Netskope this week unveiled a new AI-driven platform layer designed to ease the operational burden on security and network operations teams, which are increasingly overwhelmed by alert volumes and infrastructure complexity. The solution, called Netskope One AgentSkope, is an agentic AI framework that automates key workflows within Netskope's SASE platform. It aims to help organizations address the chronic issue of alert fatigue, where 40% of alerts in security operations centers (SOC) and network operations centers (NOC) go uninvestigated due to a lack of resources.
AgentSkope embeds AI agents directly into Netskope One's data layer, enabling them to analyze and act on information without requiring data to be exported to external systems. This design allows agents to access all relevant data sources seamlessly, eliminating the need for additional integrations. According to Netskope, the framework acts as an autonomous force multiplier, abstracting away operational complexity and removing internal development bottlenecks. Security and network leaders can thus reduce manual troubleshooting, free up skilled staff for strategic initiatives, and adapt defenses at the speed of business.
The new agents use natural language interfaces and are capable of executing multi-step workflows—from investigation through remediation recommendations. However, human oversight remains critical: agents can gather data, triage risks, and even initiate workflows such as creating IT service tickets or notifying analysts, but they will not take final action until a human reviews the findings and directs further steps. This provides a balance between time savings and human control.
With this release, Netskope is launching six agents designed for specific operational areas. The DLP AISecOps Agent automates DLP alert triage, reducing false positives and surfacing priority cases. The Insider Threat AISecOps Agent correlates user behavior and DLP data to identify insider risks, currently in private preview. The Private Access AIOps Agent audits access settings and generates policies based on usage patterns. The DEM Data Intelligence Agent converts telemetry data into actionable troubleshooting insights, while the DEM Insights Agent highlights performance issues and trends across digital environments. The CCI Insights Agent enables natural language queries of cloud and SaaS risk data, allowing analysts to ask questions about risk posture and receive immediate answers.
The announcement comes at a time when enterprises are struggling to keep pace with a rapidly expanding, AI-fueled threat landscape. Industry analysts emphasize that investing in agentic security automation is a necessity for CIOs and CISOs. The ability to intelligently triage threats, manage the increasing scope and scale of modern threats, and keep up with new AI models and agents can no longer remain a manual process. AgentSkope is designed to address these challenges by embedding automation directly into the platform, reducing the need to move large volumes of data to other systems for analysis.
Netskope executives highlight that the agents are specifically designed with platform workflows in mind and deeply embedded within the architecture. This close integration means agents can handle repetitive triage and investigation work so human analysts can focus on higher-value decisions. For example, a SOC analyst might spend hours investigating a DLP alert, but with AgentSkope, the agent can automatically gather context, correlate with user behavior, and present a summary with recommended actions—all within the same interface.
The agents are configured via a single interface within the Netskope One platform, ensuring consistency and ease of deployment. Netskope plans to expand its agent portfolio on a monthly basis, adding new capabilities to address emerging threats and operational needs. The Insider Threat AISecOps Agent is currently in private preview, while the other five agents are generally available.
This move reflects a broader trend in the cybersecurity industry toward agentic AI, where autonomous agents handle increasingly complex tasks. Unlike traditional automation that relies on static rules or scripts, agentic AI can adapt to changing conditions, reason about data, and execute multi-step workflows with minimal human intervention. By embedding this capability directly into a SASE platform, Netskope offers a unified approach to security and network automation that reduces tool sprawl and data movement costs.
The impact on SIEM data ingestion costs is also noteworthy. Because agents process data within the Netskope One data layer, organizations can reduce the volume of data they need to export to external SIEM systems for analysis. This can lead to significant cost savings, especially for enterprises generating terabytes of log data daily. Additionally, the agents provide actionable insights directly within the platform, enabling faster response times without waiting for SIEM correlation rules to trigger.
For network operations, the DEM agents offer real-time visibility into digital experience metrics, allowing NOC teams to identify performance bottlenecks before they impact users. The Private Access AIOps Agent simplifies zero-trust access policy management by automatically auditing settings and generating recommendations based on observed usage. This reduces the administrative burden on network teams and helps maintain least-privilege access over time.
Overall, Netskope's AgentSkope represents a significant step toward autonomous SASE operations, where AI agents act as force multipliers for human teams. By balancing automation with human oversight, the platform ensures that critical decisions remain under human control while accelerating routine tasks. As the threat landscape continues to evolve, such agentic frameworks will likely become essential for maintaining security and network efficiency at scale.
Source: Network World News