Latest news with #ReliaQuest
Forbes
11-08-2025
- Business
- Forbes
AI Teammates Are Changing The SOC Without Replacing People
The conversation about AI in security operations centers has long been framed around automation replacing humans. But many security leaders see a different path—one where AI works alongside analysts as a 'teammate,' taking on repetitive, low-value tasks so humans can focus on higher-value work. I had an opportunity recently to speak with Brian Murphy, founder and CEO of ReliaQuest, and James Lowry, director of information security for Signature Aviation, to get some expert perspective on the issue. From Burnout to Breathing Room When Lowry joined Signature Aviation three years ago, his team was doing everything—detection, response, architecture, and engineering—with no automation to help shoulder the load. He described how the company has leveraged technology to automate tier one SOC tasks and noted that about 80% of all alerts are now handled by automated response plays. 'The more you digest to get that common operational picture, the faster it's going to be and the lighter the load is going to be on my team to allow them to get back to what they really want to do anyway, right? They want to architect. They want to engineer. They want to be interfacing with the business, helping solve problems.' Murphy views agentic AI as an 'exponential multiplier' that lets security teams redirect their time to more strategic work. 'It's not taking over for that security analyst or replacing that… it's freeing up some of their time,' he explained. By removing duplicates, false positives, and other distractions, Murphy believes AI 'weaponizes' analyst knowledge for faster, more consistent execution. That philosophy underpins ReliaQuest's recent launch of GreyMatter Agentic Teammates, billed as the industry's first autonomous, role-based AI agents for security operations. Built to represent specific SOC functions—such as Threat Intelligence Researchers, Detection Engineers, and Threat Hunters—these AI teammates work together and with human analysts to anticipate threats, model risk, and strengthen long-term resilience. According to ReliaQuest, GreyMatter's native agentic AI already performs investigations 75% faster than traditional methods with over 99% accuracy on malicious activity. The new role-based teammates are designed to extend those capabilities, giving SOC teams around-the-clock, burnout-proof coverage while allowing human experts to focus on predictive and business-aligned security work. Why Context Matters Both leaders pointed to the importance of AI adapting to an organization's environment. Lowry offered an example: his CEO often visits multiple states in a day, which would normally set off 'impossible travel' alerts. 'It knows that's our CEO. It knows that this is common for him, and so it allows us not to hear that noise in the background,' he said. But if the travel was from a location far outside normal business operations, such as Thailand, it would still trigger a review. Murphy described the same principle in broader terms. For him, AI teammates should operate within the context of each organization's unique architecture, tools, and policies. Trust, Transparency, and Human Oversight AI is not flawless. 'AI models do hallucinate from time to time. It's just what they do,' Lowry acknowledged. Early deployments provided recommendations rather than taking direct action, allowing his team to validate and tune the system over time. Spot checks remain in place, especially for high-value assets. Murphy emphasized transparency as a safeguard: 'Show your work… here's the plan, here are the steps that I took, here's the data… here's the conclusion I came to.' That visibility not only makes it easier to audit decisions but also helps train the AI to improve over time without losing organizational context. The Skills Question Some worry that handing tier-one tasks to AI could leave future analysts without the foundational skills needed for higher-level work. And by 'some,' I mean me. It has occurred to me lately that we are saying that people should validate results from AI and not accept it as gospel, but that assumes you have the institutional knowledge to know what the answer should be and the skills and experience to second-guess the AI. Murphy likens AI teammates to an executive's support staff: 'I can't do my job without the right teammates around me. And then my question becomes, well, what work should they not be doing? Like, when do we get time to think as humans?' Lowry sees the concern but believes organizations will draw boundaries: 'At some point we'll draw a line in the sand and say, 'How much are we going to allow AI to take over?'' For him, AI should handle routine, repeatable work so people can focus on developing deeper skills. Matching the Adversary's Speed Adversaries are already using AI to increase their speed and scale. 'When the adversaries are using it, you have two options, use it in defense or get beat,' Murphy said. Practical Advice for CISOs Lowry recommends a gradual approach when adopting AI in the SOC. Rather than deploying it across the most sensitive systems immediately, organizations should start with lower-risk use cases to observe how the AI behaves and refine its performance. He also stresses the importance of training AI models on an organization's own data and keeping them within secure, internal environments to reduce risk. Murphy's advice centers on ensuring that automation serves the operational goals of the security team rather than fitting a vendor's platform strategy. He emphasizes flexibility—keeping data where it already resides, applying automation where it delivers clear value, and avoiding unnecessary costs or dependencies. Augmentation, Not Replacement Both leaders agree that the role of AI in the SOC is to enhance human capabilities, not replace them. AI teammates can help organizations operate at the speed and scale of modern cyber threats, while freeing human analysts from repetitive tasks that cause fatigue and slow response times. The aim is to strengthen security operations by combining the efficiency of automation with the judgment and adaptability of experienced professionals.
