ExtraHop has rolled out new visibility and forensic capabilities designed to support the rise of the “agentic SOC,” where AI agents augment or automate key elements of threat detection and response.
The Seattle-based network detection and response (NDR) provider said the enhancements are intended to deliver the high-fidelity network intelligence required for autonomous security operations to function effectively, particularly as AI-assisted attacks increase in scale and sophistication.
As organizations deploy AI agents to help offset staffing shortages and operational complexity, many are discovering that automation alone is not enough. Without comprehensive, contextual data on anomalous and malicious activity, AI-driven workflows can stall or generate unreliable outcomes.
ExtraHop’s latest updates focus on strengthening the network’s role as a foundational telemetry source for autonomous operations. Through deep protocol analysis, the platform correlates activity across devices, users, applications, and identities, providing contextual insights that AI agents can use to triage, enrich, and respond to threats at machine speed.
“The perceived advancement of the agentic SOC is an illusion for most, as a lack of high-fidelity, contextual data silently undermines the system’s efficacy and prevents enterprises from realizing any actual benefit from their agents,” said Kanaiya Vasani, Chief Product Officer at ExtraHop. “The network remains the immutable source of truth for the modern enterprise, and ExtraHop unlocks that potential for the agentic SOC.”
Unified identity and network intelligence
A key component of the update is expanded integration with leading identity platforms, including Microsoft Entra ID, Active Directory and Okta.
By fusing identity attributes with network telemetry, ExtraHop aims to give SOC teams and AI agents clearer insight into not only what is happening on the network, but who is behind specific actions. The enriched data set is surfaced across dashboards, detections and response workflows, enabling more informed investigations and helping reduce mean time to response (MTTR).
The company argues that without strong identity context, autonomous agents risk being “paralyzed by ambiguity” or disrupting legitimate business processes.
Kubernetes visibility for cloud-native environments
Recognizing the growing role of cloud-native infrastructure in enterprise environments, ExtraHop also announced expanded visibility into Kubernetes environments.
The platform now natively captures and decrypts Kubernetes traffic while analyzing resource metadata to provide integrated telemetry for containerized workloads. This capability is designed to close blind spots in modern application stacks and support AI agents operating across hybrid and multi-cloud environments.
As organizations increasingly deploy AI-driven applications and workflows within Kubernetes clusters, visibility at the container and service level becomes critical to maintaining security and operational resilience.
Query and API access for AI agents
To further support autonomous workflows, ExtraHop introduced enhancements that allow AI agents to securely access network intelligence through the ExtraHop Query Language (EQL).
Using EQL, agents can query large volumes of telemetry data to extract precise contextual information in near-real-time. The company also supports secure access to enriched network metadata and detections via APIs and Model Context Protocol (MCP) servers, enabling automated detection, investigation and response.
Industry analysts say contextual data remains a gating factor for broader adoption of AI in the SOC.
“AI tools are only as good as the insights powering them, and while creating the agentic SOC is a leading initiative for a number of enterprises, a lackluster source of data is holding them back from success,” said Chris Kissel, Research Vice President, Security & Trust Products at IDC. “ExtraHop is solving this by doubling down on context and further closing the visibility gaps impacted by unobserved Kubernetes environments and user identities.”
ExtraHop positions the updates as part of a broader strategy to transform network traffic into actionable intelligence for security, performance and resilience use cases. The company says its modern NDR platform is designed to analyze behavior patterns and intercept evasive threats before they cause damage, supporting organizations pursuing cloud modernization and AI adoption initiatives.