Rapid7 has integrated agentic AI workflows into its managed detection and response (MDR) services to assist security operations centres (SOCs) with threat investigation tasks.
The company's AI-driven workflows are aimed at autonomously addressing foundational investigative procedures.
This approach is intended to allow human security analysts to redirect their attention to the more complex facets of cyber threats and strategic decision-making within organisations. The technology has been specifically trained using playbooks developed by Rapid7 SOC specialists and is designed to provide clear explanations for each action taken during investigations.
Agentic AI workflows are now embedded within Rapid7's SIEM and XDR platform.
According to the company, the AI engine can perform tasks with the precision of a SOC analyst but at a greater speed, offering the potential to reduce investigation times and support customer organisations in addressing cyber security incidents.
Responding to evolving cyber threats
The growing automation in cyber attack methods has increased the challenge for organisations to detect and respond to incidents.
Rapid7 positions its solution as an answer to this increasing demand for scalable and efficient security response systems.
The new workflows draw on the company's AI automation for alert triage, which Rapid7 reports achieves 99.93% accuracy in dismissing benign alerts and is estimated to save more than 200 SOC hours each week.
Laura Ellis, Vice President of AI and Data at Rapid7, stated, "AI isn't just an enhancement to security operations, it's a catalyst for a new era of scale, speed, and strategic decision-making. At Rapid7, we believe AI must be human-centric, transparent and accountable, and built on analyst expertise."
"The launch of agentic AI workflows for MDR represents the foundational step in our broader vision for agentic AI across the platform. Far more than just automation, this is the beginning of a system capable of intelligent and adaptive decision-making."
Agentic AI workflows are trained on operational scenarios crafted by Rapid7's SOC personnel.
The intention is for these workflows to be enhanced continuously as they are applied in real-world contexts. Rapid7 highlights several intended outcomes: more reliable and consistent investigations, increased service transparency, and a more strategic allocation of analyst time towards high-impact initiatives.
Jon Hencinski, Vice President Detection & Response at Rapid7, commented, "A world-class SOC optimises for the 'human' decision moment. With agentic AI workflows, we're using AI to present the right information to enable accurate and fast human decisions that allow organisations to quickly find and stop today's AI-enabled attackers."
"Agentic AI workflows automate repetitive tasks, surface relevant findings, and provide contextual information to support analyst decision-making. By delivering timely, actionable insights, these workflows improve the quality of decisions being made and empower analysts to move confidently to the next step in the response process."
Analyst perspective
The approach adopted by Rapid7 has also drawn attention from the research community. Craig Robinson, Research Vice President at IDC, stated, "Successful AI deployment in any cybersecurity platform needs to be thoughtful and planned: from the classification of data through to disciplined workflows and orchestration of detections with responses."
"Rapid7's approach to AI implementation checks each of these boxes with deliberate, transparent, practical AI processes that deliver real-world efficiencies for its customers."
The integration of agentic AI workflows within MDR services comes as organisations continue to face a growing volume and variety of cyber attacks.
The need for tools that translate automation into actual reductions in analyst workloads and improvements in decision accuracy is often cited by security leaders.
