Salesforce's VP of Detection, Analysis and Response describes how the team built SATA (Security Alerts Triage Agent), an autonomous AI system designed to handle first-line triage of hundreds of security alerts per day. The agent addresses fragmentation across case management, log platforms, and operational tools by using internal orchestration workflows to retrieve targeted context. It achieves roughly 95% agreement with human analyst decisions, uses confidence scoring to route lower-certainty cases to humans, and employs multiple agents reviewing the same case from different perspectives. Early results show significant time savings on triage, freeing analysts for high-priority investigations. The next goal is reducing incident containment time by 20% through deeper autonomous incident response capabilities.
Sort: