Datadog launches AI security analyst for Cloud SIEM

Datadog has made its Bits AI Security Analyst generally available as part of its Cloud SIEM security platform.

The launch adds an AI agent designed to automate security investigations typically handled by Security Operations Centre analysts. Datadog says it can cut investigations that often take hours to as little as 30 seconds, while reducing mean-time-to-resolution by more than 90%.

Security teams are under growing pressure as alert volumes rise and attacks become faster and more complex. Datadog argues this makes it harder for human analysts alone to investigate, triage and remediate every threat reliably.

Bits AI Security Analyst is intended to handle those workloads at greater scale, combining the judgement associated with a senior SOC analyst with automated processing across a broad range of security and observability data.

That is significant in a market where security teams are being asked to cover expanding cloud estates, identity systems and endpoint tools, often with limited staff. The new agent works across a customer's attack surface using data from clouds, identity systems, endpoint detection and response tools, and built-in observability telemetry.

Investigation workflow

Datadog says the tool automates the steps that normally follow an alert, including acknowledgement, investigation, evidence gathering, analysis and escalation where needed. This is intended to reduce alert fatigue and shorten both mean-time-to-detection and mean-time-to-resolution.

The product sits within Datadog's Cloud SIEM rather than as a separate system. Customers already using the wider platform can deploy it in an existing environment and use Datadog's integrations, unified interface and role-based access controls.

Datadog presents the release as part of a broader shift in security operations, with AI systems increasingly used not only to identify suspicious activity but also to investigate and explain it. In practice, one of the biggest challenges for security teams is not just detecting alerts, but assembling enough context quickly enough to determine whether an alert represents a real threat.

Tim Knudsen, Vice President of Security Products at Datadog, said this remains a weakness in many SIEM deployments. "Traditional SIEMs are leaving enterprises increasingly exposed because queues keep growing and investigations take longer to correlate and enrich context. On top of this, you have security talent shortages," he said.

He added: "Datadog Cloud SIEM with Bits AI Security Analyst solves this problem by autonomously investigating alerts, and leveraging security and observability signals to deliver accurate, fully explained verdicts that dramatically reduce remediation times."

Security market

The release also highlights Datadog's push to deepen its security business alongside its core monitoring and observability products. Datadog says one in four Fortune 500 companies uses Datadog Security for threat, vulnerability and misconfiguration work.

That installed base gives the company an opportunity to expand further into security operations, a market long dominated by specialist SIEM vendors and larger cybersecurity groups. By embedding the AI analyst in Cloud SIEM, Datadog is aiming to make its broader data platform more central to incident response.

Yanbing Li, Chief Product Officer at Datadog, linked the launch to the rise of more sophisticated AI-enabled threats. "One-in-four Fortune 500 companies rely on Datadog Security to help them detect, prioritize and remediate threats, vulnerabilities and misconfigurations. We are already a trusted partner and we continuously evolve our Cloud SIEM capabilities to directly face today's sophisticated threats, especially as GenAI attacks intensify," she said.

She added: "To combat modern attacks, SOCs need intelligent, autonomous systems that can investigate and report clearly. That's exactly what Bits AI Security Analyst delivers-a trusted AI agent that acts as an always-on senior SOC analyst teammate."

The product is now available to customers using Datadog's Cloud SIEM platform, with the pitch centred on reducing manual investigation work and helping security teams respond more quickly to threats.