CNBC
10-08-2025
- Business
- CNBC
AI agents are being drafted into the cyber defense forces of corporations
The rise of generative AI and large language models has drastically shifted the cybersecurity landscape, empowering attackers with easy-to-use tools that can create realistic video and voice deepfakes, personalized phishing campaigns, and malware and malicious code. That has opened the door for AI on the defense as well. As agentic AI becomes more deeply embedded in the enterprise in areas like finance and legal, cybersecurity AI agents are on the rise, too, becoming a key asset for detection, analysis, and alerts. "It's a massive challenge to detect, contain, investigate and respond across larger companies," said Brian Murphy, CEO of cybersecurity technology company ReliaQuest. "AI is allowing us to remove a lot of that noise, that tier one or tier two work, that work that's often not at all relevant to something that could be threatening to an organization," Murphy said. Putting a tool in the hands of human workers that can automate otherwise menial tasks or time-consuming ones, freeing them to do more important work, has often been the pitch for agentic AI. In a message shared with Amazon employees in June, CEO Andy Jassy said "We have strong conviction that AI agents will change how we all work and live," adding that he sees a future with "billions of these agents, across every company and in every imaginable field," helping workers "focus less on rote work and more on thinking strategically" while also making "our jobs even more exciting and fun than they are today." Murphy shares a similar view across cybersecurity, where he sees an industry of workers who are inundated with work they likely shouldn't be spending time on, causing more burnout and exacerbating the existing issue of a lack of available talent. He's also seen the way AI is being wielded to attack companies. "Those phishing emails, they used to look almost laughable with the misspellings and the fonts wrong," he said. "AI can take the average bad actor and make them better, and so the trick is if you're on the defensive side, they have to use AI because of the reality of what AI can do." ReliaQuest recently released what it calls GreyMatter Agentic Teammates, autonomous, role-based AI agents that can be used to take on tasks that detection engineers or threat intelligence researchers would otherwise accomplish on a security operations team. "Think of it as this persona that teams up with a human, and the human is prompting that agentic AI, so the human knows what to do," Murphy said, adding that it's like having a "teammate that takes that incident response analyst and multiplies their capability." Murphy gave an example that is a frequent occurrence for any security team at a global company: international executive travel. Every time a laptop or cell phone is connected to a network in, say, China, the security operations team would be alerted, and the security team would have to verify that the executive is abroad and is securely using their device each day of that trip. With an agentic AI teammate, that security person could automate that task, or even set up a series of similar processes for board meetings, off-sites, or other large team gatherings. "There's hundreds of things like that," he said. Justin Dellaportas, chief information and security officer at communications technology company Syniverse, said that while AI agents have been able to automate some of those basic cybersecurity tasks like combing through logs, it's also starting to be able to automate actions, like quarantining flagged emails and removing them from inboxes, or restricting access by a comprised account across a variety of logins. "[AI] is being used by criminals to efficiently find vulnerabilities and exploits into organizations at scale, and all of that is resulting in them having a higher success rate, getting initial access sooner and moving laterally into an organization quicker than we've seen," he said. "Cyber defenders really need to lean into this technology now more than ever to stay ahead of this evolving threat landscape and the pace of cyber criminals." Dellaportas said that while every company has a unique risk profile and tolerance when it comes to deploying different types of cybersecurity tools, he views the adoption of agentic AI in cybersecurity as stages of a "crawl, walk, run methodology." "You roll this out, and it's going to reason and then take action, but then it's got to iterate through the actions that it's previously taken," he said. "I come back to a kind of trust but verify, and then as we get confidence in its effectiveness, we'll move on to different problems." While Dellaportas said AI agents can take over some tasks from human cybersecurity professionals in the future, he still sees the technology as an augmentation to make workers more effective, not as a replacement. Murphy agrees, and said he does not see agentic AI taking the place of actual cybersecurity workers, but helping with tasks where automation is the better option while also addressing the skills gap that many organizations struggle with when filling cybersecurity roles. "There may be a shortage of trained and skilled cybersecurity professionals, but there's no shortage of people who would like to be trained and skilled at cybersecurity," he said. "The reason that knowledge transfer takes so long in cyber is that when you get your entry-level job, it's equivalent to working on a help desk." Murphy said he understands that there is still plenty of education needed when it comes to deploying agentic AI in any part of a business, as well as concerns about how decisions are made by AI. Dellaportas said what has helped is