UPDATED 09:00 EDT / JULY 15 2026

SECURITY

Sophos launches Fusion, an AI-native ‘defense system’ to unify security tools

Cybersecurity firm Sophos Ltd. today launched Sophos Fusion, a single platform that ties together its security operations, endpoint, network, identity, email and cloud protection.

Sophos calls it the industry’s first and most complete artificial intelligence-native cybersecurity defense system. It’s a rebuild of Sophos Central, the platform 625,000 organizations use. Sophos moved it onto one open architecture and wired in Taegis, the analytics engine it picked up when it bought Secureworks Corp. last year.

The problem it’s chasing is a common one. Most enterprises run more than 45 separate security products, which leaves teams switching between dashboards and doing by hand what attackers now automate.

The company is pitching “cybersecurity defense system” as a category, not a feature. Four things define it, by its telling. Every signal flows into one shared data layer in real time. A detection on one control point triggers coordinated action across the others at the same moment, what Sophos calls Synchronized Security. Agentic AI investigates and responds within limits analysts set and adjust. And intelligence compounds, so each threat seen across the customer base feeds back into every other customer’s defense.

The company is using its own operation as proof. Sophos said it runs the largest agentic security operations center of its kind, serving more than 40,000 customers, where AI resolves 52% of cases without human involvement and the average time from alert to a fully automated response is 89 seconds.

“As AI increases the speed, scale and complexity of attacks, organizations need a modern, connected, intelligent and adaptive defense,” said Chief Executive Joe Levy. “Sophos Fusion is built as a defense system optimized for human-AI workflows. We bring the most complete solution to a new category, a timely advancement demanded by the AI era.”

Fusion spans endpoint protection, endpoint and extended detection and response, next-generation security information and event management, identity threat detection and response, managed detection and response, network, email, cloud and advisory services. Sophos builds the core control points itself but keeps the system open, with more than 500 third-party integrations feeding the same data layer so existing firewalls, endpoints or identity tools operate as part of the whole.

The additions roll out between August and October. Three arrive Aug. 15. One is a next-generation SIEM, priced by users and servers rather than by data volume. Another is an expanded managed detection and response service. The last is a rebuilt XDR that runs on the Taegis analytics.

Coming later is Sophos AI Defense, a tool meant to show organizations which AI apps are in use including shadow AI and to police what data those apps can reach. It enters early access in August and goes generally available in October. October also brings Sophos CISO Advantage, which sells chief information security officer-level guidance to companies through the firm’s managed service provider channel.

The launch lands in a segment analysts expect to expand quickly. The Futurum Group LLC projects security operations spending will double from $18 billion to $37 billion by 2029, faster than any other cybersecurity category. “This is where the next generation of cyber defense will be won,” said Fernando Montenegro, vice president and practice lead for cybersecurity and resilience at the firm.

Gartner Inc. distinguished analyst Neil MacDonald argued that stacking on more tools will not deliver what defenders need against AI-orchestrated attacks like the one Anthropic PBC recently disclosed. “Organizations need an intelligent overlay that connects the different elements of their cybersecurity toolset to proactively and reactively respond to risks and threats at machine speeds,” he said.

Sophos put out fresh research the same day on where those attacks now begin. Compromised identities are now behind 79% of ransomware attacks, according to the company’s seventh annual State of Ransomware report. Attackers are getting in with valid credentials they stole or bought, not by breaking through an unpatched system. That marks a turn: exploited vulnerabilities had led the field for years and this year malicious email overtook them at 26%, with phishing at 24%.

Identity ran through the rest of the findings, which draw on a Vanson Bourne Ltd. survey of 2,158 security and information technology leaders across 17 countries. Two-thirds of victims reported that the ransomware hit doubled as the worst identity attack they faced all year. Multifactor authentication proved softer than its reputation suggests. It was switched on, at least in part, for 97% of the breaches rooted in stolen credentials, which points to gaps in how it was applied rather than an absence of controls.

Two trends cut against the progress. Encryption is rising again after a two-year slide, with attackers locking up data in 56% of attacks. And the smallest organizations remain the softest targets, with companies of 100 to 250 employees turning back just 34% of attacks before encryption or extortion took hold, well short of what larger firms managed.

The recovery picture is brighter, if unevenly so. Most victims are operational again within a week, a sign that spending on backups is paying off. Cleanup costs are the outlier. Sophos put the average at $1.7 million per incident and it is still rising. Ransom demands have dropped 65% over two years and the share of victims paying to recover their data has fallen to 48%, the second-lowest on record.

Image: Sophos

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.