ExtraHop has announced a series of new visibility and forensic capabilities aimed at strengthening what it describes as the “agentic SOC” — security operations centres increasingly powered by AI agents.
The network detection and response provider said the enhancements are designed to close what it calls a critical intelligence gap preventing AI-assisted security tools from operating autonomously. As AI-driven attacks increase in scale and complexity, organisations are looking to AI agents to augment overstretched security teams. However, without high-fidelity and contextual data, those agents cannot reliably triage or respond to threats.
Kanaiya Vasani, Chief Product Officer at ExtraHop, said: “The perceived advancement of the agentic SOC is an illusion for most, as a lack of high fidelity, contextual data silently undermines the system’s efficacy and prevents enterprises from realising any actual benefit from their agents. The network remains the immutable source of truth for the modern enterprise and ExtraHop unlocks that potential for the agentic SOC, driving agentic operations with robust and highly contextual insights. ExtraHop is providing holistic visibility into the most complex segments of the modern attack surface to help enterprises stop advanced threats with unprecedented speed and precision.”
Unified identity and Kubernetes visibility —
At the centre of the update is deeper protocol analysis and expanded telemetry designed to correlate activity across devices, users, applications, and identities. ExtraHop said this unified data layer allows AI agents to autonomously triage, enrich, and respond to cyberthreats in real time.
The company has added integrations with identity systems including Entra ID, Active Directory, and Okta. By combining identity attributes with network telemetry in a single dataset, ExtraHop said AI agents can better attribute activity to specific users and reduce Mean-time-to-Response (MTTR). The enriched data will be surfaced across dashboards, detections, and response workflows.
In parallel, ExtraHop has expanded visibility into Kubernetes environments, which underpin many cloud-native applications and AI-driven workflows. The platform now natively captures and decrypts Kubernetes traffic, while analysing associated resource metadata to provide what it describes as “deterministic” decision-making support for SOC agents.
The company has also introduced new access pathways for AI agents through its ExtraHop Query Language (EQL). Agents can query network telemetry directly and securely consume enriched network metadata and detections through APIs and Model Context Protocol servers, enabling automated threat detection and response.
Chris Kissel, Research Vice President, Security & Trust Products at IDC, said: “AI tools are only as good as the insights powering them and while creating the agentic SOC is a leading initiative for a number of enterprises, a lacklustre source of data is holding them back from success. ExtraHop is solving this by doubling down on context and further closing the visibility gaps impacted by unobserved Kubernetes environments and user identities. Having this level of insight is critical for organisations deploying AI agents and allows adoption of autonomous operations to continue without sacrificing the pace of innovation.”
The announcement reflects a broader market shift towards autonomous security operations, as enterprises seek to balance escalating threat volumes with finite human resources. Vendors across the cybersecurity sector are investing in AI-driven orchestration, though the reliability of automated decision-making remains dependent on the quality and completeness of underlying telemetry.
ExtraHop’s latest update positions network-derived intelligence as the foundational layer for AI-enabled security operations, particularly as cloud-native infrastructure and identity-based attacks increase in prevalence.
You must be logged in to post a comment.