Sophos has released twelve months of production data from its agentic Security Operations Centre (SOC), revealing that the system now resolves threats in an average of 89 seconds from case creation to fully automated response — and that AI closes 52 per cent of Managed Detection and Response (MDR) cases end-to-end without human intervention.

The results come as Sophos MDR defends 40,000 customers worldwide, having grown 39 per cent year-over-year. The company describes the data as the first production benchmark for what an agentic SOC looks like at scale, operating through Sophos Central, which it calls the industry’s first AI-Native Cybersecurity Defense System.

How the Agentic SOC Works

Sophos has restructured its SOC around two operating models: human-on-the-loop for high-volume, well-bounded work where speed is the primary requirement, and human-in-the-loop for high-stakes decisions where context, business impact, or novel adversary behaviour requires analyst judgment before action. AI absorbs the volume that previously consumed Tier 1 and much of Tier 2 analyst capacity, freeing senior analysts for threat hunting, investigation, and governance of the autonomous systems themselves.

“The agentic SOC is the new operating model for managed security, and Sophos is defining what it looks like in production. When you run the world’s largest SOC, every threat encountered makes every customer’s defence stronger. No other vendor operates with our breadth, from small businesses to global enterprises with tens of thousands of employees, and no other vendor compounds intelligence across that scale.” — Raja Patel, President, Sophos

Intelligence That Compounds Across Customers

A key architectural feature of Sophos Central is its unified context lake, through which endpoint, firewall, identity, SIEM, network, email, cloud, and threat intelligence signals share a single data fabric and AI layer. The system ingests tens of millions of detections daily, suppresses noise, correlates signals, and surfaces only what warrants action. With 350-plus third-party integrations, every threat encountered across the 40,000-customer base improves defences for all customers simultaneously.

Sophos plans to extend the agentic model across its broader portfolio through 2026, including the integration of XDR and Next-Gen SIEM into a unified context lake and the launch of Sophos CISO Advantage in late 2026. The company was ranked first across five G2 Summer 2026 categories and named a Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer for MDR, with a 4.8 out of 5.0 rating from 290 reviews.