the fact that agentic AI is being used by all types of business lines, so discussions of how these AI tools can help accomplish objectives are not new ones. AI agents are catching on inside companies. A May 2025 poll of 147 CIOs and IT function leaders by Gartner found that 24% had already deployed a few AI agents, with more than 50% of those AI agents working across functions like IT, HR and accounting, compared to just 23% of external customer facing functions. Avivah Litan, a distinguished vice president analyst on Gartner's AI strategy team, said that in the cybersecurity space, companies experimenting with agentic AI are finding it "moderately beneficial," but there remain some questions as to the ability of these tools to scale beyond simpler tasks. "Security has always been the low-hanging fruit use case for AI," Litan said. "You first saw AI show up with fraud detection, so it's 100% that we're going to have digital security assistance in the future doing work and freeing up staff to take on the new attacks; the key will be making sure they stay up with all this innovation so they can see the whole attack surface." Murphy believes that corporate adoption and evolution of agentic AI in cybersecurity may occur even more quickly than in finance or legal. "They absolutely understand AI is being used against them, and the only way to defend that is to use it in their own defense," he said.
Techday NZ
30-07-2025
- Business
- Techday NZ
ReliaQuest unveils AI teammates to boost predictive security
ReliaQuest has announced the launch of GreyMatter Agentic Teammates, a set of autonomous, role-based artificial intelligence agents designed to scale security operations teams and enhance predictive security measures. GreyMatter Agentic Teammates build on the capabilities of ReliaQuest's existing GreyMatter platform, which enables customers to detect and contain cyber threats within minutes. These new AI agents are designed to assume specific roles found within security operations teams, such as Threat Intelligence Researchers, Detection Engineers and Threat Hunters. According to ReliaQuest, this approach significantly reduces routine manual tasks and enables teams to focus on higher-value activities that protect business interests and anticipate new threats. AI-powered roles ReliaQuest stated that GreyMatter Agentic Teammates were developed based on more than 15 years of experience working alongside enterprise security teams and integrating with a wide array of security technologies. These AI agents operate on the GreyMatter platform, which, using its native Agentic AI, can already perform threat investigations 75% faster than traditional methods and achieve a 99.4% accuracy rating on malicious activity. The introduction of role-specific Agentic Teammates is intended to allow security teams to deploy highly specialised virtual assistance instantly, with no additional ramp-up time or steep learning curve. The agents run continuously, without the fatigue or availability constraints that affect human staff, and are designed to integrate with customers' existing security tools and workflows. "Security is a team sport," said ReliaQuest Founder and CEO Brian Murphy. "GreyMatter Agentic Teammates make security experts exponential, eliminating the noise and the monotonous routine work that is below their skill level and freeing them up to get more predictive – training for the future, researching to stay ahead of threats and advising the business." Agentic Teammates are designed to collaborate both with each other and with human professionals. For instance, if a security lead wants up-to-date information on threats relevant to their sector, they can instruct the Threat Intel Teammate to conduct wide-reaching research across open, deep and dark web sources and threat feeds. Should a new threat be discovered, this information can be immediately propagated to other Agentic Teammates. The Threat Hunter Teammate can then rapidly determine if the threat has ever affected the organisation, and the Detection Teammate can implement new defensive measures and automated responses to mitigate risk. All findings are delivered promptly to the security team to inform business guidance. User perspectives Justin Dellaportas, Chief Information Security Officer at Syniverse, commented on how the shift to AI-powered teammates impacts his organisation's security objectives. "This is a game-changer for the cybersecurity industry," said Justin Dellaportas, CISO at Syniverse. "We can now free up our talented cyber professionals from repetitive tasks, like log analysis, so they can focus on work that propels Syniverse forward. Agentic AI and the new GreyMatter Agentic Teammates will level up our teams to allow them to think ahead, not just react." Towards predictive security ReliaQuest believes these developments enable security operations to move from reactive to predictive modes. With the aid of these autonomous AI-based roles, security teams are expected to have improved capabilities for modelling risks, understanding organisational vulnerabilities, and planning long-term defence strategies. GreyMatter Agentic Teammates work autonomously and are continually available, supporting organisations in managing increasing security demands without significantly expanding human resource requirements. The GreyMatter platform, according to ReliaQuest, connects telemetry from cloud, multi-cloud and on-premises environments, helping organisations detect, contain, investigate, and respond to threats quickly and efficiently. The company says this technology eliminates the need for routine Tier 1 and Tier 2 security operations tasks and customises outcomes to suit diverse industry needs and technical infrastructures.
