Swimlane, a leader in agentic AI automation for security functions, has launched new capabilities for its Turbine platform, introducing industry-first incident response AI agents through Hero AI. These private agentic AI services aim to transform security operations by providing AI-driven case management, with in-production workloads demonstrating the work equivalent of over 60,000 security personnel daily.

The release is designed to assist Swimlane customers in implementing an AI-powered Security Operations Center (SOC) by centralizing intelligent agents that deliver real-time triage and explainable decisions. This approach addresses the challenge of security analysts having to navigate multiple tools, tabs, and data sources, allowing them to monitor agents and take action from a unified interface.

Michael Lyborg, CISO at Swimlane, stated, “There’s no shortage of AI hype in the market, but at Swimlane, we believe outcomes matter more than promises. We don’t just talk about AI-powered security. We use it every day in our own SOC. Since deploying our Hero AI agents in Turbine, we’ve averaged 8 hours of time savings per day in the first month of use and have cut our mean time to respond in half. That’s the kind of real-world impact intelligent automation can deliver.”

The updated Swimlane Turbine platform aims to accelerate security triage and incident response through agentic AI, functioning as an expert system with context-aware reasoning throughout the incident lifecycle. Security teams are equipped with AI agents that act as domain experts, operate autonomously, respond in real time, and provide fully explainable outcomes.

Breakthrough capabilities introduced include:

The Verdict Agent, a Hero AI agent that uses current, linked, and historical case context, including Knowledge Base articles, case history, threat intelligence, and analyst notes, to autonomously generate a verdict mirroring analyst judgment.

The Threat Intelligence Agent, designed to aggregate and analyze data from various threat intelligence sources, such as VirusTotal, Cisco Umbrella, and RecordedFuture, to offer unified cross-source analysis.

The MITRE ATT&CK & D3FEND Agent, trained to automatically map vendor-reported security alerts to standardized attack techniques aligned with the MITRE ATT&CK and D3FEND frameworks, providing a common language for attack tactics and countermeasure techniques.

The Investigation Agent, a dedicated agent that builds and executes an investigation plan, delivering end-to-end analysis from a single interface, which aims to eliminate context switching and accelerate triage with AI-generated summaries, timelines, and recommended actions.

Additionally, NIST Aligned Action Recommendations provide AI-powered one-click actions categorized by containment, eradication, recovery, and hardening for clarity and control.

Srikant Vissamsetti, Chief Operating Officer at Swimlane, commented, “This is just the beginning of what Swimlane will deliver with agentic AI. With over a decade of engineering investment in scalable automation, we’ve built the foundation to harness AI in a way no one else can. Having spent years developing intelligent agents, I’ve never been more excited about the possibilities ahead. Hero AI is not just a feature, it’s a step to influencing how AI SOCs will be managed, scaled, and continuously improved.”

These new Swimlane Turbine capabilities are currently available. A webinar titled “The CISO’s Guidebook to Autonomous SOC Enablement,” featuring a live demo, is scheduled for November 20th at 12:00 pm ET.

Swimlane specializes in agentic AI automation for security functions, offering a hyperautomation platform designed to address security, compliance, and IT/OT operations problems. The platform aims to unify security teams, tools, and telemetry to keep pace with evolving threats.