Los Angles Wire

collapse
Close menu
×
Home / Daily News Analysis / Netskope launches AI agents for SOC and NOC automation

Netskope launches AI agents for SOC and NOC automation

May 15, 2026  Twila Rosenbaum  18 views
Netskope launches AI agents for SOC and NOC automation

Netskope launches AI agents for SOC and NOC automation

Netskope this week introduced an AI-driven platform layer to ease the operational burden on security and network operations, as enterprises struggle to manage alert volumes and infrastructure complexity. The new offering, called Netskope One AgentSkope, is an agentic AI framework designed to automate security and network operations workflows within Netskope’s SASE platform. The platform can automate tasks such as alert triage and investigation, and policy management, according to Netskope, which reports that 40% of alerts go uninvestigated in security operations centers (SOC) and network operations centers (NOC) due to a lack of resources.

The launch comes at a time when organizations are drowning in alerts generated by a proliferating array of security tools. Traditional SIEM systems often require expensive data ingestion and still fail to prioritize effectively. By embedding AI agents directly into the Netskope One data layer, AgentSkope aims to reduce the need to move large volumes of data to external systems for analysis. This architectural choice not only lowers data transfer costs but also accelerates investigation times. The agents use natural language interfaces to execute multi-step workflows, ranging from gathering evidence to recommending remediation actions.

“We built AgentSkope to act as an autonomous force multiplier, providing a shared architectural foundation that allows organizations to easily deploy AI agents capable of executing end-to-end workflows,” Sanjay Beri, co-founder and CEO at Netskope, said in a statement. “By abstracting away operational complexity and removing internal development bottlenecks, we are empowering security and network leaders to drastically reduce manual troubleshooting, free up their skilled staff for strategic initiatives, and adapt their defenses at the speed of business.”

The concept of agentic AI has gained momentum in the enterprise as a way to move beyond simple chatbots and toward autonomous systems that can plan and execute complex tasks. In the realm of cybersecurity, agentic AI offers the promise of handling the repetitive triage and incident response work that currently consumes analyst time. Industry analysts have noted that the increasing volume of AI-powered threats necessitates automation. “In the face of a rapidly expanding, AI-fueled threat landscape, CIOs and CISOs must invest in agentic security automation as a force multiplier to enhance skilled human resources,” Pete Finalle, research manager, security and trust at IDC, said in a statement. “The ability to intelligently triage threats, help manage the increasing scope and scale of modern threats, and keep up with new AI models/agents can no longer remain a manual process.”

Netskope One AgentSkope is deeply integrated into the vendor’s existing SASE platform. Designers configured the agents to operate within a single interface and access all relevant data sources without additional integrations. This eliminates the typical glue code and custom API work that often delays automation projects. Netskope’s director of product and solutions marketing, Rich Davis, explained in an interview that running agents directly on data sources reduces the need to move data, which in turn lowers cost and latency. “Agents can handle the repetitive triage and investigation work so human analysts can focus on higher-value decisions,” Davis said.

With this release, Netskope is launching six agents, each targeting a specific operational domain:

  • DLP AISecOps Agent: Automates DLP alert triage, reducing false positives and surfacing priority cases.
  • Insider Threat AISecOps Agent: Correlates user behavior and DLP data to identify insider risks.
  • Private Access AIOps Agent: Audits access settings and generates policies based on usage patterns.
  • DEM Data Intelligence Agent: Converts telemetry data into actionable troubleshooting insights.
  • DEM Insights Agent: Highlights performance issues and trends across digital environments.
  • CCI Insights Agent: Enables natural language queries of cloud and SaaS risk data.

These agents cover the most pressing pain points in both security and network operations. The DLP and insider threat agents address the flood of false positives from data loss prevention systems. The Private Access agent simplifies zero-trust policy management by analyzing actual usage patterns. The digital experience management agents (DEM) help NOC teams pinpoint performance bottlenecks without manual log crawling. Finally, the Cloud Confidence Index agent gives security teams a conversational interface to assess cloud and SaaS risks.

Netskope is emphasizing that the agents are not fully autonomous in their final actions. While they gather data, triage risks, and can create IT service tickets or notify analysts, they will not take final enforcement actions without human approval. “Once the investigation is complete, the agent will wait for a member of the security team to review its findings and direct it to take action,” Davis said. “This provides the balance between time savings and human control.” This approach aligns with industry best practices for maintaining oversight over AI-driven security decisions.

The general availability of AgentSkope and five of its six agents marks a significant step forward in operational automation. The Insider Threat agent is currently in private preview, and Netskope plans to expand its agent portfolio on a monthly basis. The company’s roadmap includes additional agents for threat hunting, compliance reporting, and network change management. As the technology matures, organizations can expect to offload more routine tasks to AI, freeing up their most skilled employees for complex threat analysis and strategic projects.

The launch also reflects broader trends in the cybersecurity and networking markets. Competitors like Palo Alto Networks and CrowdStrike have introduced their own AI agents for SOC automation. However, Netskope’s approach integrates agents directly into a SASE platform, which combines networking and security functions. This could give customers a unified view across both domains, reducing the need to operate separate tool silos. Additionally, the ability to run AI analysis inline without exporting data addresses growing privacy and compliance concerns, especially in regulated industries.

From a technical perspective, AgentSkope leverages large language models fine-tuned on cybersecurity and networking datasets. The agents are designed to understand context from the Netskope One data layer, which includes logs, flows, user behavior, and threat intelligence. When an alert fires, the relevant agent can examine the surrounding events, identify patterns, and recommend a course of action within seconds. In tests, Netskope claims that the agents have reduced mean time to investigate (MTTI) by over 60% for common alert types.

The shift toward agentic AI in operations is not without challenges. Governance, accuracy, and explainability remain critical concerns. Netskope addresses these by holding agents in a human-in-the-loop state for decisions, logging all agent actions for auditability, and providing natural language explanations for each recommendation. This transparency allows analysts to trust the automation while retaining the ability to override it.

For organizations already using Netskope One, AgentSkope is available as an integrated feature. Pricing is included in existing subscriptions, though premium agent capabilities may require higher-tier licenses. The company has also released developer documentation and APIs that allow customers to extend agent capabilities or integrate with third-party tools. This extensibility positions the platform as a foundation for building custom automation workflows tailored to specific environments.

Looking ahead, the convergence of AI and operations is expected to accelerate. Gartner predicts that by 2028, 60% of security operations will be handled by agentic AI systems, up from less than 10% in 2024. Netskope’s early entry into this space with a fully integrated solution could give it a competitive advantage, especially among enterprises seeking to reduce tool sprawl and operational overhead. The company’s roadmap hints at agents that can autonomously respond to low-risk incidents and automatically generate compliance reports, further reducing human workload.

In summary, Netskope One AgentSkope introduces a set of AI agents designed to tackle the most manual and repetitive tasks in SOC and NOC environments. By embedding intelligence directly into the data layer and maintaining human oversight, Netskope balances efficiency with control. The six initial agents address DLP triage, insider threat detection, private access policy management, digital experience monitoring, and cloud risk querying. As the vendor expands its agent portfolio, organizations can expect to see improvements in alert handling, investigation speed, and operational agility. The era of agentic automation in network and security operations is just beginning, and Netskope is positioning itself at the forefront of this transformation.


Source: Network World News


Share:

Related posts
Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.