Business Wire
29-07-2025
- Business
- Business Wire
ReliaQuest Announces Industry's First Role-Based Agentic AI Teammates to Exponentially Scale Security Operations
TAMPA, Fla.--(BUSINESS WIRE)--ReliaQuest, the leader in agentic AI security operations, today announced the launch of GreyMatter Agentic Teammates, the industry's first autonomous, role-based AI Agents that exponentially scale security operations teams–giving them back hours of valuable time to focus on what matters most to their business and stay ahead of threats. Developed leveraging ReliaQuest's 15+ years of expertise, working with enterprise security teams across hundreds of diverse technologies, GreyMatter Agentic Teammates represent specific roles of a Security Operations team, such as Threat Intelligence Researchers, Detection Engineers and Threat Hunters. Combined with GreyMatter's native Agentic AI that already performs investigations 75% faster than traditional methods with 99.4% accuracy rating on malicious activity, these Agentic Teammates work together to exponentially extend the capabilities of security operations teams. This allows security teams to move toward predictive security. No longer simply reacting to threats, security teams will have the ability to anticipate what's coming, understand where their organizations are most vulnerable, conduct risk-modeling, and build long-term resilience. 'Security is a team sport,' said ReliaQuest Founder and CEO Brian Murphy. 'GreyMatter Agentic Teammates make security experts exponential, eliminating the noise and the monotonous routine work that is below their skill level and freeing them up to get more predictive – training for the future, researching to stay ahead of threats and advising the business.' ReliaQuest's role-specific Agentic Teammates allow security operations teams to scale overnight, with no learning curve. They work 24 hours a day, 7 days a week. They never burn out and never miss a shift. They operate autonomously across the GreyMatter platform, working with customers' existing tools, teams and workflows. GreyMatter Agentic Teammates continuously collaborate with each other and their human teammates. For example, when a security leader wants to understand the latest threats impacting their organization and industry, they can ask the Threat Intel Teammate to perform research across the open, deep, and dark web and all available threat feeds. If the Threat Intel Teammate uncovers an emerging threat, it shares this information simultaneously with its Agentic Teammates. The Threat Hunter Teammate then discovers within seconds whether that threat has ever impacted their environment, while the Detection Teammate creates and deploys new rules and automated response plays to protect the organization against incoming attacks. Within minutes, the Agentic Teammates report back to human teammates with all the information needed to advise the business. 'This is a game-changer for the cybersecurity industry,' said Justin Dellaportas, CISO at Syniverse. "We can now free up our talented cyber professionals from repetitive tasks, like log analysis, so they can focus on work that propels Syniverse forward. Agentic AI and the new GreyMatter Agentic Teammates will level up our teams to allow them to think ahead, not just react." About ReliaQuest ReliaQuest exists to Make Security Possible. Our Agentic AI security operations platform, GreyMatter, allows security teams to detect threats at the source, contain, investigate and respond in less than 5 minutes – eliminating Tier 1 and Tier 2 security operations work. GreyMatter uses our Universal Translator, detection-at-source, and Agentic AI to seamlessly connect telemetry from across cloud, multi-cloud and on-premises technologies. ReliaQuest is the only cybersecurity technology company that delivers outcomes specific to each organization's unique architecture, technology and business needs. With over 1,000 customers and 1,200 teammates across six global operating centers, ReliaQuest Makes Security Possible for the most trusted enterprise brands in the world. Learn more at
Techday NZ
24-07-2025
- Business
- Techday NZ
Digital attack surfaces expand as key exposures & risks double
