# 04\_AR2 Agentic AI

**Autonomous Response and Reasoning**

BluSapphire AR² is an agentic AI that acts as a tireless, 24/7 AI analyst for your security team. It autonomously investigates threats, reasons about their nature and impact, and takes decisive action to contain them in minutes—100x faster than a human team. AR² frees your human analysts from the drudgery of manual investigation and allows them to focus on strategic initiatives.

<figure><img src="https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2FOhNhUdTQkzLtWqtdhS28%2FagenticAI_Tools.png?alt=media&#x26;token=ffa42a7e-5bba-4911-b0a6-fa706cbd73e1" alt=""><figcaption></figcaption></figure>

## Key Capabilities

* **Autonomous Investigation:** When a threat is detected, AR² instantly begins a comprehensive investigation, gathering context from various sources, analyzing logs, and querying endpoints.
* **AI-Powered Reasoning:** AR² uses a sophisticated reasoning engine to understand the full scope of an attack, identify the root cause, and determine the appropriate response.
* **Decisive Action:** Based on its investigation, AR² can take a wide range of actions to contain the threat, such as isolating a host, disabling a user account, or blocking an IP address.
* **Human-in-the-Loop:** While AR² can operate fully autonomously, it also supports a human-in-the-loop model, allowing your team to review and approve actions before they are taken.
* **Continuous Learning:** AR² learns from every investigation, constantly improving its ability to detect and respond to new threats.

## How It Works

{% stepper %}
{% step %}

### Trigger

AR² is triggered by a high-fidelity signal from the SIEMless™ engine.
{% endstep %}

{% step %}

### Investigate

The AI agent begins its investigation, querying data sources and running automated playbooks.
{% endstep %}

{% step %}

### Reason

AR² analyzes the collected data to understand the attack and formulate a response plan.
{% endstep %}

{% step %}

### Act

AR² executes the response plan, taking action to contain the threat and notifying the security team.
{% endstep %}

{% step %}

### Report

AR² generates a detailed report of the investigation and response actions, providing a full audit trail.
{% endstep %}
{% endstepper %}

## Benefits

* **Sub-4-Minute Response:** Reduce your mean time to respond (MTTR) from hours or days to under four minutes.
* **100x Faster Than a Human SOC:** Automate the work of a team of analysts and operate at machine speed.
* **Eliminate Analyst Burnout:** Free your team from the repetitive and stressful work of manual alert triage and investigation.
* **24/7 Coverage:** Ensure that threats are being investigated and contained around the clock, even when your team is offline.