Sumo Logic launches Dojo AI to move SOCs from reactive to proactive security

Sumo Logic launches Dojo AI to bring agent-based intelligence to SOC operations

Sumo Logic announced Dojo AI, an agent-powered security operations service that speeds up routine workflows and shifts teams from reactive firefighting to proactive defense. The goal: reduce alert fatigue, cut investigation time, and document incidents without more manual effort.

"Attackers are using AI and other advanced techniques to outpace defenders," said Keith Kuchler, chief development officer at Sumo Logic. He added that Dojo AI brings agentic AI into the security stack at cloud scale so teams can get ahead of threats.

What's inside Dojo AI

• Mobot (beta): A conversational interface for multi-turn, natural language interactions. It lets analysts deploy agents and request insights without writing complex queries.
• Query Agent: Converts plain-English questions into efficient Sumo Logic queries and integrates with Mobot. Built with an agentic architecture in partnership with Amazon Web Services to improve accuracy and performance.
• Summary Agent: Auto-generates clear summaries of incidents and investigations so handoffs are faster and documentation stays consistent.

Why operations teams should care

• Fewer context switches: Natural language workflows reduce back-and-forth across tools and dashboards.
• Faster investigations: Query generation and summarized findings shorten time to triage and response.
• Consistent documentation: Standardized summaries help with post-incident reviews and compliance.
• Human-in-the-loop: Agents assist analysts rather than replace them, keeping expert judgment in place.

How it fits your stack

Dojo AI sits on top of Sumo Logic's data foundation, giving agents a single source of truth. The agents collaborate: Mobot handles conversation, Query Agent handles data retrieval, and Summary Agent packages the results so teams can act quickly.

Because the Query Agent is built with AWS partner support, teams can expect stronger performance on large datasets and more reliable query translation for Sumo Logic environments.

Practical rollout steps

• Start with a pilot: Enable Mobot (beta) for a small group of analysts and a limited set of alerts or use cases.
• Define triggers: Choose alert types where false positives are common and investigations repeat similar steps.
• Template summaries: Align Summary Agent output with your incident taxonomy (severity, root cause, impact, remediation).
• Guardrails: Require analyst approval before escalations, ticket creation, or suppression rules are applied.

Metrics to track from week one

• MTTA/MTTR: Time to acknowledge and resolve incidents before and after Dojo AI.
• Query time saved: Number of investigations initiated via natural language vs. manual queries.
• Alert fatigue: Reduction in duplicate or low-value investigations.
• Documentation coverage: Percentage of incidents with complete, standardized summaries.

Governance and risk checks

• Data access: Confirm agents inherit least-privilege roles and respect existing data boundaries.
• Auditability: Log agent prompts, actions, and outputs for review.
• Quality control: Sample summaries for accuracy and bias; tune prompts and workflows where needed.

Availability notes

Dojo AI launches with three agents: Mobot (beta), Query Agent, and Summary Agent. Sumo Logic emphasizes that agents learn faster and perform better with a unified data layer, reinforcing the case for centralizing telemetry under one platform.

Next step for your team

Pick one repetitive investigation pattern and run it through Mobot and Query Agent end-to-end. Use Summary Agent to standardize the post-incident record. If the pilot cuts cycle time and improves documentation, expand to high-volume alerts.

If your org is upskilling analysts on AI-assisted operations, explore practical learning paths on Complete AI Training by job role.