Sophos MDR grows 39% year-over-year to 40,000 customers, revealing twelve months of production data from its agentic SOC.
Sophos has revealed live production data from a full year of operating its “agentic” Security Operations Center (SOC) model. Integrated into Sophos Managed Detection and Response (MDR), the framework now defends 40,000 customers globally, marking a 39% year-over-year growth.
The production data from the past twelve months establishes a new performance benchmark for AI-driven security operations at scale:
- 89-Second Response: The Sophos Central Defense System averaged less than a minute and a half from case creation to fully automated resolution for incidents it is authorized to handle.
- 52% Autonomous Closure: More than half (52%) of all MDR cases were intercepted and closed end-to-end by AI agents without human intervention.
- Compounded Intelligence: The model ingests tens of millions of daily detections via Sophos Central, utilizing a unified context lake that spans endpoint, firewall, identity, and third-party integrations.
“The Sophos agentic SOC is the new operating model for managed security, and we are defining what it looks like in production,” said Raja Patel, President, Sophos. “When you run the world’s largest SOC, every threat encountered makes every customer’s defense stronger. No other vendor operates with our breadth, from small businesses to global enterprises with tens of thousands of employees, and no other vendor compounds intelligence across that scale. A customer using the Sophos Central Defense System benefits from the learnings of every other customer in it.”
Sophos Agentic SOC: Balancing AI Speed with Human Judgment
While AI handles the high-volume Tier 1 and Tier 2 triage, Sophos utilizes a dual Human-on-the-Loop (HOTL) and Human-in-the-Loop (HITL) architecture to manage the remaining 48% of cases.
“The 52% gets the attention, but the 48% is just as important,” said Rob Harrison, SVP of Product Management at Sophos. “When AI takes the volume off the human queue, our analysts get the bandwidth to do the work that requires their judgment: the novel attack patterns, the high-stakes decisions, the cases where context and business implications matter. AI speed and human judgment are the two halves of the same operating system, and intelligence compounds across both with every threat we stop.”
Regional and Market Momentum
The announcement aligns with Sophos’ top rankings in the industry, recently securing the #1 spot across Endpoint Protection, EDR, XDR, MDR, and Firewall categories in the G2 Summer 2026 Reports, alongside being named a 2026 Gartner Peer Insights Customers’ Choice for MDR.
Looking forward through late 2026, Sophos plans to extend this agentic operating model further across its portfolio, integrating Next-Gen SIEM capabilities and expanding Secure AI features for enterprise environments.
