Sophos announced production results from a full year of agentic operation within Sophos Managed Detection and Response (MDR), now defending 40,000 customers worldwide, with 39% year-over-year growth. The results define what an agentic Security Operations Center (SOC) looks like at scale.
The volume of telemetry, complexity of the modern stack, and structural imbalance between cybersecurity demand and available expertise have outpaced what traditional SOC structures can manage, while adversaries adopt AI without procurement cycles or governance friction. Sophos has re-architected the SOC so AI absorbs the volume and senior analysts focus where judgment matters, scaling expert response to organizations that cannot run full security operations in-house. Through Sophos Central—the industry’s first AI-Native Cybersecurity Defense System—endpoint, firewall, identity, SIEM, network, email, cloud, threat intelligence, and MDR share a unified context lake, integrated AI, and a single workflow. Open by design, it supports 350+ third-party integrations and delivers one of the most complete solutions for Microsoft environments.
For Sophos MDR customers, the outcome is clear: threats neutralized before they disrupt the business, and a defense system that keeps pace with adversaries moving at AI speed.
The production data from the past twelve months sets a new benchmark for managed security operations:
- 89 seconds from case creation to fully automated response. This metric measures how fast the Sophos Central Defense System acts on cases AI is authorized to resolve, translating directly into faster response and stronger resilience against attacks that move at machine speed.
- 52% of MDR cases closed end-to-end by AI, without human intervention required, inside boundaries continuously calibrated by analysts. This metric measures the volume of work AI is doing autonomously, not just alert triage or threat containment.
- 40,000 customers on the agentic model: Every Sophos MDR customer benefits from the same agentic operating model, regardless of size or segment, with intelligence compounding across every threat encountered.
Behind every Sophos MDR case is a Defense System that ingests tens of millions of detections daily, suppresses noise, correlates signals, and surfaces only what warrants action. The result is a sharply narrowed window where AI and human judgment are deployed against threats and the right response is delivered by the right responder.
“The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production,” said Raja Patel, president, Sophos. “When you run the world’s largest SOC, every threat encountered makes every customer’s defense stronger. No other vendor operates with our breadth, from small businesses to global enterprises with tens of thousands of employees, and no other vendor compounds intelligence across that scale. A customer using the Sophos Central Defense System benefits from the learnings of every other customer in it.”
The new operating model for managed security
Sophos operates both a human-on-the-loop (HOTL) and human-in-the-loop (HITL) model within the agentic SOC: human-on-the-loop for the high-volume, well-bounded work where speed matters, and human-in-the-loop for high-stakes decisions where context, business impact, or novel adversary behavior require an analyst’s judgment before action.
AI now handles the volume that previously consumed Tier 1 and much of Tier 2 analyst time. Human analysts have shifted to higher-value work: threat hunting, investigation, customer advisory, and governance of the autonomous systems themselves.
“The 52% gets the attention, but the 48% is just as important,” said Rob Harrison, SVP product management, Sophos. “When AI takes the volume off the human queue, our analysts get the bandwidth to do the work that requires their judgment: the novel attack patterns, the high-stakes decisions, the cases where context and business implications matter. AI speed and human judgment are the two halves of the same operating system, and intelligence compounds across both with every threat we stop.”