adapting to the environment to achieve the most accurate results.”
Qevlar AI Gets a $10 Million Boost
Qevlar AI also revealed that it will use the latest infusion of cash, an additional $10 million to the $4 million already raised, for R&D and to expand its workforce and market reach globally. The fundraising was led by EQT Ventures and Forgepoint Capital International and includes strategic backing by Datadog CEO Olivier Pomel, Dataiku CEO Florian Douetteau, and Mehdi Ghissassi, the former director of product for Google’s AI lab DeepMind.
In a statement, Qevlar AI CEO highlighted that the “mathematics of cybersecurity are fundamentally broken. When a single analyst can only properly investigate a small selection of alerts per day, yet faces hundreds or even thousands requiring attention, we're asking humans to solve an impossible equation.”
The company’s AI agents can complete investigations in seconds that would typically take hours, with greater consistency and accuracy. Qevlar's CEO added that “as a result, SOCs can shift from being reactive alert factories to proactive threat hunters.”
