Today we're announcing RunReveal's AI agent for security operations. This flexible agent automatically investigates alerts, responds in real time to changes in your infrastructure, and massively speeds up the incident response process. Our customers can start using this feature immediately.

From MCP server to fully integrated agent

When we released our Model Context Protocol server last year our customers immediately started using it to triage their alerts. The LLMs could easily sift through terabytes of logs, find all of the relevant context around an alert, and present what it found while showing its work in the process.

Most of the people doing that were running their agents on their laptops and didn't have a dedicated place to capture the results, didn't reliably run the agent for every type of finding they cared about, but they still saw the massive improvement in the IR experience. Additionally, most parts of our product were built for normal API use, not agents. We felt like we could continue improving on how an AI agent worked to better make use of our features.

Automatically investigate alerts

Getting started with RunReveal's AI agent requires just one change to your detection configuration. Enable the auto-triage capability, then optionally choose which agent you want to invoke or use the default triage agent to do the investigation. Creating specialized prompts for different log types or detection types allows you to bring the right context and expertise to each alert, ensuring high accuracy and high confidence investigations.

Here's what happens next. Once your alert fires:

1. We automatically open a new case in our case management tool.
2. The AI agent you configured runs its investigation and will update the case with its findings and analysis.
3. The agent's full query history, tool usage and reasoning is attached to the case.

Here's a video of what it's like in action.

Everything works together. The alert findings, case management, and the agent runtime are integrated to work together and to massively speed up how long it takes to understand the context around an alert. While designing this system we knew that this was critical.

The agent shows all its work. Trusting the work of AI is great, but it's critical that you can introspect exactly what the agent did and scrutinize the conclusions it came to. Additionally, you can continue the conversation with the agent after it concludes an investigation.

We're really excited for more of our customers to begin using this functionality, and heres how you can create your own custom use case.

How do you create your own AI security agent?

Within our chat UI you can build your own agent. Customizing the prompt, tool calls, permissions, whether or not the agent is run on a schedule, what model the agent uses, etc. All of this is easy to configure to create exactly the use case you need to analyze your security data properly.

There's no special tools needed or knowledge required. All you need is an AI inference provider, your model of choice, and a use case in mind:

Your base prompt will be coupled with our existing system prompt that informs the agents how to use different RunReveal resources, like what makes a good detection, how to write good queries when searching your logs, etc.

The tool call selector is critical for controlling what an agent can and can't do, or developing your own interesting use cases. I made an AI agent that emails me with a summary of new blogs to read whenever my favorite technical blogs publish new articles. All I needed to do was give the agent the "Make HTTP Request" tool call, and access to email me, and I was done! Not the use case we originally set out for but simple and effective.

What's next

This is a huge release for RunReveal, and we're just getting started with AI agents. We plan to share more use cases for the agent in the coming weeks and couldn't be more excited that our customers can begin using this feature.

What we're announcing today isn't so much a specific agent, it's a platform for building AI agents that have the ability to perform any action that a human on your security team would with precision and control, informed by good data. After using it for a few weeks internally, we're convinced: this is the future of incident response. Security teams need a framework and control of AI agents to deploy agents successfully and that's what we will continue to talk about over the coming months!