CMOtech US - Technology news for CMOs & marketing decision-makers
United States
Intezer launches custom AI agents for security teams

Intezer launches custom AI agents for security teams

Fri, 3rd Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Intezer has launched Custom Agents for its security operations platform, allowing customer security teams to build their own AI agents inside the system.

The product expands Intezer's use of autonomous agents beyond default security workflows into customer-defined routines. Teams can use it to automate tasks such as investigation work, report writing and other repetitive security operations centre processes.

Intezer's existing platform already uses autonomous agents to triage, investigate and respond to alerts continuously. The system investigates all alerts and escalates fewer than 2% for human review, according to the company.

Customer workflows

The launch was shaped by how customers were already using Intezer's AI chat functions. More than a third of user conversations involved repeated requests for the same routine tasks, including drafting reports, preparing shift handover notes, tuning detection rules and recording investigation outcomes.

That pattern led Intezer to package those recurring requests into dedicated agents that can run automatically. Existing customers are already using agents in production for tasks including custom incident reports, recommendations on rule tuning based on triage verdicts and proactive threat hunting, according to the company.

Custom Agents are created using natural language prompts. Security teams describe the task, choose when the agent runs and select the tools it can access.

Agents can be triggered on a schedule, after a specific event such as the closure of a case, or on demand. They can also take follow-up actions, including updating, commenting on and closing cases, as well as emailing completed reports.

Tool integrations

The agents can work across Intezer's own toolset and connected third-party systems. Named integrations include CrowdStrike, SentinelOne, Splunk, Microsoft Sentinel and Entra ID.

The product is available in beta to existing Intezer customers and is free during the beta period. Intezer did not provide a timetable for general availability.

Itai Tevet, Chief Executive Officer and Co-Founder of Intezer, said the launch is intended to help security teams automate work outside standard alert handling. "With Custom Agents, security teams can automate their unique individual and team processes, by building their own AI agents, which run on the same engine that operates their SOC to ensure seamless integration and performance," Tevet said.

He said the feature extends the company's existing operating model. "Our autonomous agents have long handled the fundamental work of the SOC. With Custom Agents, we are giving customers the power to automate their own unique workflows, running them precisely how they choose," Tevet said.

Competitive pressure

The launch comes as security teams face pressure to manage rising alert volumes without expanding headcount at the same pace. Across the cyber security market, vendors have been adding AI-driven tools aimed at reducing manual work in security operations centres, particularly in alert triage, investigation and reporting.

Intezer positions its platform around automated forensic investigation and around-the-clock alert handling. Its customer base includes large organisations such as NVIDIA, MGM Resorts, Equifax, Salesforce and Ferguson, according to the company.

The release suggests Intezer is trying to move from fixed automation within its platform to a more flexible model in which customers can build workflows around their own operating practices. That shift could appeal to larger security teams whose internal processes differ from standard product templates.

For buyers, the key question is how much manual work the new agents can remove without adding complexity to oversight. Intezer said the agents are built directly into the existing platform and use the same underlying engine as its current SOC automation tools.