AI Agents Now Triage Security Cases, Connect Tools via MCP

AI agents are working production security operations shifts

Security operations centers are deploying AI agents that don't just summarize alerts—they triage cases, update tickets across multiple systems, draft investigation reports, and learn from analyst corrections. The shift from experimental chatbots to autonomous coworkers happened faster than most security leaders anticipated, driven by two technical developments: agentic frameworks that maintain context across sessions and the Model Context Protocol (MCP), which gives AI standardized access to enterprise tools.

According to a detailed account published on Automation Watch, a security executive at Stellar Cyber ran an AI agent connected to real work systems—email, calendar, project management, documentation tools, and the company's security platform—for a week. The agent handled intake requests by monitoring forms, creating tracking tickets, and sending confirmations without human intervention. It triaged detection quality feedback by pulling alert data, cross-referencing documentation, and producing structured summaries of reported issues. It connected information scattered across email threads, ticketing systems, and knowledge bases to answer status questions that normally require checking five different tools.

How MCP changed the integration equation

MCP, originally created by Anthropic and now maintained by the Linux Foundation, provides a universal protocol for AI agents to connect to systems without custom integrations for each tool. Stellar Cyber shipped MCP support that lets agents access case management through a single API call—listing cases, pulling investigation details with MITRE mappings, updating status, and assigning analysts. What previously required eight clicks and three browser tabs now happens programmatically.

The company's Alert Auto-Triage system runs automated checks against every critical case: IP reputation, behavioral anomalies, entity relationships, and device vulnerability data. It delivers verdicts—True Positive, Benign, False Positive, or Inconclusive—and incorporates analyst overrides as training signals. When a human corrects the system's judgment, that correction influences how similar patterns are evaluated in the future.

The adversary has the same tools

The same agentic capabilities that accelerate defensive operations also benefit attackers. An AI agent with access to a security team's ticketing system can read escalation tickets, analyze knowledge bases, and systematically identify detection gaps. CrowdStrike has already published research on securing agentic AI deployments against prompt injection and privilege escalation attacks, according to the Automation Watch report.

The speed advantage that SOC teams historically held over scripted attacks is eroding. Adversaries using agentic tools can now probe defenses, adapt tactics based on observed responses, and operate at machine speed across multiple targets simultaneously.

Six automation opportunities in production

Beyond alert triage, the executive identified five additional workflow categories where AI agents demonstrated immediate value:

Intake and onboarding automation: Agents monitor submission forms, create structured tickets, write references back to source systems, and send notifications—eliminating manual data entry across multiple platforms.

Detection quality feedback loops: Agents read feedback tickets, pull actual alert data, cross-reference documentation, and produce clear summaries of reported issues with proposed fixes, sometimes validating problems against live data.

Cross-tool correlation: Agents synthesize information from email, ticketing systems, wikis, and security platforms to answer questions that normally require checking multiple disconnected sources.

Proactive monitoring without noise: Scheduled agent checks categorize items by urgency, identify action items, filter routine activity, and only escalate when human attention is genuinely needed.

Knowledge capture: Every ticket triage and analyst interaction becomes a structured entry in a persistent knowledge base, capturing institutional knowledge that typically exists only in individual analysts' experience.

Why it matters

The transition from detection-focused security to decision-focused security is accelerating. Organizations that treat AI automation as production infrastructure—with accuracy metrics, cost controls, and governance frameworks—will gain leverage over teams still manually processing alert queues. The same analyst who manually triaged 20 cases daily can now review 200 agent-triaged cases, focusing expertise on edge cases and novel attacks that require human judgment. Vendors that expose capabilities through open protocols like MCP will have an advantage over platforms with closed APIs and limited integration options.

These details were first reported by Automation Watch, based on the executive's direct experience running agentic AI in security operations.