Corelight has launched a new agentic AI suite aimed at reducing the repetitive triage work that continues to slow many security operations centres, as vendors race to prove that automation can be both faster and auditable.
The centrepiece is Agentic Triage, which Corelight says can make triage up to 10 times faster by consolidating alerts into entity-based investigations, applying expert-written playbooks, and returning an evidence-backed verdict that analysts can inspect step by step. The company is also introducing new machine learning models designed to detect encrypted tunnelling, VPN anomalies, and other evasive post-exploitation behaviour without requiring decryption.
Vijit Nair, vice president of product at Corelight, said: “Only Corelight delivers true agentic AI triage in NDR, uniquely transforming overwhelming alert queues into verified, defensible investigations by applying expert playbooks to industry-leading network evidence with AI reasoning, drastically reducing time-to-triage and equipping analysts with definitive answers.”
The transparency point is central to the launch. Corelight says its “show-your-work” approach exposes every playbook step, query, and piece of evidence used by the system, a response to enterprise concerns that AI tooling in security can become a black box. It is also extending integrations across the wider SOC stack, including Microsoft Azure AD/Entra and CrowdStrike, so analysts can move from investigation to actions such as logout, password reset, endpoint quarantine, or firewall blocks more quickly.
The timing is deliberate. Security teams are facing pressure to respond to AI-assisted attacks with the same level of speed, but they also need systems that stand up to audit and incident review. Corelight is positioning the release as an answer to both requirements.
The company will be demonstrating the new capabilities at RSAC in San Francisco from March 23 to 26.
