Expel Releases AI-Intentional Security Framework
Expel, the human-led, AI-accelerated security provider, today published a practitioner framework for deploying AI intentionally across the security operations threat lifecycle, highlighting recent AI and automation capabilities built into Ruxie™—Expel’s AI and automation engine —that demonstrate the framework in action and enable faster and more decisive response actions across the threat lifecycle.
The real risk isn’t the alert. It’s what happens after it fires
The real risk in security operations exists in the gap between signal, action, and outcome—and the friction that accumulates there. With attackers using AI to increase their own velocity, that gap is getting more expensive to close. Most vendors are racing to bolt AI into their SOC workflows but aren’t considering the implications. Instead, they should consider the ROI of introducing AI, automation, and machine learning to each part of their customers’ security programs and applying it responsibly to accelerate defense where it makes the most sense in their environments.
“Previously, manual actions like log review and alert triage were essentially dead. AI can and should handle that noise now so analysts can focus on the incidents that matter and deploy accurate defense at AI speed,” said Justin Bajko, Chief Strategy Officer at Expel. “Ruxie not only handles those actions, but arms human analysts with AI capabilities that cut through the noise and speed decisive response actions. Our AI investments speed up decisive responses, shifting timelines from minutes to seconds so customers stay ahead of attackers.”
The Trust vs. Impact framework for AI-intentional security
Expel’s “Trust vs. Impact: A practitioner’s framework for implementing AI and automation in the threat lifecycle” codifies the framework that helped shape Ruxie and the model behind Expel’s industry-leading MDR service. The framework maps security workflows on two axes: impact (what’s at stake if AI gets it wrong) and trust (how much confidence you have in the system to handle it correctly). The framework identifies where AI should operate autonomously, where it should support humans, and where humans must lead. It’s built from ten years of running Ruxie in production across trillions of alerts in customer environments, where Expel has continuously improved its AI models on real SOC outcomes.
Expel’s recent AI innovation guided by the framework
In the past year, Expel released multiple new AI “power up” capabilities into the Ruxie engine that target every stage of the threat lifecycle, from detecting coverage shortfalls to explaining threat resolutions in plain language—all designed to get to the right security outcomes in seconds rather than minutes. Some of these include:
- Agentic detection rule generation identifies coverage gaps and creates detections automatically for human review, shortening the time it takes to build new detections and finding threats earlier.
- AI-powered alert triage (identity classification) uses machine learning to categorize identity alerts with 99.7% confidence, filtering out high-confidence benign alerts and reducing identity alert volume by approximately 10%—so analysts can focus where it matters.
- AI-generated summarization produces plain-language context for dense technical data, alert details, detection logic, investigative actions, and context for benign policy violations (DUETs) and verifications—giving analysts clear, actionable context that accelerates each aspect of the threat lifecycle from triage through resolution.
- Transparent disposition logic automatically drafts explanations for key investigative findings and alert resolutions, including those determined to be benign, so customers always understand what happened and why.
- Improved detection descriptions translate complex detection logic into plain-language summaries so customers can easily understand their active defenses.
Read More: ITTech Pulse Exclusive Interview with Stanley R. Hughey, Chief Technology Officer at iNet
Ragesh Menon, Senior Director of Security Architecture at Visa, said, “Expel’s platform has significantly streamlined our security operations. Expel’s AI-driven triage system effectively prioritizes alerts, allowing our analysts to focus on the most critical issues. This has greatly improved our overall operational efficiency.”
Write to us [wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.
