Ontinue AG, a Swiss artificial intelligence-powered managed extended detection and response company, today announced the general availability of autonomous incident investigations in its ION MXDR platform, powered by agentic AI.

The new capability, first deployed in December 2024 and now live across Ontinue’s customer base, enables Tier 2-level investigations to be fully automated. A Tier 2-level investigation involves analyzing escalated security incidents that require deeper contextual understanding, correlation across multiple data sources and expert judgment to determine scope, impact and the appropriate response.

With the new offering, Ontinue claims, it’s the first Microsoft-focused MXDR provider to introduce agentic AI for autonomous investigations. The company says that dramatically accelerates detection and response while reducing the burden on in-house security operations teams.

Ontinue’s Agentic AI works by taking over escalated alerts and initiating a process that traditionally required a Tier 2 or Tier 3 analyst. The AI aggregates telemetry, formulates and tests hypotheses and conducts a contextual investigation. The output is a structured summary, including reasoning steps and recommended actions, which is passed to Ontinue’s human cyber defenders for validation and resolution.

According to the company, the result reduces the mean time to investigate incidents by up to 50% and resolves 99.5% of incidents without customer intervention.

“Agentic AI doesn’t just evolve how we do security — it redefines it,” said Chief Executive Geoff Haydon. “Unlike traditional automation tools that follow prescriptive rule-based scripts, the generative nature of Agentic AI allows it to learn, reason, test and adapt within the context of any given situation. It doesn’t just assist humans, it amplifies them.”

The level of autonomy provided by the new offering is focused on solving the longstanding scale limitations faced by managed detection and response providers. Ontinue’s strategy hinges on combining human expertise with intelligent automation as threat sophistication grows and cybersecurity talent remains scarce.

The Agentic AI offering provides near human-level reasoning at machine speed, allowing it to tackle complex, novel attacks that deterministic systems typically miss.

Ontinue’s ION MXDR platform already included automation for Tier 1 triage, but the addition of agentic AI pushes automation deeper into the incident lifecycle. The capability is powered by ION IQ, the core intelligence layer within Ontinue’s platform, which integrates contextual signals from logs, identities, endpoints and cloud systems to build and test investigative hypotheses in real time.

“We’ve always believed that AI is key to overcoming the scale and speed limitations that legacy MDRs can’t address,” said Chief Technology Officer Theus Hossmann. “Security automation has traditionally been limited to predictable ‘if x, then y’ patterns. But novel, multidimensional threats demand reasoning and creativity — things that were once exclusive to humans. Agentic AI flips that paradigm.”

Image: Ontinue