Built-in AI, not bolt-on
Sumo Logic embeds AI and machine learning across security, observability, and reliability workflows. Our AI doesn’t sit on the side — it drives how data is collected, reasoned over, and transformed into outcomes.
Actionable security narratives
Sumo Logic’s AI agents help security teams detect, investigate, and respond faster.
They connect fragmented signals, generate story-driven insights, and propose next steps — so analysts can focus on what matters.
Bullets / mini-cards:
- Summary Agent – Condenses fragmented alerts into actionable narratives.
- Query Agent – Translates natural language into precise queries.
- SOC Analyst Agent (coming soon) – Provides AI-assisted triage and reasoning to classify, summarize, and prioritize insights.
- Knowledge Agent – Answers product questions instantly, using all available documentation.
Fewer incidents, faster resolution.
For DevOps and SRE teams, AI transforms logs into guided responses. It detects anomalies, correlates issues, and summarizes complex investigations — reducing toil and mean time to recovery.
The foundation behind every intelligent workflow
Every AI capability at Sumo Logic is powered by Dojo AI, our multi-agent reasoning system designed for trust, accuracy, and adaptability. It connects specialized agents to interpret data, test hypotheses, and provide transparent guidance — whether you’re securing cloud workloads or improving app performance.
From insights to action with Agentic AI
Dojo AI transforms the way SOC analysts and SREs work. Instead of drowning in alerts or wrestling with query syntax, agents summarize, investigate, and recommend next steps. The result, faster detection, sharper defenses, and stronger resilience.
Summary Agent: Actionable narratives
Turn fragmented alerts into clear, prioritized stories that accelerate investigations and reduce fatigue.
Query Agent: Investigation without barriers
Describe your investigative intent in plain English and get precise, executable queries, no syntax expertise required.
For SOC analysts: Faster triage, smarter defense
Investigate threats with speed and confidence. From anomaly detection to correlation across systems, agents help surface what matters most.
For SREs: Reliability with less toil
Diagnose issues quickly and proactively. Agents anticipate capacity risks, generate queries, and guide you to resolution before users feel an impact.
Proactive resilience: Beyond observability
Logs are the foundation, but Dojo AI takes the next step, reasoning over patterns, proposing actions, and guiding your team from signal to response.
Human + AI collaboration: Trust at the core
Dojo AI amplifies human expertise, it doesn’t replace it. With explainable insights and guardrails, teams stay in control while AI accelerates the work.
Additional resources
Understanding agentic AI for log analytics
AI platform thrives with huge data intake
Stop writing dumb AI security policies
The rise of shadow AIT
Stop writing dumb AI security policies: use threat models, not fear
AI in the SOC
FAQ
Still have questions?
Sumo Logic Dojo AI is a multi-agent AI platform built to power intelligent security operations and incident response. It is designed to act autonomously while continuously adapting to evolving threats.
The Query Agent helps users rapidly translate natural language requests submitted via Mobot into precise Sumo Logic queries, simplifying the exploration, analysis, and extraction of insights from complex datasets. By understanding context and user intent, it lowers the learning curve for new users while boosting efficiency for experienced analysts.
The Summary Agent creates AI-generated summaries of signals within an Insight, reducing noise and highlighting key context. Analysts get a clear explanation of how an Insight was triggered, making it easier to assess scope, prioritize response, and share a consistent narrative without reviewing raw logs or events.
Mobot is the unified conversational interface of Sumo Logic Dojo AI that connects users to specialized agents, turning natural language requests into actionable insights quickly and intuitively.
Yes. Mobot can leverage the Query Agent to search across and extract key information from unstructured logs, helping ensure critical insights aren’t missed during investigations.
Yes. Mobot retains conversation and search history so users can resume investigations with full context and continuity.
No. Customer data is never used to train AI models.
All Sumo Logic AI capabilities are designed to serve customer-specific outcomes within their own environment. Mobot uses a Large Language Model (LLM) via Amazon Bedrock, which processes data securely and does not retain or use customer information for training or other external purposes.
Traditional machine learning (ML) features, such as AI-driven alerts, generate models specific to each customer’s environment and are never shared or made public.
For more information, see the security and compliance page of our help docs.
Yes. Dojo AI assists analysts with routine tasks and recommendations, but humans review, validate, and guide actions to ensure accuracy, compliance, and trust.
No.
