Attack Velocity Forces a Shift to AI Threat Hunting
Cyber attackers now operate at what vendors describe as “machine speed”, overwhelming traditional security operations built around manual investigation. As alert volumes surge and attack chains span multiple systems, SOC teams struggle to correlate signals, understand attacker intent and respond quickly enough to contain active threats. This widening gap between attack velocity and human capacity is pushing enterprises toward AI threat hunting and automated cyber response as core capabilities rather than experimental add-ons. Security leaders are increasingly looking for enterprise security platforms that can not only detect anomalies, but also analyse context, propose actions and orchestrate multi-step responses across tools. At the same time, governance and regulatory expectations require that humans remain in control of critical decisions, forcing vendors to blend automation with clear approval workflows. The result is a new generation of AI-infused platforms designed to accelerate investigations while preserving oversight.
Group-IB’s Prevyn AI Brings Cognitive Automation to Existing Deployments
Group-IB’s Prevyn AI illustrates how vendors are embedding AI threat hunting directly into established platforms without adding deployment friction. Positioned as the cognitive core of the company’s Unified Risk Platform, Prevyn AI is being rolled out to existing Threat Intelligence and Managed XDR customers at no additional cost. In the threat intelligence domain, it coordinates 11 specialised agents for tasks such as malware analysis, threat actor tracking and dark web monitoring, drawing on a proprietary intelligence data lake built from cybercrime investigations and collaboration with law enforcement. The goal is to infer attacker behaviour, intent and infrastructure staging before attacks launch, with internal tests indicating more than 20% improvement in research quality. Within Managed XDR, Prevyn AI automates alert analysis, drafts incident reports and generates structured remediation workflows, but crucially requires human approval before any action, aligning with governance frameworks like DORA and the EU AI Act.
Tech Mahindra and Cisco Focus on Unified, Risk-Led Visibility
Tech Mahindra and Cisco’s Cyber Resilience Fabric shows how AI analytics are being used to unify fragmented security data and link it directly to business impact. Built by combining Cisco’s Splunk Enterprise Security with Tech Mahindra’s Risk Scoring Platform, the offering gives enterprises a consolidated view of alerts, operational telemetry and contextual risk signals. Instead of triaging incidents solely by technical severity or alert volume, the platform ranks events by likely business impact, helping security teams prioritise threats that endanger critical services. AI-driven analytics reduce noise and highlight high-risk issues, while integrated dashboards connect cyber risk to governance, regulatory obligations and operational continuity. For CISOs and other senior leaders, this risk-led model promises earlier threat detection, faster and more targeted response, and more structured recovery, supporting demands to show that cyber investments and response processes are tightly aligned with broader organisational resilience goals.
From Optional Add-On to Core Enterprise Security Platform Capability
Together, these launches signal that AI-assisted automation is becoming a baseline expectation for any modern enterprise security platform. Rather than deploying standalone tools, organisations increasingly want AI embedded within the systems they already use for threat intelligence, monitoring and response. Group-IB’s decision to integrate Prevyn AI into existing customer environments at no extra cost reduces procurement and rollout barriers, accelerating adoption of threat detection automation. Tech Mahindra and Cisco, meanwhile, show how AI can bridge SIEM, risk and operations data into a single fabric that supports both analysts and executives. Across the market, the emphasis is shifting from experimental AI pilots to production-grade automation that can scale with expanding attack surfaces. As adversaries continue to automate their own operations, enterprises that fail to adopt AI-assisted threat hunting and automated cyber response risk falling irretrievably behind in both detection speed and decision quality.