From Premium Add-On to Built-In AI Threat Hunting
AI threat hunting is rapidly evolving from an expensive, specialist add-on into a standard capability embedded in enterprise security tools. Group-IB’s launch of Prevyn AI as the cognitive core of its Unified Risk Platform underlines this shift, especially because it is now available to existing Threat Intelligence and Managed XDR customers at no additional cost. Instead of treating advanced AI analytics as a separate product line, the platform folds them directly into day-to-day threat detection and response workflows. This matters for cybersecurity automation because it removes licensing friction: security teams can start using AI-driven investigations immediately, without lengthy budget approvals or new procurement cycles. As a result, organisations that already rely on managed detection and extended response gain a ready-made upgrade in their threat hunting capabilities, raising the baseline for what constitutes a modern security stack.
Why Manual Threat Hunting Can No Longer Keep Up
Attackers are increasingly operating at what vendors describe as “machine speed,” chaining vulnerabilities and moving laterally across connected systems faster than human analysts can manually investigate each alert. Traditional threat hunting relies on experts pivoting through logs, endpoints and threat intelligence sources, a process that can take hours or days per incident. In that time, an attack can escalate from initial compromise to data theft or ransomware deployment. Prevyn AI illustrates how automated investigation changes this equation: it continuously analyses alerts, reasons over a dedicated intelligence data lake built from cybercrime investigations, and highlights attacker behaviour patterns in near real time. By using models based on high-tech crime investigative logic, the system helps teams understand intent and infrastructure staging earlier in the kill chain. This acceleration is critical as enterprises confront an expanding attack surface and an escalating volume of security signals.
Inside Prevyn AI: Agentic Research and Automated Response Workflows
Prevyn AI shows what next-generation AI threat hunting looks like under the hood. Within the Threat Intelligence component, it orchestrates 11 specialised agents focused on malware analysis, threat actor tracking, dark web monitoring and related tasks. These agents emulate the reasoning steps a human investigator would follow, but at far greater scale and speed. According to internal evaluations, this agentic research approach improved research quality by more than 20% across accuracy and analytical depth. On the operations side, the Managed XDR integration pushes cybersecurity automation further. Prevyn AI can analyse incoming alerts, draft structured incident reports and assemble remediation workflows, handing security teams curated options instead of raw data. Analysts retain control, deciding whether to execute the recommended actions, but much of the time-consuming groundwork is already completed, allowing them to focus on judgments that require human context and risk appetite awareness.
Keeping Humans in Control: Governance and Regulatory Alignment
As AI systems move deeper into threat detection response workflows, governance becomes as important as technical capability. Many enterprises are wary of fully autonomous tools that could disrupt critical systems if a model misfires. Prevyn AI addresses this by requiring human approval before any response action is executed, aligning with governance frameworks such as DORA and the EU AI Act. This design keeps security teams firmly in the decision-making loop while still benefiting from automated investigation. The system’s intelligence data lake is built from cybercrime investigations, regional research and cooperation with law enforcement, which helps it reason about attacker behaviour beyond generic open-source feeds. Combined with local threat knowledge from distributed research centres, this approach allows organisations to adopt AI-driven cybersecurity automation without surrendering oversight. The result is a hybrid model: machines handle scale and speed, while humans govern impact and accountability.
What Free AI Capabilities Mean for Enterprise Security Strategy
Bundling AI-assisted investigation and threat hunting into existing platforms at no extra cost has strategic implications for enterprise defenders. First, it lowers the barrier to entry: security teams can experiment with AI-driven workflows without renegotiating budgets, helping them build maturity in threat detection response incrementally. Second, it changes expectations of value from managed services and threat intelligence subscriptions, where embedded AI becomes part of the baseline offering rather than a premium tier. Finally, it supports a shift from reactive to predictive security operations. By surfacing attacker intent and early-stage infrastructure before an attack fully launches, tools like Prevyn AI give defenders more time to adapt controls and block campaigns. Over time, as more vendors follow this model, AI threat hunting is likely to be seen not as an optional enhancement but as a core requirement of any credible enterprise security toolset.