Ontinue’s Agentic AI Redefines MXDR With Autonomous Threat Investigations

In a cybersecurity industry defined by alert fatigue and workforce shortages, Ontinue is placing a bold bet on the power of autonomous artificial intelligence. The Microsoft Security Services Innovator of the Year has unveiled a groundbreaking capability in its MXDR (Managed Extended Detection and Response) platform: autonomous investigations driven by Agentic AI — a move the company claims could halve investigation times and eliminate customer involvement in nearly all incidents.

While automation has long assisted Tier 1 analysts in triaging basic security alerts, Ontinue is extending AI’s reach into the realm of Tier 2 and Tier 3 analysis — traditionally the domain of seasoned security professionals. This evolution, live since December 2024 for all customers, enables Ontinue’s AI agents to independently collect telemetry, form hypotheses, test scenarios, and draft human-readable reports before human analysts even enter the loop.

This amplification is already delivering results. Ontinue reports a 50% reduction in mean time to investigate (MTTI) and a staggering 99.5% incident resolution rate without needing input from the customer. For companies wrestling with lean security teams and accelerating threat complexity, the implications are hard to ignore.

From Playbooks to Reasoning Engines

At the heart of this leap is Ontinue’s Agentic AI — embedded in the ION MXDR platform — which departs from rule-based automation that dominates most of today’s detection and response tools. Traditional systems operate on predictable playbooks. Ontinue’s agents instead mimic human reasoning, dynamically adapting their investigative approach to novel or complex incidents.

This enables the AI not just to act on known threats, but to parse ambiguous indicators, gather data across identities, endpoints, and cloud systems, and provide contextual narratives that analysts can quickly act on.

Speed and Context: A Rare Combination

Security teams often face a trade-off between speed and depth of insight. By the time human analysts manually correlate logs, sift through alerts, and construct a coherent timeline, an attacker may have already exfiltrated data or moved laterally across the network. Ontinue’s autonomous investigations claim to neutralize that window.

For Vong, the outcome is not just faster threat resolution but also the ability to redirect his team toward higher-value strategic work — a critical advantage in organizations undergoing rapid growth or M&A activity.

Beyond Automation: Integrated Collaboration and Smart Escalation

Ontinue isn’t stopping at AI. The company has layered its ION MXDR service with Microsoft Teams-based collaboration and customizable Smart Response automation, designed to align with each customer’s workflows. This ensures that while AI handles the investigative heavy lifting, human defenders remain in the loop — but only when needed.

Industry Eyes a New MDR Standard

The emergence of Ontinue’s autonomous investigation engine has caught the attention of industry watchers. According to IDC’s Cathy Huang, the approach marks a new frontier for managed detection and response by bringing scalable, context-rich decision-making to previously manual processes.

As attack surfaces expand and threat actors evolve faster than security teams can hire, Ontinue’s hybrid model of human-AI collaboration could signal a redefinition of what "managed" security should mean. The company’s goal is clear: a world where every incident is investigated — thoroughly, intelligently, and instantly — without overwhelming those tasked with defending digital infrastructure.