Company reports 52% of MDR cases now resolved autonomously by AI as managed security business grows 39% year-over-year
Sophos has unveiled the results of a full year of operating its agentic Security Operations Center (SOC), reporting that its AI-powered security platform can respond to threats in as little as 89 seconds while autonomously resolving more than half of all managed detection and response (MDR) cases.
The cybersecurity company said its Sophos MDR business has grown 39% year-over-year and now protects 40,000 customers globally, making it one of the largest managed security operations environments in the industry.
According to Sophos, the findings demonstrate how artificial intelligence is transforming security operations by automating routine analysis and response tasks, enabling human analysts to focus on more complex investigations and strategic decision-making.
“The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production. When you run the world’s largest SOC, every threat encountered makes every customer’s defense stronger.”
— Raja Patel, President, Sophos
The company reported that 52% of MDR cases are now closed end-to-end by AI without requiring human intervention. Sophos noted that the autonomous actions occur within carefully defined operational boundaries that are continuously monitored and refined by security experts.
At the core of the model is Sophos Central, described by the company as an AI-native cybersecurity defense system that integrates endpoint, firewall, identity, SIEM, network, email, cloud, threat intelligence, and MDR capabilities into a single operational environment. The platform supports more than 350 third-party integrations and provides unified visibility across security domains.
“The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production,” said Raja Patel, President of Sophos. “Every threat encountered makes every customer’s defense stronger, allowing intelligence to compound across the entire customer base.”
Sophos said its operational model combines both human-on-the-loop and human-in-the-loop approaches. While AI handles high-volume, repetitive tasks and well-defined responses, security analysts remain responsible for high-risk decisions, novel attack patterns, and incidents requiring business context and human judgment.
Rob Harrison, Senior Vice President of Product Management at Sophos, emphasized that AI and human expertise complement each other. “When AI takes the volume off the human queue, analysts gain the bandwidth to focus on the work that requires judgment, context, and experience,” he said.
Building on these results, Sophos plans to extend its agentic AI model across its broader cybersecurity portfolio throughout 2026, including enhanced XDR, next-generation SIEM capabilities, Secure AI initiatives, and the upcoming Sophos CISO Advantage program aimed at strengthening strategic security leadership for organizations worldwide.
