Sumo Logic rolls out new Dojo AI agents to streamline SOC investigations
Key Highlights
- The SOC Analyst Agent automates alert triage by evaluating severity, correlating activities, and summarizing incident scope, reducing analyst workload.
- The Knowledge Agent provides natural-language answers from documentation, improving onboarding and operational efficiency within Sumo Logic’s platform.
- The MCP Server enables integration with external AI models and third-party copilots, maintaining security and governance while expanding AI capabilities.
- These new AI tools are designed to help SOC teams handle increasing alert volumes and fragmented data sources more effectively.
Sumo Logic has announced a significant expansion of its Dojo AI platform, adding a trio of new agentic AI capabilities designed to help security operations centers (SOCs) manage growing alert volumes and accelerate investigations.
The update introduces a SOC Analyst Agent (currently in beta), a Knowledge Agent (now available), and a prototype Model Context Protocol (MCP) Server. Together, the new additions are designed to reduce analyst workload, provide faster access to institutional knowledge and connect Sumo Logic’s platform with external AI systems, including customer-hosted models and third-party copilots.
The company is showcasing the new capabilities this week at AWS re:Invent 2025 in Las Vegas, where it has been named one of AWS’s Top 100 AI ISV partners and is exhibiting at Booth 1329.
“Modern SOC teams are overwhelmed by alert volume, fragmented data sources and pressure to respond faster than ever,” said Keith Kuchler, chief development officer at Sumo Logic. “By expanding Dojo AI with more specialized agents, we’re helping analysts move from reacting to alerts to focusing on real threats with better context and guidance.”
AI-driven assistance for security teams
Sumo Logic originally introduced Dojo AI earlier this year as an agentic AI framework for security operations, combining large language models with the company’s log and telemetry data platform. The system is designed to ingest signals from across an organization’s environment and deliver context-aware recommendations to analysts investigating potential threats.
The new SOC Analyst Agent extends that approach by applying agentic reasoning to automated triage tasks. According to the company, the agent can evaluate alert severity, correlate related activity and summarize the scope and potential impact of an incident, helping reduce noise and improve consistency across analysts and shifts.
The Knowledge Agent, accessible through Sumo Logic’s conversational interface, Mobot, is focused on operational efficiency and training. It allows users to ask natural-language “how-to” questions and receive citations from documentation and platform knowledge, improving analyst onboarding and reducing reliance on manual searches.
The MCP Server, currently a prototype, enables deeper integration with external AI environments. Using the Model Context Protocol, organizations can connect Dojo AI with their own proprietary models, AI copilots or third-party systems while maintaining centralized governance and security controls within the Sumo Logic platform.
Industry perspective on AI SOC agents
The use of AI-driven agents inside security operations is an emerging trend that many organizations are only beginning to explore.
“Cybersecurity leaders must closely monitor the evolution of AI SOC agents, a group of technologies designed to augment common security operations tasks,” said Eric Ahlm, security research director at Gartner. “AI SOC agents present an opportunity to transform security operations by using AI to assist human operators in performing common tasks.”
Customer feedback
Early adopters say the expanded AI capabilities are helping streamline workflows and reduce time spent on repetitive tasks.
“Sumo Logic enables us to handle massive volumes of data while still getting meaningful insights,” said Brandon Hewgill, head of information security at Patrianna. “With powerful query functions and intuitive AI integration through Mobot, we’ve been able to significantly reduce noise and focus on the threats that truly matter.”
Availability and next steps
The Knowledge Agent is generally available within the Sumo Logic platform today. The SOC Analyst Agent and MCP Server are available in limited beta and prototype programs, with broad availability targeted for 2026.
In addition to exhibiting at AWS re:Invent, Sumo Logic executives are participating in several sessions focused on enterprise AI adoption and the future of agent-based security operations.
The company said further enhancements to the Dojo AI platform will continue throughout 2026, with an emphasis on deeper automation, expanded model support and tighter integration with enterprise security workflows.
About Sumo Logic
Sumo Logic provides a data analytics platform that helps organizations manage and secure modern cloud and hybrid environments. The company combines log analytics, security intelligence and AI-driven automation to help teams detect, investigate and respond to threats while ensuring system reliability and performance.
More information is available at www.sumologic.com.