All new AI capabilities undergo legal, compliance, and application security reviews prior to release. Reviews occur with every major update that introduces new analytics or processes previously unused data.
Yes. Dojo AI leverages foundation models securely hosted through Amazon Bedrock.
Agent interaction with customer data varies by capability.
Mobot (including Query Agent and Knowledge Agent) and Summary Agent do NOT process or analyze customer data.
The SOC Analyst Agent (in preview as of February 2026 with certain chosen customers) processes customer data in order to help review insight data, correlate activity, and assist in triage and investigation as directed by the user.
Any AI capability that processes customer data:
- Is available only through explicit customer opt in (never automatically provisioned)
- Requires execution of the applicable AI addendum to the client agreement
Customers retain control over whether these data-processing capabilities are enabled in their environment.
Sumo Logic AI capabilities follow strict legal, compliance, and security standards to ensure data minimization and fit-for-purpose processing.
- Customer data is never used to train AI models, shared externally, or used to improve global models.
- Data remains within the customer’s environment and is processed only to deliver results back to that customer.
- Sumo Logic applies strong safeguards and filtering to ensure sensitive data is handled securely and appropriately at all times.
Capabilities that process customer data–including the SOC Analyst Agent (beta as of February 2026)–are available only through explicit customer opt-in and require execution of the applicable AI addendum. These capabilities are never automatically provisioned.
No. Customer data is never used to train AI models.
All Sumo Logic AI capabilities are designed to serve customer-specific outcomes within their own environment. Mobot uses a Large Language Model (LLM) via Amazon Bedrock, which processes data securely and does not retain or use customer information for training or other external purposes.
Traditional machine learning (ML) features, such as AI-driven alerts, generate models specific to each customer’s environment and are never shared or made public.
For more information, see the security and compliance page of our help docs.
Dojo AI leverages foundation models securely hosted through Amazon Bedrock.
When customer data is processed using Amazon Bedrock:
- Customer inputs and outputs are treated as Customer Content under AWS terms.
- AWS does not use Customer Content to train models or improve Amazon Bedrock.
- AWS may access Customer Content only as necessary to provide the service or comply with law.
- Third-party model providers (such as Anthropic) do not have access to customer inputs or outputs.
- Customer inputs and outputs are not shared with model providers and are not used to train external models.
In summary, customer data processed through Dojo AI remains within Sumo Logic’s secure environment and is used only to deliver results for that customer. It is not used to train foundation models or shared with model providers.
Dojo AI and classical ML features store data only temporarily to optimize performance:
- AI-driven alerts use a rolling 60-day data window, retraining weekly and expiring the oldest data automatically.
- Mobot may temporarily retain query history in a rolling window to improve conversational context and response accuracy.
All stored data follows Sumo Logic’s data retention and deletion policies, ensuring customer information is never retained longer than necessary.
Sumo Logic is currently reviewing AI Compliance within a rapidly evolving framework, in particular ISO 42001 as designed to help organizations implement AI responsibly.
Sumo Logic AI capabilities operate within our existing industry-recognized security and compliance framework, including FedRAMP Moderate, SOC 2 Type 2, HIPAA, PCI DSS 4.0.1, and ISO 27001:2022. These attestations govern the confidentiality, integrity, and protection of customer data.
Availability of specific AI capabilities may vary by deployment region (including FED) based on compliance boundary requirements.
The current GA versions of Mobot (including Query Agent and Knowledge Agent) and Summary Agent are available in the FED deployment.
The SOC Analyst Agent and certain newer Dojo AI capabilities are not currently available in FED. These capabilities depend on underlying model configurations that do not yet meet the requirements of our FED compliance boundary.
We are actively evaluating future availability of these capabilities in FED as underlying model support and compliance requirements evolve.
Our Generative AI model is licensed and securely hosted via Amazon Bedrock, meaning it is not directly accessible by Sumo Logic, or Customers, or third parties.
All new AI capabilities and features undergo comprehensive legal, compliance, and application security reviews before release. These reviews ensure data protection, privacy, and regulatory alignment.
Additionally, recurring reviews are conducted with every major update—particularly when a capability introduces new analytics or processes previously unused data types—to maintain ongoing trust and compliance across our AI ecosystem.
Yes. Customers can opt out of specific AI features at any time by submitting a support ticket.
For a complete overview of everything included in Sumo Logic’s AI portfolio, click here.
Try it for yourself
Check out Sumo Logic for free today
