New agents accelerate investigations through external AI integrations and analyst-centric automation
Las Vegas, NV – December 1, 2025 — Sumo Logic, the leading Intelligent Operations Platform, today announced new advancements to Sumo Logic Dojo AI, its agentic AI platform for security operations. This expansion of Dojo AI introduces new agents, including SOC Analyst Agent, Knowledge Agent, and a Model Context Protocol (MCP) server. These new agents help security teams reduce alert fatigue, accelerate investigations, and streamline security workflows, allowing customers to focus on real threats and respond more effectively. These innovations will be on display at AWS re:Invent 2025, at Sumo Logic’s booth #1329.
Modern security operations centers (SOCs) face a perfect storm of complexity: growing alert volumes, fragmented tools, and pressure to respond faster than ever. Dojo AI brings intelligence and control to this frantic environment, combining agentic AI, log intelligence, and secure model integration to transform how investigations are conducted.
“Cybersecurity leaders must closely monitor the evolution of AI SOC agents, a group of technologies designed to augment common security operations tasks,” said Eric Ahlm, Security Research Director, Gartner, Inc.* “AI SOC agents present an opportunity to transform security operations by using AI to assist human operators in performing common tasks.”
“Security operations demand speed, rapid iteration, and contextual intelligence,” said Keith Kuchler, Chief Development Officer at Sumo Logic. “Sumo Logic’s Dojo AI continues to expand its expertise by adding additional agents and honing the skills of those agents to solve real analyst challenges. From your initial triage leveraging enriched data and context to provide actionable guidance, Dojo AI represents the next generation of AI-driven security operations.”
Launched earlier this year, Dojo AI is Sumo Logic’s agentic AI system for Intelligent Security Operations. Within the Dojo, agents can ingest signals and develop context-aware responses. This continuous feedback ensures agents improve over time, become more resilient, and deliver higher-fidelity insights when deployed in production. Dojo AI is an enterprise-grade, agentic AI platform purpose-built for the modern SOC and gives security teams the ability to analyze the highest value security issues facing their organization at any given moment.
Sumo Logic Dojo AI New Capabilities
- SOC Analyst Agent (Beta) — The SOC Analyst Agent applies agentic AI reasoning to streamline triage and investigation. It delivers verdicts on alert severity, collects related activity, and presents a clear context for analysts to quickly understand impact and scope. By filtering out noise and repetitive reviews, analysts can focus on real threats and potentially achieve faster, more consistent outcomes across teams.
- Knowledge Agent — The Knowledge Agent provides immediate, AI-powered answers to “how-to” questions in natural language, reducing friction and accelerating onboarding. By asking Mobot — Dojo AI’s conversational interface — users receive straightforward, citable responses drawn from documentation and product knowledge, empowering efficient self-service and faster platform adoption.
- Sumo Logic Model Context Protocol (MCP) Server (Prototype) — The Sumo Logic MCP Server extends Dojo AI into a connected, agentic ecosystem. It integrates customer-owned copilots, proprietary models, and third-party AI systems into the Dojo, allowing organizations to bring their own AI while maintaining Sumo Logic’s scale, consistency, and security. With unified access across integrated development environments (IDEs) and collaboration tools, customers can blend their unique AI innovation with Dojo AI’s operational intelligence to helpfuture-proof their SecOps strategy.
“Sumo Logic enables businesses to reliably handle large data volumes, providing the insights they need in an efficient, cost-effective, and highly available platform accessible anywhere in the world, 24/7/365,” said Brandon Hewgill, Head of Information Security at Patrianna. “With powerful query functions coupled with intuitive AI integration and Mobot (the Dojo AI at your side), nothing is impossible — plus the ability to automate the reduction of noise within the platform to allow for more streamlined insights where and when you need it.”
Availability
The SOC Analyst Agent and MCP server are currently available in beta and prototype to select customers, with general availability planned for 2026. The Knowledge Agent is available today within the Sumo Logic platform.
Amazon Web Services (AWS) identified Sumo Logic as a Top 100 AI ISV, and we’re proud to present at AWS re:Invent 2025. For demonstrations and customer briefings, please visit Sumo Logic at Booth #1329. You can also see Sumo Logic at events at re:Invent:
- Scaling agent tools with AgentCore Gateway for enterprises, Mandalay Bay, Monday, Dec 1st, 11:30AM – 12:30PM PST
- ISV Executive Forum on Agentic AI moderated by Carol Potts, The Venetian Theater, Monday, Dec 1st, 1:00PM – 6:30PM PST
*Gartner Innovation Insight: AI SOC Agents, Eric Ahlm, Jeremy D’Hoinne, October 16, 2025.
Disclaimer:
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Resources
