Netskope this week introduced an AI-driven platform layer to ease the operational burden on security and network operations, as enterprises struggle to manage alert volumes and infrastructure complexity. The new offering, Netskope One AgentSkope, is an agentic AI framework designed to automate security and network operations workflows within Netskope's Secure Access Service Edge (SASE) platform.
The platform can automate tasks such as alert triage and investigation, and policy management. According to Netskope, about 40% of alerts go uninvestigated in security operations centers (SOC) and network operations centers (NOC) due to a lack of resources. The growing adoption of AI-generated threats has further strained human analysts, making automation a critical requirement for modern enterprises.
“We built AgentSkope to act as an autonomous force multiplier, providing a shared architectural foundation that allows organizations to easily deploy AI agents capable of executing end-to-end workflows,” said the company’s co-founder and CEO in a statement. “By abstracting away operational complexity and removing internal development bottlenecks, we are empowering security and network leaders to drastically reduce manual troubleshooting, free up their skilled staff for strategic initiatives, and adapt their defenses at the speed of business.”
AgentSkope embeds AI agents directly into Netskope One's data layer, enabling them to analyze and act on information without exporting data to external systems. This design reduces the need to move large volumes of data to other systems, addressing a key cost driver in security information and event management (SIEM) deployments. The agents use natural language interfaces and are capable of executing multi-step workflows, from investigation through remediation recommendations.
The company highlights the urgency of such automation. “In the face of a rapidly expanding, AI-fueled threat landscape, CIOs and CISOs must invest in agentic security automation as a force multiplier to enhance skilled human resources,” said a research manager at IDC. “The ability to intelligently triage threats, help manage the increasing scope and scale of modern threats, and keep up with new AI models/agents can no longer remain a manual process.”
Six Agents, Each Addressing a Specific Workflow
With this release, Netskope is launching six agents tailored to different operational areas. The first is the DLP AISecOps Agent, which automates data loss prevention alert triage, reducing false positives and surfacing priority cases for human review. The Insider Threat AISecOps Agent correlates user behavior and DLP data to identify insider risks, helping organizations spot anomalous activities that might indicate data exfiltration or malicious intent.
For network operations, the Private Access AIOps Agent audits access settings and generates policies based on usage patterns, simplifying the management of secure remote access. The DEM Data Intelligence Agent converts telemetry data from digital experience monitoring into actionable troubleshooting insights, while the DEM Insights Agent highlights performance issues and trends across digital environments. Finally, the CCI Insights Agent enables natural language queries of cloud and SaaS risk data, allowing analysts to ask questions about their cloud security posture without needing to write complex queries.
All agents are integrated into the Netskope One platform, and the company says the design allows customers to configure agents within a single interface, ensuring they can access all relevant data sources without additional integrations. This centralization reduces the complexity of deploying multiple point solutions for different use cases.
Human Oversight Remains Essential
Netskope is also emphasizing the need for human oversight alongside growing automation. Agents can autonomously gather data, triage risks, and even initiate workflows such as creating IT service tickets or notifying analysts, but they will not take final action. “Once the investigation is complete, the agent will wait for a member of the security team to review its findings and direct it to take action,” said a Netskope product director. “This provides the balance between time savings and human control.”
This approach aligns with industry best practices for AI adoption in security, where the technology is seen as an assistant rather than a replacement for human judgment. By handling repetitive tasks, agents free up skilled analysts to focus on strategic decisions and complex incident response.
Background: The Rise of Agentic AI in Security Operations
The launch of AgentSkope comes at a time when the security industry is increasingly turning to agentic AI — AI systems that can autonomously plan and execute multi-step tasks — to address the chronic shortage of cybersecurity professionals. Traditional SOAR (security orchestration, automation, and response) platforms have long promised to automate workflows, but they often require significant custom scripting and maintenance. Agentic AI offers a more flexible, natural-language-driven approach that can adapt to changing environments.
Netskope, a leader in the SASE market, competes with vendors like Zscaler, Palo Alto Networks, and Cisco. By embedding AI agents directly into its platform, Netskope aims to differentiate its offering and reduce the total cost of ownership for customers. The ability to run agents on data sources without moving large volumes of data to external systems is particularly attractive for organizations looking to manage SIEM costs, which have been rising due to increased data ingestion from cloud and edge sources.
The company reports that it plans to expand its agent portfolio on a monthly basis, suggesting a roadmap of additional automation capabilities. As AI continues to evolve, the role of agents in SOC and NOC operations is likely to grow, transforming how organizations handle the relentless volume of alerts and incidents.
AgentSkope and the DLP AISecOps, CCI Insights, Private Access AIOps, DEM Data Intelligence, and DEM Insights agents are all generally available. The Insider Threat AISecOps Agent is currently in private preview. Customers can begin deploying these agents immediately to streamline their security and network operations workflows.
Source: Network World News