SOC teams have a staffing problem that predates the current generation of AI tools, but the arrival of AI-generated attacks has made the arithmetic worse. Alert volumes are climbing. Investigation times haven't shortened. The talent pipeline remains thin.
Datadog's answer, now generally available, is Bits AI Security Analyst: an autonomous agent built into its Cloud SIEM platform that conducts security investigations at machine speed. The company says the agent can compress a multi-hour investigation into roughly 30 seconds, cutting mean time to resolution by more than 90%.
Autonomous investigations, not copilot suggestions
The agent works across the full investigation lifecycle. It acknowledges alerts, gathers evidence from cloud environments, identity systems and endpoint detection tools, correlates signals, and delivers a verdict with an explanation attached. Datadog's pitch is that this isn't a copilot offering suggestions in a sidebar; it's an autonomous system that completes the investigation independently and surfaces a finished result.
Traditional SIEMs are leaving enterprises increasingly exposed because queues keep growing and investigations take longer to correlate and enrich context. Datadog Cloud SIEM with Bits AI Security Analyst solves this problem by autonomously investigating alerts, and leveraging security and observability signals to deliver accurate, fully explained verdicts.
The timing coincides with RSAC 2026 in San Francisco, where Datadog is demonstrating the agent at Booth S-1643. Yanbing Li, the company's Chief Product Officer, framed the launch in competitive terms: one in four Fortune 500 companies already rely on Datadog Security, and the company sees autonomous investigation as the necessary response to AI-powered attacks that move faster than human analysts can follow.
Coverage determines real-world results
A 90% reduction in MTTR is a bold number. It will hold up in environments where telemetry is already flowing through Datadog's platform and integrations are in place. For organisations running fragmented toolchains or partial Datadog deployments, the real-world improvement will depend on how much of the attack surface the agent can actually see. Datadog says it offers more than a thousand integrations, but coverage and depth are different things.
Bits AI Security Analyst is available now as part of Datadog Cloud SIEM.
