Sumo Logic Expands Dojo AI With SOC Analyst Agent That Recommends Actions, Not Just Alerts
Sumo Logic is pushing its Dojo AI platform further into decision territory at RSAC 2026, announcing expanded AI agent capabilities that go beyond surfacing context to actually recommending what analysts should do next.
AiStrike Launches Continuous Detection Engineering to Fix Alert Noise at the Source
Sumo Logic is pushing its Dojo AI platform further into decision territory at RSAC 2026, announcing expanded AI agent capabilities that go beyond surfacing context to actually recommending what analysts should do next.
The company’s new SOC Analyst Agent, now in preview, addresses a gap that has frustrated security teams for years: traditional SIEMs are good at flagging suspicious activity, but they stop short of telling analysts how to respond. That leaves teams manually assembling response plans under pressure, slowing mean time to remediation.
“The industry is redefining what a SOC does,” said Chas Clawson, VP of Security Strategy at Sumo Logic. “It’s no longer enough to surface context and say, ‘here’s a suspicious login, go figure it out.’ Our Dojo AI SOC Analyst Agent can now recommend, for example, ‘This user has suspicious logins to three apps from these two locations. Click to temporarily suspend access as I help you investigate.’ We’re closing the loop on TDIR with agentic workflows that guide analysts to faster and more confident decisions.”
The announcement covers four agents being demonstrated at RSAC 2026. The SOC Analyst Agent (preview) helps analysts reduce mean time to remediation through automated and human-led investigations, delivering context-aware response actions and recommendations. The Query Agent (GA) converts natural language intent into precise searches, eliminating the need for complex query writing. The Knowledge Agent (GA) answers questions about how the platform works using official documentation, directly inside the workflow. The Sumo Logic MCP Server (preview) extends AI assistance across tools so that product boundaries don’t become process boundaries.
All four agents run on Sumo Logic’s Logs for Security and Cloud SIEM foundation, keeping recommendations grounded in high-fidelity data with explainable reasoning.
Scott Steenhoek, Sr. IT Cybersecurity Engineer at Sammons Financial, described the practical impact: “Sumo Logic’s Dojo AI is transforming our Security Operations team by enabling natural language log analysis and delivering contextual insights that accelerate investigations. The platform reduces noise, improves detection precision, and allows our analysts to focus on response rather than manual query building.”
Sumo Logic also announced two wins at Cyber Defence Magazine’s 14th annual Global Infosec Awards: Next Gen SIEM and Pioneering AI SOC.
The Dojo AI agents and MCP Server are available for live demonstrations at RSAC 2026 this week.
About Author
