Managed Detection and Response
BlueVoyant AI: Our Shared Security Roadmap
A note to our customers
Today, we’re launching BlueVoyant AI.
In my first months as CEO, I’ve had the chance to meet with many of you. What struck me most is the scope and importance of what you’re protecting, and how seriously you carry that responsibility.
What also came through clearly is that your vision for the future of security aligns with ours. You see what’s ahead: growing alert volume, increasing tool complexity, a widening gap between what your security stack generates, and what your team can realistically act on. There’s a lot of work to do. Our roadmap reflects that because it was built tight to your priorities. The capabilities you cited as critical are the foundation of BlueVoyant AI, a major software release we are announcing today.
How BlueVoyant AI Drives Outcomes
BlueVoyant AI is a set of purpose-built AI agents and automation now embedded across every stage of our security operations: prevention, detection, investigation, response, and optimization.
The design principle is straightforward: AI handles the volume and the speed; our analysts handle the judgment calls. When something can be resolved automatically with high confidence, the system acts. When the stakes are higher, a human makes the call. Neither works as well without the other.
What’s New in BlueVoyant AI
We rebuilt prevention. We built three new capabilities in the prevention stage alone.
- Asset Identification now discovers and tracks every device across your environment automatically.
- Detection Validation simulates real attacker techniques against your systems to verify your rules actually fire.
- Phishing Triage analyzes suspicious emails and classifies them: phishing, malware, spam, or safe, so your team isn’t manually sorting through every report.
We rebuilt an entirely new response layer.
- Response Agent matches incidents to the right playbook and executes containment on known patterns automatically.
- Playbook Generator creates new playbooks from incident patterns it observes, so the system adapts as attacker tactics change.
- Cloud Forensics and Device Forensics let our analysts take action directly on forensic evidence, not just view it. Gartner confirmed that only BlueVoyant and one other vendor in the market can do this.
We rebuilt transparency from the start.
- Incident Agent gives you real-time alert summaries and case status pulled from our knowledge graph of your data. You can see what we see, as we see it.
- Trends Agent answers analytical questions about your incident data so you’re not waiting on a quarterly deck to understand what’s happening in your environment.
You asked us to meet you where you are. BlueVoyant AI data is now accessible in Slack, Microsoft Teams, Copilot, and Claude Desktop via MCP. Your SOC managers can ask IT questions and get incident details without logging into a separate portal.
Our threat hunting now carries a network effect. When our agents spot a novel threat in one customer environment, they automatically build detection logic and run hunts across every customer we protect. Every organization in our network makes the others more secure.
Full Capability Breakdown
Here’s the complete BlueVoyant AI feature set:
| Stage | Capability | What It Does |
|---|---|---|
| Prevention | Asset Identification | Discovers and tracks devices and assets across your environment |
| Prevention | Detection Validation | Simulates attacker techniques to verify detection rules fire correctly |
| Prevention | Phishing Triage | Analyzes suspicious emails: phishing, malware, spam, or safe |
| Prevention | Defender Assessment | Identifies Microsoft Defender misconfigurations |
| Prevention | Emerging Vulnerability Alerts + Threat Intel | Early warning on emerging threats with curated intelligence |
| Detection | Triage Engine | Reviews alerts, ranks by risk, expedites triage and prioritization |
| Detection | Threat Hunting | AI-assisted search for signs of compromise and emerging attack patterns |
| Investigation | Incident Agent | Real-time alert summaries and case status from knowledge graph data |
| Response | Response Agent | Matches incidents to playbooks, auto-executes containment on known patterns |
| Response | Playbook Generator | Creates new playbooks from observed incident patterns |
| Response | Playbook Summary | Combines multiple playbook outputs into a single analyst review |
| Response | Cloud Forensics | Queries audit logs in real time, enriches with threat intel and risk filters |
| Response | Device Forensics | Gathers and analyzes forensic evidence directly from suspected devices |
| Optimization | Workflow Agent | Continuously improves SOC workflows based on operational feedback |
| Optimization | Trends Agent | Answers analytical queries about incident data and patterns |
| Optimization | Defender Assessment | Assesses your environment to optimize Defender using best practices |
| Optimization | Pulse | SIEM log optimization recommendations |
What Comes Next
In every customer conversation I’ve had since joining, the same themes surface: show us what you’re doing, move faster, and make our security investment work harder. BlueVoyant AI is the direct answer to those conversations.
In the upcoming weeks, we will look to release BV AI documentation, discuss migration with follow-on training, and answer your questions.
We’re not done building. But I wanted you to hear it from me: we listened, and this is us following through.
Related Reading
Threat Intelligence
How Replicating Marauder Rewired the Supply Chain Playbook
Threat Intelligence
The OtterCookie Matryoshka
Third-Party Risk Management
Using Agentic AI to Scale Threat Detection in Healthcare
