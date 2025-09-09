We’re pleased to announce new features to the Sophos AI Assistant, which puts easier case triage and investigation, MDR-grade expertise, guided workflows, and real-time threat hunting directly in the hands of every Sophos XDR and MDR customer.

What is the Sophos AI Assistant?

The Sophos AI Assistant is an integrated feature in Sophos Central that uses large language models (LLMs) and natural language understanding to enable all users — from IT generalists to experienced SOC analysts — to query security telemetry, enrich investigations, and take investigative actions without needing to write SQL-like queries.

It isn’t just another AI tool — it’s expertise from the team behind the world’s leading Managed Detection and Response service, distilled into an intelligent agent. The AI Assistant is included for all Sophos XDR and MDR customers at no additional charge.

With this release, the Sophos AI Assistant has been enhanced to support two key roles:

Security Analyst – Focused on case investigation and triage.

– Focused on case investigation and triage. Threat Hunter – Focused on proactive, exploratory investigations across the environment.

Getting started with the AI Assistant

Key capabilities in this release

Updated navigation in Sophos Central

The Sophos AI Assistant is now accessible from a new “AI” menu in the Sophos Central Admin console. This update reflects the increasing importance of AI-powered tools in analyst workflows and ensures easier access to AI-driven insights and actions—whether you’re responding to alerts, investigating incidents, or proactively hunting threats.

New Security Analyst and Threat Hunter assistants

This release introduces a new AI assistant:

Security Analyst assistant : Designed for triage, case management, and investigation tasks.

: Designed for triage, case management, and investigation tasks. Threat Hunting assistant: Adds support for proactive hunting workflows, allowing analysts to explore telemetry, craft queries, and investigate suspicious behavior across the estate.

Together, these new context aware assistants unify reactive and proactive capabilities under a single, AI-powered interface.

Contextual workflows based on analyst role

The AI Assistant now pulls in context based on the function an analyst is performing:

Security Analysts receive case-aware prompts, enrichment support, and streamlined investigation flows.

receive case-aware prompts, enrichment support, and streamlined investigation flows. Threat Hunters are provided with advanced search suggestions, guided telemetry pivots, and custom prompt templates.

Whether you’re summarizing case findings or exploring detection anomalies, the AI Assistant ensures a seamless and role-aligned experience.

Smart prompt starters and in-workflow assistance

To reduce onboarding friction and improve usability, Sophos has introduced intelligent prompt suggestions tailored to common SOC activities. From device analysis to trend reviews, the AI Assistant helps you frame effective queries and make informed decisions—without needing deep familiarity with query languages or telemetry schemas.

Use cases in action

Alert triage : Quickly summarize the context and related detections

: Quickly summarize the context and related detections Investigation : Trace lateral movement using command-line data or user behavior

: Trace lateral movement using command-line data or user behavior Threat hunting : Search for PowerShell execution anomalies over time

: Search for PowerShell execution anomalies over time Enrichment: Perform live lookups on hashes, IPs, or domains

You can even add AI Assistant outputs directly into your case notebooks, ensuring that your insights and steps are preserved for auditing or handover.

Sophos Central Documentation – AI Assistant Use Cases

How to write effective prompts

We’ve published a new best practices guide for writing effective AI prompts. This guide helps you frame questions more clearly and precisely to ensure high-quality results from the AI Assistant.

Tips include:

Be specific: Include device names, time ranges, or detection types

Give context: Tie the prompt to a case or alert when possible

Define format: Ask for lists, tables, or summaries if needed

How to craft effective prompts

Ready to try it?

Log in to Sophos Central today and start working with your new AI teammate.

AI Assistant documentation and training resources