Introducing RunReveal's Native AI Agent and Chat

Today we're announcing RunReveal's integrated AI agent and chat for security investigations and detection management, available as early access to all of our customers. This marks a significant milestone in our mission to simplify security operations and make advanced threat investigation accessible to every team.

The challenge of security log analysis

A sizable portion of a security engineer's job is knowing how to query for the logs that matter at that exact moment. Manually this process can take hours or even days to get to the root of the problem. However, as we're learning, LLMs are amazing at performing this task. Within a few iterations, we've see firsthand how they are massively accelerating the way a human analyst answers the questions they have about their infrastructure.

At RunReveal, we also believe that you shouldn't have to buy and cobble together dozens of different products to make sense of your SaaS security logs. The security tool sprawl has become untenable—teams are drowning in dashboards, juggling API keys, and losing critical context as they hop between platforms.

It's crystal clear that the future of security investigation and analytics will be agentic. AI agents will help security teams cut through the noise, surface critical insights, and accelerate response times. But here's the crucial insight: the best way to make this happen—in the most secure, reliable, and auditable way—is to vertically integrate agentic workflows directly into the data platform.

AI for security teams, by security teams

When we released our MCP Server in March, we were blown away by what our customers were doing with it; questions that could take us a half hour to answer when we were manually querying our logs started taking seconds.

We wanted to integrate the power of agents more tightly into our product though so we could enable things like:

1. Make AI features available to our customers who didn't yet have a preferred AI client.
2. Use AI on a schedule to query our logs.
3. Use the models that our customer's legal teams had approved.

While all of our customers wanted to use our MCP Server, some encountered regulatory, compliance, or tooling issues. We also had some customers who had really advanced use cases in mind that we couldn't achieve without control of the agent.

This prompted us (no pun intended) to feel like we needed greater control, and our own agent to give to customers.

The RunReveal AI Chat a purpose-built investigation agent that understands your security data and can execute complex queries, analyze patterns, and guide you through investigations—all without your data leaving the platform.

Here's what makes it different:

• Direct data access: RunReveal's AI chat can query your logs, examine table schemas, and analyze your security data in real-time using the same APIs you use.
• Transparent reasoning: Every action the chat takes is explained and auditable. You can see exactly why it chose to run a specific query or use a particular tool.
• Persistent context: Unlike many AI tools, the RunReveal AI chat remembers your investigation history and can build on previous findings, making complex multi-day investigations possible.

How we built RunReveal's native AI agent

Under the hood, The RunReveal AI chat is powered by an OODA (Observe-Orient-Decide-Act) loop implementation built in Go using the langchaingo library. This military-derived decision framework helps the agent systematically approach complex investigations:

1. Observe: Gather information about the current security context
2. Orient: Analyze the data and form hypotheses
3. Decide: Determine the next best action to take
4. Act: Execute queries or tools to gather more information

This structured approach ensures chat doesn't just throw queries at your data—it thinks strategically about how to solve your investigation challenges.

The technical architecture emphasizes reliability and audibility:

• Support for multiple LLM providers (OpenAI and Anthropic)
• Comprehensive permission system integrated with our existing RBAC
• On-platform tool execution with full request/response logging
• Stateless design with database backing for chat persistence

Demo

We normally tell people when they prompt an AI agent, in order to get the best results, they should be specific about what they want the agent to look for and to prompt the agent with a specific timeframe in mind.

The RunReveal AI Chat isn't just for answering simple questions; you can ask difficult questions regardless of the data schema, log volume, or whatever other obstacles stand between you and the answers that are kept in your logs.

The more we use an agent to query our logs, the more it feels almost like delegating a task to a human. Sometimes the agent will do the wrong thing and make syntax errors, but it can quickly learn from mistakes, reorient itself, and still get you as close as it can to your answer.

Looking ahead

We plan to integrate our AI agent with other parts of our product where it can save a human analyst time. AI agents assisting with search is just one use case but an integrated alert investigation is an obvious next place to help. We think AI agents might also be very good at developing monitoring strategies and even doing 24/7 monitoring.

Our roadmap specifically includes:

• Investigation workflows: Create structured investigations that combine chat interactions with artifacts, link to alert results, and compile reports for different stakeholders.
• Detection engineering: Generate detections based on findings from investigations, with AI helping you translate discoveries into actionable rules.
• Visual analytics: Create and save charts to dashboards directly from chat, making it easy to monitor trends our AI agent helps you discover.

Try AI chat today

If you're a RunReveal customer, you can start using AI Chat today by enabling it in your workspace settings and adding your LLM API key. 

The age of AI-powered security operations is here. Let's build it the right way—integrated, secure, and purpose-built for the challenges security teams face every day.