A new hybrid defense model is emerging in
Managed Detection and Response (MDR), where agentic
AI enhances—not replaces—human analysts, enabling faster threat response and more proactive security decisions.
Redefining MDR: Humans and AI as strategic collaborators
As cyber threats grow more complex and persistent, security teams are under pressure to do more with less—faster. In this environment, a new hybrid defense model is taking shape. Rather than viewing AI as a replacement for human analysts,
leading MDR providers are
deploying agentic AI—systems that pursue defined goals with autonomy—as trusted collaborators. The future isn’t human vs. machine, but
human with machine.
According to Dustin Hillard, CTO at eSentire, agentic AI is already transforming how threat detection and response works in practice. “We’ve shifted from reactive containment to proactive recommendations,” he explained. “AI agents now understand a customer’s threat surface and business priorities, and help determine what they should patch or change to reduce risk.”
In this model, AI is tasked with analyzing telemetry, correlating threats, and surfacing tailored recommendations—enabling analysts to focus on validating results and driving action.
Building the human-AI partnership: What it takes
The effectiveness of this model depends on how well the AI is guided and governed by human expertise. “AI doesn’t just spring into existence with all the answers,” Hillard said. “It’s the goals we set, the context we provide, and the way we embed analyst expertise that shapes how it behaves.”
To work well together, AI agents and humans need shared goals, transparency, and trust. Hillard noted that AI can now complete the first 90% of investigative workflows consistently and with high quality—allowing analysts to focus on the final 10%, where creativity, judgment, and communication make the difference. This division of labor dramatically accelerates response times while maintaining analyst oversight.
Just as important is the depth of telemetry feeding the AI. “Multi-signal analysis is key,” Hillard emphasized. “You can’t just rely on one data source. You need a full view of the attack surface across the entire environment to make sound recommendations.” That correlated visibility is what makes the AI’s insights credible—and actionable.
Operationalizing the model: From concept to practice
For organizations ready to adopt this hybrid model, Hillard outlined three foundational pillars: rich telemetry, codified expertise, and proactive use cases:
First, ensure that AI agents have access to multi-signal, cross-environment data to generate meaningful insights. Second, embed analyst expertise directly into workflows and orchestration logic—what Hillard calls “taking what our best experts do and making it repeatable.” Finally, move beyond using AI just for incident response. “We’re applying the same framework our cyber risk advisors use internally to proactively assess risk and make strategic recommendations,” he said. The goal is to scale analyst expertise, not replace it. By combining human context and strategic thinking with the speed and consistency of AI, the hybrid defense model positions MDR teams to respond faster, think further ahead, and deliver higher-impact outcomes for their organizations.
As Hillard put it, “It’s not just about automation—it’s about augmentation with purpose.”
