Deepwatch Cuts Up to a Third of Staff as It Bets on AI With NEXA

Deepwatch Cuts Staff as It Bets on AI: What Ops Leaders Should Watch Next

Deepwatch laid off an estimated 60-80 employees-roughly 24% to 32% of its workforce-while launching NEXA, an AI-led security operations platform. Leadership says the company is reallocating resources to automation and artificial intelligence to move faster. Internally, reactions are mixed; at least one current employee told TechCrunch the plan still feels unclear.

Why this matters to operations

Security teams are flooded with alerts, tight SLAs, and rising costs. Automation promises throughput, but it also changes workflows, staffing, and accountability. The next quarter will be defined by execution, not headlines.

The headline numbers

Reports indicate the cuts spanned multiple functions and weren't tied to performance. Many of the affected roles were in operations and security analysis-24/7 monitoring and incident response. With fewer people, the gap must be closed by process, tooling, or both.

NEXA: what's being introduced

Deepwatch's NEXA is described as a platform built around six AI agents. Three support analyst work (investigation, correlation, containment), and three address customer-facing needs (exposure insight, ticket review, reporting). The promise is plain-language interaction with real-time data to speed decisions and reduce back-and-forth.

Execution risks to track

• Service levels: MTTD/MTTR stability, backlog trends, and any SLA breaches post-change.
• Quality: false positive/negative rates, suppression errors, containment success rate.
• Coverage: alert throughput per analyst per shift, clean handoffs, on-call load.
• Change control: versioned runbooks, tested rollback plans, AI updates behind change windows.
• Transparency: decision logs for AI actions, approvals, and evidence trails.
• Security/compliance: auditability, data residency, model input/output controls mapped to SOC 2/ISO.
• Customer comms: who does what (AI vs. human), escalation thresholds, and outage procedures.
• People: training plans, role clarity, and retention risk for the remaining team.
• Economics: unit cost per monitored asset/customer; savings realized vs. forecast.

Questions to ask your MDR provider (or internal SOC)

• Which workflows are now automated end-to-end? Which remain human-in-the-loop?
• Where can the AI act without approval, and what prevents overreach or bad containment?
• How are models validated against drift and new attacker techniques?
• What's the fallback when the AI service or a dependency goes down?
• How will you prove service levels didn't degrade after the layoffs?
• What new data feeds or integrations do we need to provide?
• How do you report errors, near-misses, and corrective actions to customers?

Context: this is bigger than one company

Deepwatch joins a line of cybersecurity firms reducing headcount in 2025. CrowdStrike reportedly cut 500 roles while posting over $1B in free cash flow. Deep Instinct, Otorio, ActiveFence, SkyBox Security, and Sophos have also made cuts. The signal: automation-first operations and stricter unit economics are now baseline expectations.

30/60/90-day plan for operations leaders

• Days 0-30: Lock current SLAs and baseline MTTD/MTTR. Freeze noncritical changes. Require weekly quality reports. Audit runbooks, contact trees, and escalation paths.
• Days 31-60: Pilot AI-assisted investigation on a bounded use case. Add approval gates. Review decision logs. Run game-day tests across detection, containment, and comms. Tune alert routing.
• Days 61-90: Expand to containment with tiered approvals. Renegotiate KPIs if results hold. Finalize staffing model. Publish an updated RACI and playbooks.

What good looks like

• MTTD/MTTR flat or better, with fewer noisy tickets due to stronger correlation.
• Clear, reproducible audit trails for every action-human or AI.
• Stable on-call and fewer after-hours escalations.
• Unit costs trending down without quality trade-offs.

Internal sentiment matters

A current employee told TechCrunch they're unsure how automation will work day to day. That's a signal to over-communicate scope, timelines, and guardrails. Ambiguity drains momentum; clarity speeds adoption.

Bottom line

Layoffs paired with an AI launch is a high-variance move. If process discipline anchors the rollout, customers could see faster triage and clearer reporting. If discipline slips, expect SLA noise and trust issues. Track the metrics above and ask for evidence, not promises.

Sources and further reading

• Cybersecurity firm Deepwatch lays off dozens, citing move to 'accelerate' AI investment (TechCrunch)
• Deepwatch Launches NEXA: The MDR Industry's First Collaborative Agentic AI Ecosystem (Business Wire)

If you're upskilling your team on AI and automation for operations, here's a practical starting point: AI courses by job role.