Built-in AI, not bolt-on
Sumo Logic embeds AI and machine learning across security, observability, and reliability workflows. Our AI doesn’t sit on the side — it drives how data is collected, reasoned over, and transformed into outcomes.
Actionable security narratives
Sumo Logic’s AI agents help security teams detect, investigate, and respond faster.
They connect fragmented signals, generate story-driven insights, and propose next steps — so analysts can focus on what matters.
Bullets / mini-cards:
- Summary Agent – Condenses fragmented alerts into actionable narratives.
- Query Agent – Translates natural language into precise queries.
- SOC Analyst Agent (coming soon) – Provides AI-assisted triage and reasoning to classify, summarize, and prioritize insights.
- Knowledge Agent – Answers product questions instantly, using all available documentation.
Fewer incidents, faster resolution.
For DevOps and SRE teams, AI transforms logs into guided responses. It detects anomalies, correlates issues, and summarizes complex investigations — reducing toil and mean time to recovery.
The foundation behind every intelligent workflow
Every AI capability at Sumo Logic is powered by Dojo AI, our multi-agent reasoning system designed for trust, accuracy, and adaptability. It connects specialized agents to interpret data, test hypotheses, and provide transparent guidance — whether you’re securing cloud workloads or improving app performance.
From insights to action with Agentic AI
Dojo AI transforms the way SOC analysts and SREs work. Instead of drowning in alerts or wrestling with query syntax, agents summarize, investigate, and recommend next steps. The result, faster detection, sharper defenses, and stronger resilience.
Summary Agent: Actionable narratives
Turn fragmented alerts into clear, prioritized stories that accelerate investigations and reduce fatigue.
Query Agent: Investigation without barriers
Describe your investigative intent in plain English and get precise, executable queries, no syntax expertise required.
For SOC analysts: Faster triage, smarter defense
Investigate threats with speed and confidence. From anomaly detection to correlation across systems, agents help surface what matters most.
For SREs: Reliability with less toil
Diagnose issues quickly and proactively. Agents anticipate capacity risks, generate queries, and guide you to resolution before users feel an impact.
Proactive resilience: Beyond observability
Logs are the foundation, but Dojo AI takes the next step, reasoning over patterns, proposing actions, and guiding your team from signal to response.
Human + AI collaboration: Trust at the core
Dojo AI amplifies human expertise, it doesn’t replace it. With explainable insights and guardrails, teams stay in control while AI accelerates the work.
Additional resources
Understanding agentic AI for log analytics
AI platform thrives with huge data intake
Stop writing dumb AI security policies
The rise of shadow AIT
Stop writing dumb AI security policies: use threat models, not fear
AI in the SOC
FAQ
Still have questions?
Sumo Logic Dojo AI is a multi-agent AI platform built to power intelligent security operations and incident response. It is designed to act autonomously while continuously adapting to evolving threats.
The Query Agent helps users rapidly translate natural language requests submitted via Mobot into precise Sumo Logic queries, simplifying the exploration, analysis, and extraction of insights from complex datasets. By understanding context and user intent, it lowers the learning curve for new users while boosting efficiency for experienced analysts.
The Summary Agent creates AI-generated summaries of signals within an Insight, reducing noise and highlighting key context. Analysts get a clear explanation of how an Insight was triggered, making it easier to assess scope, prioritize response, and share a consistent narrative without reviewing raw logs or events.
Mobot is the unified conversational interface of Sumo Logic Dojo AI that connects users to specialized agents, turning natural language requests into actionable insights quickly and intuitively.
Yes. Mobot can leverage the Query Agent to search across and extract key information from unstructured logs, helping ensure critical insights aren’t missed during investigations.
Yes. Mobot retains conversation and search history so users can resume investigations with full context and continuity.
Copilot uses AI to interpret natural language queries and recommend relevant search results and query refinements, making it easier for users to find key insights quickly.
All of Sumo Logic’s machine learning (ML) features undergo legal, compliance and security reviews to ensure they serve customer outcomes, data minimization, fit-for-purpose data and anonymization.
In Sumo Logic Mo Copilot, the schema of logs and sampling of field values are provided as context to an AI. Field values can contain PII or confidential data. For example, email or IP addresses are PII and often, confidential data as well. However, to be useful, Copilot has to enable insights about such data.
No. No customer data or PII is used for training or other purposes. All our capabilities serve customer outcomes. Our classic ML capabilities (e.g. AI-driven alerts and its anomaly detection features) create customer-specific models. Sumo Logic Mo Copilot uses a Large Language Model (LLM) served via Amazon Bedrock. As explained in our documentation and included links, no customer data is used for training or other purposes in the case of Sumo Logic Copilot.
Some of our classical ML models store customer data in our ML pipelines to optimize performance. For example, our AI-driven alerts feature log anomaly detection and build ML models from 60 days of logs. To accomplish this, we retrain the model once a week. In this example, each week, we add one week of new data while expiring the oldest week of data. Rolling data windows are done to avoid fetching 60 days of data for every training run.
Sumo Logic Copilot also stores customer data in the ML backend to optimize performance. For example, certain Copilot features rely on the history of a customer’s queries. We will expire such data on a rolling window basis.
Yes. To opt out of Sumo Logic Copilot, a support ticket is required.
Yes. For Generative AI, Mobot leverages a foundation model provided via Amazon Bedrock, as detailed in our documentation. Additionally, our classical machine learning capabilities utilize select open-source Python libraries that have been reviewed and approved by Sumo Logic for security and compliance.
Sumo Logic Copilot is an ensemble of Generative AI (GenAI) and classical ML techniques. Other ML capabilities, such as AI-driven alerts, typically use an ensemble of classical ML approaches.
Yes. Dojo AI assists analysts with routine tasks and recommendations, but humans review, validate, and guide actions to ensure accuracy, compliance, and trust.
The on-call developer or security engineer troubleshooting an incident is the expected user. They interact with Copilot using Natural Language questions or through contextual suggestions.
No. The foundation model provider used by Amazon Bedrock has no access to customer data.
No.
All new AI capabilities undergo legal, compliance, and application security reviews prior to release. Reviews occur with every major update that introduces new analytics or processes previously unused data.
No. The GenAI foundation model (Amazon Bedrock) used in Mobot is not accessible to Sumo Logic, so a traditional UAR isn’t applicable. For all components under our control, we follow industry best practices, including code reviews and change management. Ongoing monitoring and troubleshooting of AI/ML features rely on logs and telemetry analyzed through Sumo Logic’s Log Analytics Platform.
Try it for yourself
Check out Sumo Logic for free today
