Lumu Delivers Autonomous Security Operations at Scale Through Its Agentic SOC Offering

SAN FRANCISCO--(BUSINESS WIRE)--(RSA Conference) -- Lumu, the creators of the Continuous Compromise Assessment® security model, today announced a milestone in the evolution of autonomous defense. Lumu Autopilot, the company’s flagship AI for security operations, has officially transitioned from a promising innovation to the industry’s first proven Agentic Security Operations Center (SOC). Since its introduction in 2024, the platform has executed 7.2 million end-to-end investigation and remediation workflows without human intervention, acting as a primary security operator.

Over the past 12 months, Lumu Autopilot executed 7.2 million AI-driven workflows and reduced manual triage by up to 69.9%.

Share

By operating as an autonomous execution layer, Autopilot manages the entire lifecycle of a confirmed compromise, from initial investigation across network, endpoint, and identity environments to decisive remediation. Over the last 12 months, Autopilot’s proven scalability has defied traditional SOC economics. The data confirms operational elasticity that was previously impossible:

- Massive Throughput: In February alone, the platform processed 1.54 trillion network traffic records, peaking at 67.4 billion records analyzed in a single 24-hour window.
- Autonomous Incident Resolution: Autopilot independently closed 45.3% of all confirmed compromise incidents, resolving nearly half of critical security events without a human ever touching a keyboard.
- Operational Efficiency at Scale: Autopilot eliminated over 17,000 hours of manual triage, reducing analyst workload by up to 69.9% and enabling security teams to operate effectively without increasing headcount.

“Security operations can no longer be a battle of headcount against alert volume,” said Ricardo Villadiego, founder & CEO of Lumu. “In a space flooded with ’AI Copilots’ that summarize alerts, Lumu Autopilot delivers something fundamentally different: an execution engine that makes high-fidelity decisions at machine speed. This allows human teams to focus on strategy and risk reduction, while Autopilot handles investigation and response with consistency, speed, and precision.”

Defining AI Security Operations

AI Security Operations requires more than alert prioritization—it requires autonomous investigation and contextual reasoning. Launched in 2024, Lumu Autopilot was purpose-built to meet that standard. Today, it operates as an AI execution layer, continuously:

• Investigating confirmed compromise activity across network, endpoint, identity, cloud, and email environments
• Determining whether to close, escalate, or remediate incidents
• Orchestrating response workflows with transparency and auditability
• Reducing repetitive manual triage and enabling consistent 24/7 operational continuity

By focusing on confirmed compromise rather than alert volume, Autopilot ensures every decision is grounded in evidence, reducing noise and increasing confidence in security execution.

Lumu Autopilot is available as part of the Lumu SecOps Platform. For more information, visit lumu.io/lumu-autopilot or meet the Lumu team this week at RSAC at booth North 4400.

About Lumu

Lumu is a cybersecurity company that helps organizations operate cybersecurity proficiently by measuring and understanding compromise in real time. Through its Continuous Compromise Assessment® model, Lumu empowers security teams to act immediately on confirmed compromises and minimize risk exposure. For more information, visit www.lumu.io.