Rebecca PY MALAYSIA, 23 JUNE 2026 – Global cybersecurity firm Sophos has released a landmark set of production metrics from its Managed Detection and Response platform, offering the most detailed public picture yet of what an artificial intelligence-driven Security Operations Center looks like when operating at enterprise scale.
Over the past twelve months, the Sophos MDR platform resolved 52% of all security cases end-to-end without any human intervention, acting within a median time of 89 seconds from case creation to automated response. These figures are not drawn from a controlled environment or pilot programme. They reflect live operations across 40,000 customer environments, a customer base that grew 39% year-over-year and spans small businesses through to global enterprises.
The numbers land at a moment when the cybersecurity industry is grappling with a structural problem: the volume and sophistication of threats are accelerating far faster than the talent pool available to counter them. Adversaries are already deploying AI without the procurement cycles or governance friction that slow enterprise adoption. Sophos has responded by rebuilding the SOC architecture itself rather than simply layering AI tools onto an existing human-led model.
At the core of this redesign is Sophos Central, described by the company as the industry’s first AI-native cybersecurity defence system. The platform unifies endpoint, firewall, identity, SIEM, network, email, cloud, and threat intelligence into a single context lake, supported by more than 350 third-party integrations. Every detection across every customer feeds back into a shared intelligence layer, meaning the system grows more capable with each threat encountered across the entire network.
The operating model itself runs on two tracks. For high-volume, well-bounded cases where speed is the priority, AI operates autonomously under a human-on-the-loop framework, with analysts setting and continuously calibrating the boundaries within which the system acts. For high-stakes decisions involving novel adversary behaviour, significant business impact, or cases requiring contextual judgement, a human-in-the-loop model keeps analysts directly in the decision chain. Raja Patel, president of Sophos, framed the scale advantage as a compounding effect: when you run the world’s largest SOC, every threat encountered makes every customer’s defence stronger, and no other vendor operates across a breadth that spans organisations of that range.
Rob Harrison, SVP of product management at Sophos, pushed back against reading the 52% automation figure in isolation. When AI absorbs the volume that previously consumed Tier 1 and Tier 2 analyst time, the human experts are freed to focus on exactly the work that matters most: novel attack patterns, high-stakes decisions, and cases where business context determines the right response. The metric that reflects this shift is not the percentage of cases AI closes, but the quality of the work that reaches human analysts.
The production results are accompanied by a sweep of independent recognitions. Sophos was ranked first across five categories in the G2 Summer 2026 reports, covering endpoint protection, EDR, XDR, MDR, and firewall, marking its eighth consecutive quarter as the overall MDR leader. The company also received the Gartner Peer Insights Customers’ Choice designation for MDR in 2026, based on 290 verified reviews with an overall rating of 4.8 out of 5.0, making it the most-reviewed vendor in the report. KuppingerCole named Sophos an Overall Leader in its 2026 MDR Leadership Compass, recognising it across product, innovation, and market leadership categories.
Looking ahead, Sophos has signalled plans to extend the agentic model across its broader portfolio through the remainder of 2026. Planned developments include the integration of XDR and next-generation SIEM capabilities into a unified context lake, expanded secure AI tooling, and the launch of Sophos CISO Advantage in the fourth quarter, a service designed to deliver strategic security guidance to organisations with or without dedicated security leadership already in place.