As AI becomes the weapon of choice for cybercriminals, defenders must rethink their own approach to artificial intelligence. Automation alone is no longer enough. The future lies in agentic AI—intelligent systems capable of planning, learning, adapting, and acting on behalf of human operators.
This article explores the next evolution of Managed Detection and Response (MDR), where agentic AI augments human analysts, enhances SOC performance, and paves the way for autonomous decision-making.
Drawing on insights from eSentire CTO Dustin Hillard, we examine how this emerging capability is reshaping MDR today—and what must change culturally and operationally to make the most of it.
The limitations of reactive automation
Today’s security platforms often lean on automation to reduce human workload—streamlining repetitive tasks like alert triage, correlation, and initial response. While useful, this model is inherently reactive, relying on predefined rules and linear workflows.
But attackers are evolving faster. With AI-powered adversaries launching dynamic, multi-vector campaigns, defenders need tools that can think ahead, not just react faster.
Enter agentic AI: What it is and why it matters
Agentic AI moves beyond scripts and playbooks. It embodies a system’s ability to:
- Set goals and plan actions
- Adapt to context in real time
- Gather and evaluate evidence
- Make decisions and take actions autonomously
- Work alongside humans as intelligent teammates
As Hillard explains, “It’s not about doing less or cutting costs—it’s about doing much more in the same short timeframes, and increasing the human-level value we can deliver at speed.”
Inside the SOC: How Agentic AI Enhances MDR
1. Accelerated Investigation
Instead of waiting on an analyst to collect evidence across multiple systems, the agent gathers and synthesizes data from dozens of sources in seconds. On average, Qylis S365’s agent performs 30 investigative steps in under 10 minutes—the equivalent of 3–5 hours of human analysis.
2. Augmented Threat Detection
The system can generate and evaluate multiple hypotheses in parallel, improving signal fidelity and reducing time-to-decision. Analysts aren’t just handed raw alerts—they receive fully contextualized scenarios backed by evidence.
3. Contextualized Response
Rather than rigid playbooks, the agent adapts its response based on observed behaviors, threat intelligence, and organizational context. This enables faster, more precise actions to contain threats before they escalate.
Beyond the SOC: The rise of advisory agents
Hillard envisions a future where agentic AI extends beyond incident response into broader cyber risk advisory roles. Imagine a virtual teammate that synthesizes vulnerabilities, threat trends, and business risk factors to proactively recommend strategic security improvements.
These systems could help organizations:
- Prioritize patching based on active exploitability
- Align investments with emerging threat vectors
- Benchmark against industry peers in real time
This isn’t theoretical. These use cases are already in early development across platforms like Qylis S365, which aim to evolve from detection partners to proactive risk advisors.
What it takes: Shifts in culture, ops, and architecture
Cultural shift: From control to collaboration
Trust in automation must give way to partnership with intelligent systems. SOC teams need to view agentic AI not as a threat to their jobs, but as a force multiplier that frees them to focus on high-value decision-making.
Operational shift: From playbooks to problem solving
Security operations must move beyond static workflows to embrace dynamic, hypothesis-driven investigation. Analysts become reviewers, validators, and strategists, working alongside AI to accelerate resolution.
Architectural shift: From silos to integrated intelligence
Legacy systems weren’t designed for agentic integration. Organizations need data-rich platforms that support real-time ingestion, cross-domain analysis, and rapid action—without manual handoffs or delays.
Looking ahead: AI teammates, not just tools
Agentic AI is not a futuristic fantasy—it’s already reshaping how MDR providers like Qylis S365 deliver security outcomes. But unlocking its full promise requires more than better algorithms. It demands a reimagining of how humans and machines collaborate in the fight against cyber threats.
In the coming years, expect to see a shift from co-pilots to autonomous teammates—AI systems that don’t just assist, but advise, adapt, and act with unprecedented speed and intelligence. For defenders, this represents a generational leap in capability—and a crucial advantage in the escalating arms race of cyber warfare.
To learn more about how eSentire’s Atlas AI can help your organization scale your security operations and get strong security outcomes, contact an Qylis S365 Security Specialist now.
