AI Threat Hunting Moves Into the Security Mainstream
Enterprise security teams are facing a volume and speed of cyber attacks that manual processes alone can no longer handle. Adversaries are operating at what vendors describe as “machine speed,” exploiting connected systems and sprawling attack surfaces faster than human analysts can investigate. In response, security providers are weaving AI threat hunting directly into existing platforms, turning traditional tools into automated threat detection and analysis engines. Rather than deploying entirely new systems, organisations are increasingly consuming AI as a built-in capability within the tools they already use for monitoring, analytics and response. This approach lowers adoption friction and aligns with governance expectations by keeping human operators in charge of final decisions. As a result, AI is shifting from an optional add-on to a standard component in unified security platforms, enabling cyber response automation while preserving oversight and control for security operations teams.
Group-IB’s Prevyn AI: Cognitive Threat Hunting at No Extra Cost
Group-IB’s launch of Prevyn AI illustrates how vendors are embedding AI directly into their platforms rather than selling standalone tools. Positioned as the cognitive core of the company’s Unified Risk Platform, Prevyn AI is made available at no additional cost to existing Threat Intelligence and Managed XDR customers, removing budget and procurement barriers to adoption. In Threat Intelligence, it coordinates 11 specialised agents for tasks such as malware analysis, threat actor tracking and dark web monitoring, mirroring investigative patterns used in high-tech crime cases. The goal is to move from reactive detection to predictive AI threat hunting that identifies attacker intent and staging infrastructure before an attack launches. Within Managed XDR, Prevyn AI supports automated threat detection workflows by analysing alerts, drafting incident reports and preparing structured remediation steps, while requiring human approval for execution to align with governance frameworks and regulatory expectations.
From Manual Investigation to Assisted Cyber Response Automation
The core problem these platforms address is the widening gap between the pace of cyber attacks and the capacity of human-led investigation. Traditional security operations centres rely heavily on manual triage, correlation and reporting, which struggle to keep up with multi-vector attacks that unfold in minutes. AI-assisted tools such as Prevyn AI are designed to compress investigation timelines by automatically correlating alerts, enriching them with threat intelligence and drafting structured responses. By harnessing large intelligence data lakes and agent-based analysis, they can surface likely attacker behaviour patterns faster than manual methods. Crucially, the emphasis remains on assistive AI rather than fully autonomous action: recommendations are generated automatically, but humans retain the authority to approve or modify responses. This human-in-the-loop model enables organisations to adopt cyber response automation while staying aligned with emerging AI governance requirements and internal risk controls.
Tech Mahindra and Cisco: Unified Risk Visibility with AI Analytics
Tech Mahindra and Cisco’s Cyber Resilience Fabric demonstrates another dimension of security platform integration: unifying data and risk signals with AI analytics. By combining Cisco’s Splunk Enterprise Security with Tech Mahindra’s Risk Scoring Platform, the solution offers a single environment where security, operational and risk data are analysed together. AI-assisted analytics power contextual risk prioritisation, ranking incidents by likely business impact rather than sheer alert volume. This reduces operational noise and helps teams focus on high-priority threats affecting critical services. For senior security and technology leaders, the platform aims to connect automated threat detection with governance, regulatory obligations and operational continuity. By embedding AI into a familiar analytics stack and supplementing it with risk scoring, the partnership enables organisations to gain unified alert visibility without standing up entirely new infrastructure, while advancing toward more proactive, risk-led decision-making.
Single-Pane-of-Glass Platforms and the Future of AI Threat Hunting
A common theme across these developments is the push toward single-pane-of-glass security platforms that integrate AI threat hunting, analytics and response in one place. Enterprises have long struggled with overlapping alerts, fragmented tools and inconsistent risk views across their environments. By embedding AI into unified consoles, vendors are reducing investigation overhead and shortening response times, as analysts no longer need to pivot between multiple systems for context. Integrated platforms also make it easier to align cyber response automation with business impact, as demonstrated by the focus on contextual risk scoring and governance compliance. As AI becomes a default component of security platform integration, the market is shifting away from standalone AI security products toward embedded capabilities that enhance existing investments. For security teams, this means AI will increasingly operate behind the scenes, augmenting human judgment while helping defenders keep pace with ever-faster threats.