Sumo Logic Debuts Dojo AI Agents That Recommend Security Actions, Not Just Alerts at RSAC 2026

At the RSA Conference 2026, Sumo Logic is advancing a new model for security operations, one that moves beyond detection and into guided decision-making powered by AI agents.

The company revealed expanded capabilities for its Dojo AI platform, introducing agent-driven workflows designed to help security teams move faster from threat detection to remediation. The announcement reflects a growing shift across the industry as organizations confront an explosion of telemetry data alongside increasingly complex cloud and identity environments.

Security teams are facing a familiar problem with a new level of intensity. The rapid expansion of cloud infrastructure, combined with identity sprawl and distributed architectures, has created a flood of signals without clear prioritization. Many security operations centers rely on SIEM platforms that can surface anomalies, but still require analysts to manually determine the next step.

Sumo Logic is aiming to eliminate that bottleneck by embedding decision intelligence directly into the investigation process. Its platform combines log data with Cloud SIEM correlation and applies AI to generate contextual recommendations that guide analysts toward specific actions.

"The industry is redefining what a SOC does," said Chas Clawson. "It's no longer enough to surface context and say, 'here's a suspicious login, go figure it out.' Our Dojo AI SOC Analyst Agent can now recommend, for example, 'This user has suspicious logins to three apps from these two locations. Click to temporarily suspend access as I help you investigate.' We're closing the loop on TDIR with agentic workflows that guide analysts to faster and more confident decisions."

From Detection to Action in Modern Security Operations

The company’s approach reflects a broader industry realization that detection alone is no longer sufficient. As attackers automate reconnaissance and exploitation, the speed of response has become just as critical as visibility.

Sumo Logic’s Dojo AI introduces several specialized agents designed to reduce manual effort across the security lifecycle. The SOC Analyst Agent, currently in preview, focuses on accelerating investigations and recommending remediation steps. The Query Agent translates natural language into precise search queries, removing the need for complex syntax. The Knowledge Agent provides in-context guidance based on product documentation, while the Sumo Logic MCP Server extends AI assistance across tools to reduce workflow fragmentation.

Together, these capabilities are designed to transform the SIEM from a passive monitoring system into an active decision support engine. Instead of presenting raw alerts, the system provides suggested actions grounded in correlated data and explainable logic.

Reducing Noise and Analyst Burnout

One of the key challenges in modern security operations is alert fatigue. Analysts are often inundated with signals, many of which lack sufficient context to determine urgency. This leads to slower response times and increased risk of missed threats.

Dojo AI aims to address this by filtering noise and prioritizing actionable insights. By combining high-fidelity log data with AI-driven analysis, the platform seeks to improve detection precision while guiding analysts through response workflows.

"Sumo Logic’s Dojo AI is transforming our Security Operations team by enabling natural language log analysis and delivering contextual insights that accelerate investigations," said Scott Steenhoek. "The platform reduces noise, improves detection precision, and allows our analysts to focus on response rather than manual query building."

The Rise of Agentic AI in Cybersecurity

The introduction of agent-based AI systems marks a significant evolution in how security platforms operate. Rather than acting as static tools, these systems function as collaborators that assist with investigation, reasoning, and decision-making.

This shift is particularly relevant as organizations seek to consolidate sprawling security stacks. By embedding intelligence into the workflow itself, vendors like Sumo Logic are positioning AI as a way to bridge gaps between tools and streamline operations.

At RSAC 2026, the company is showcasing how these agents can operate across the full threat lifecycle, from detection to investigation to response. The goal is to reduce the time between identifying a threat and taking action, a metric that remains one of the most critical in cybersecurity.

As enterprises continue to grapple with increasing complexity and faster-moving threats, the ability to translate data into decisions may become the defining feature of next-generation security platforms. Sumo Logic is betting that AI agents will play a central role in that transformation.