Sysdig launches AI-driven security analyst, Sysdig Sage

Sysdig has unveiled its new AI-powered detection and response feature, Sysdig Sage.

This generative AI security analyst is designed to enhance the capabilities of cloud security by employing a unique autonomous agents approach. Sysdig Sage promises to go beyond simple AI summarisation by thoroughly analysing incidents, managing the user interface, and expediting human response times.

"Sysdig Sage has broken the mould of traditional AI security assistants," said Loris Degioanni, Founder and CTO of Sysdig. "When the CISO's biggest concern is risk and they are expected to do more with less, Sysdig Sage is their secret weapon to up-level teammates and proactively point them to the fix. Sysdig Sage is the team of SOC and Incident Response pros you wish you had in the heat of a fast-moving cloud attack."

Sysdig Sage leverages multiple specialised AI agents that work collaboratively with a common goal: simplifying and accelerating security for a faster, better-informed human response. These agents are equipped with specialised, domain-specific programming rather than predefined answers, allowing them to dynamically address a wide range of cloud security challenges.

One of the standout features of Sysdig Sage is its multi-step reasoning capability. This allows security teams to peel back the layers of sophisticated cloud threats through in-depth conversations. Using multi-step reasoning, Sysdig Sage responds to incident investigations with straightforward answers, helping security teams quickly understand the security implications and risks associated with a given threat.

Sysdig Sage is also contextually aware, which means it can contextualise the data a user is currently observing to answer questions more precisely. This capability allows the AI to move users across the platform to better visualise threats. "Sysdig Sage explains what users are looking at, a novel capability that allows users to ask Sysdig Sage vague questions such as 'Can you tell me more about this?' to better understand on-screen events," the company stated. It also enables Sysdig Sage to seamlessly navigate the UI and showcase other pages related to user queries.

Besides summarising and explaining threats, Sysdig Sage suggests proactive response actions, prevention strategies, and process improvements. This empowers security teams to take advantage of real-time insights and the discoveries of the Sysdig Threat Research team, facilitating a more rapid human response without leaving the platform.

“Sysdig Sage dramatically reduces the potential for human error and will save us hundreds of hours,” said a Vice President of Engineering at a major U.S. bank. “A conversation with Sysdig Sage is like consulting a mentor; the conversation naturally builds on itself and everything happens within the UI. When the conversation pertains to a different UI page, Sysdig Sage will actually navigate me there. It’s amazing how fast we can drill into runtime security issues and explore prevention strategies.”

Sysdig's cloud-native application protection platform (CNAPP) customers will have access to Sysdig Sage for free, with a high usage cap. For those requiring additional capacity, an option for flat-rate expanded access is available.

Sysdig continues to innovate in the realm of cloud security, aiming to offer real-time detection and defence against swift cloud-based attacks. The company utilises runtime insights and the open-source project Falco to identify changes in risk. According to Sysdig, the integration of Sysdig Sage with their existing platform will enable enterprises to focus on innovation while ensuring comprehensive security measures are in place.