ReliaQuest's latest Digital Risk Protection trends report reveals a significant rise in external cyber risks faced by organisations, as their digital footprints and corresponding attack surfaces continue to expand in the first half of 2025. Rising exposures The report analyses customer alerts across 38 types of external exposures comparing data from the second half of 2024 to the first half of 2025. It found a 27% increase in exposed ports, a 35% rise in exposed operational technology (OT) ports, and a doubling of exposed access keys. Alerts for exposed marked documents, including sensitive information such as customer data and network diagrams, jumped by over 10%. Typo-squatting, the creation of counterfeit domains mimicking legitimate organisations, has remained a persistent risk, with threat actors such as "Scattered Spider" targeting technology vendors to steal credentials. According to the report, typo-squatted domains are particularly effective, often facilitating phishing campaigns across multiple client organisations. CISOs must look beyond traditional security measures and address the external footprint - exposed credentials, open ports, and vulnerabilities. Proactively managing these exposures isn't just important; it's the frontline defense against external threats and a critical step in reducing the attack surface. Consistent risk landscape Throughout both late 2024 and the first half of 2025, the top five digital risks remained largely consistent. Exposed marked documents led with a steep increase to 37.8% of alerts, followed by impersonating domains (19.0%), impersonating subdomains (15.6%), exposed ports (7.1%), and credential exposure (4.6%). The report attributes some of the increase in exposed documents to accidental leaks on organisational websites. Such exposures are often sold on cybercriminal forums, with claims of company breaches potentially leading to regulatory action, lawsuits, and damage to brand reputation. Expanding attack vectors Enterprise organisations added an average of 28 new exposed ports per organisation in just six months, rising from 103 in the last half of 2024 to 131 in the first half of 2025. Increased exposures of FTP and SSH ports have provided a broader attack surface for threat actors. ReliaQuest reports that some attacks have occurred by exploiting Remote Desktop Protocol (RDP) logins, giving access to administrative accounts. While prompt detection and containment prevented escalation in one incident, the report underscores the importance of proactive management of exposed services. Among OT systems, the average number of exposed ports per organisation rose by 35%, with Modbus (port 502) identified as the most commonly exposed, posing risks of unauthorised commands and potential shutdowns of key devices. The exposure of Unitronics port 20256 surged by 160%. The report cites cases where attackers, such as the group "CyberAv3ngers," targeted industrial control systems during conflicts, exploiting weak or default passwords. Persistent vulnerabilities The number of vulnerabilities identified on public-facing assets more than doubled, rising from three per organisation in late 2024 to seven in early 2025. Critical vulnerabilities dating as far back as 2006 and 2008 still persist on unpatched systems, with proof-of-concept code readily available online, making exploitation accessible even to attackers with limited expertise. The report also references the continued threat posed by ransomware groups who exploit such weaknesses in internet-facing devices. Key exposures double Incidents involving exposed access keys, including cloud and API keys, doubled from late 2024 to early 2025. Exposed credentials can enable threat actors to enter environments as legitimate users, bypassing perimeter defenses. The report highlights that most exposures result from accidental code pushes to public repositories or leaks on criminal forums. The drop in credential access alerts is said to be linked to law enforcement actions against a major infostealer malware family, "Lumma," coupled with the temporary shutdown of the "BreachForums" marketplace. However, new malware strains have since begun to re-emerge, forcing security teams to continually adapt their defences. Future trends The report anticipates that attack surfaces will keep expanding due to increased adoption of Internet of Things (IoT) devices, projected to grow from 17.7 billion in 2024 to 31.2 billion by 2030. Security weaknesses in these devices remain a target for exploitation. The accelerating adoption of artificial intelligence likewise creates fresh risks, including prompt injection attacks and exposure of sensitive credentials during development processes. As on-premises systems become more difficult to breach with traditional methods, attackers are shifting toward the use of stolen credentials and the exploitation of internet-facing vulnerabilities, an evolution reflected in the tactics of ransomware and social engineering groups. The report concludes by highlighting the importance for organisations to proactively identify and address external risks such as exposed credentials, open ports, and vulnerabilities as part of a broader digital risk protection strategy.
