Breach containment vendor Illumio, which a month ago disclosed the critically important information that it had partnered with Microsoft and joined the Microsoft Sentinel ecosystem to deploy Illumio Insights and Segmentation across its entire corporate IT environment, has followed that up with additional news of signal importance. Now, Illumio has announced Insights Agent, a new capability within Illumio Insights. Insights Agent is an AI-powered, persona-driven guide designed to reduce alert fatigue, accelerate threat detection, and enable containment by delivering real-time, tailored alerts and instant one-click remediation recommendations.
Microsoft leveraged Illumio for a more proactive cyber defense, leveraging the Illumio AI-driven platform to prevent lateral movement, contain potential threats, and ensure resilience at unprecedented scale. Now Illumio has announced Insights Agent, a new capability within Illumio Insights. Agent is an AI-powered, persona-driven guide designed to reduce alert fatigue, accelerate threat detection, and enable containment by delivering real-time, tailored alerts and instant one-click remediation recommendations. This powerful extension of Insights is designed to help security teams stay focused and move quickly to contain threats before they escalate.
“When Igor [Tsyganskiy, Global Chief Information Security Officer at Microsoft ] called in April 2024 and asked if we were ready to deploy at Microsoft, I told him that given the size and scale of the environment, unlike anything that any segmentation vendor had ever seen or attempted, we would need to closely partner to do it,” said Andrew Rubin, CEO and Founder at Illumio. “I assured him that every team member at Illumio would do anything and everything possible to ensure success. From the beginning, we have believed in the power and scalability of the AI network security graph, and with the deployment at Microsoft, we can now definitely say it is the future of cybersecurity.”
“When we needed to bring these capabilities into Microsoft, Illumio was the only segmentation solution that would work at the scale of Microsoft and deliver in our environment,” Tsyganskiy stated. “Perhaps most importantly, the Illumio team understands partnership, and how to deliver under extreme pressure.”
Operating one of the most complex and interconnected networks in the world, Microsoft faces similar challenges as other global enterprises: hybrid environments, multi-cloud architectures, and the need for real-time observability. The Illumio platform provides Microsoft with deep visibility into network connectivity and powerful capabilities to enforce segmentation policies that help reduce the risk of breaches spreading across the environment.
“Security teams are overwhelmed by noise, and we don’t need more useless alerts; we need more actionable answers,” Rubin said. “Illumio Insights was built to deliver clarity, not clutter. With Agent, we’re taking the next step: every user gets a personalized risk view tailored to their role, along with immediate, practical guidance on what to do next. This is real-time discovery and containment, designed for the people who defend our organizations every day.”
The Illumio Platform, containing the Illumio Insights and Segmentation products, is powered by the network graph, allowing an organization to have a deep understanding of connectivity within even the most hybrid and complex network environments. Using AI for analysis of the graph, Illumio Insights finds anomalies and threats in real time, surfacing everything from LLM traffic to malicious IP connectivity. Illumio Segmentation allows the organization to quickly and easily set policy for anything from dynamic quarantine to Zero Trust microsegmentation, ensuring breaches and ransomware do not spread widely through the environment and dramatically increasing resiliency in the event of an attack.
Building in turn on the foundation of Illumio Insights, Agent delivers role-aware threat detection and actionable guidance aligned to each user’s responsibilities, whether threat hunter, incident responder, or compliance analyst. It automatically prioritizes threats by severity and surfaces the most relevant ones for each user, enabling faster decision-making and more effective containment. With teams receiving an average of more than 2,000 alerts per day (roughly one every 42 seconds), according to the 2025 Global Cloud Detection and Response Report, reducing triage delays has never been more critical.
Among the features which highlight Agent are persona-based AI guidance, where users select from roles like threat hunter, incident responder, data security, or compliance monitor to receive insights tailored to their responsibilities. Agent also provides in-depth investigative analysis, with severity-ranked recommendations, and accelerated threat detection, with continuous background monitoring of flow and workload communication to spot anomalies.
An AI-driven response plan guides users through prioritized, step-by-step remediation with automated handoffs across the security stack for fast, effective resolution. An Agent also maps threats to the MITRE ATT&CK framework, helping users understand attacker techniques, prioritize responses, and reduce alert fatigue.
Finally, the system has one-click containment because it is integrated with Illumio Segmentation, which enables instant isolation of compromised workloads, with no host agents required.
Agent is available in public preview as part of Insights and for Microsoft customers via the Microsoft Security Store, with general availability expected in December.