Huntress and DNSFilter Deploy AI Agents Across Security Operations, Report 90% Workload Reduction on Automated Investigations

Cybersecurity firm Huntress has deployed just under 20 AI agents across its security operations center, automating investigations that previously required manual analyst work for its 240,000 customers, according to a Business Insider report published March 24. The company reports the system has reduced analyst workload by 90% on more than a third of investigations and now generates approximately 10,000 incident reports per month.

Separately, DNSFilter says a single AI agent handling Tier 1 support tickets saves the company $200,000 annually, operating at a cost of $15,000-$16,000 per year while performing the workload of two full-time support engineers.

How the Huntress System Works

Eric Stride, Huntress’s chief security officer, told Business Insider that the agents automate the company’s identity threat detection and response pipeline. When the system detects suspicious signals — unusual login activity, unauthorized inbox rules — it triggers an orchestration agent that functions as a supervisor, delegating work to 12 sub-agents. Those sub-agents pull data, analyze activity patterns, and identify evasion techniques.

The orchestration agent classifies activity as malicious or benign and escalates unclear cases to a human analyst. After a quality check, the system drafts an incident report for the client. Stride said this process previously took 20 to 30 minutes manually and now completes in minutes.

The deployment serves a 50-person SOC team. Stride described the agents as giving analysts “their ‘Iron Man suit’ to be more effective against the adversary,” per Business Insider.

DNSFilter’s Support Automation

Mikey Pruitt, head of AI labs at DNSFilter, told Business Insider the company launched an AI agent across its customer support team of fewer than 10 engineers. The agent handles all inbound Tier 1 tickets: categorizing emails by complexity, resolving routine issues using internal documentation, and escalating more complex tickets to human staff.

Pruitt said the agent processes requests in about four minutes and completes 60 tickets per week, compared to 35 for a human engineer, saving support staff up to three hours weekly. He anticipates DNSFilter will scale back entry-level hiring as the agent’s capabilities expand.

Where the Agents Break Down

Both companies acknowledged clear limitations. Huntress’s agents struggle with vague tasks and produce inconsistent answers on complex threats like ransomware attacks. They cannot make high-risk decisions without human oversight.

DNSFilter’s agent, limited to internal documentation, once mistakenly told a customer to bypass their reseller partner to resolve an issue. “That was definitely a fail that we had to engineer around,” Pruitt told Business Insider.

The Broader Adoption Picture

The deployments reflect a wider trend. In a 2025 survey, McKinsey found 62% of organizations are experimenting with AI agents. In cybersecurity specifically, ISC2 research found 30% of professionals reported embedding AI security tools into their operations, with many of these evolving into agent-like systems capable of executing multi-step workflows.

The economics are driving adoption faster than the technology’s maturity might warrant. Pruitt’s math is straightforward: one agent at $15,000-$16,000 per year replaces the output of two engineers. “Hiring less people is definitely part of the strategy,” he told Business Insider. His goal for DNSFilter by year-end: “Make our team of about 150 perform like a team of 500.”

That ambition runs ahead of what the agents can reliably do today. The gap between automation of repeatable tasks and reliable handling of novel, complex threats remains significant. For now, AI agents in cybersecurity are augmenting human analysts rather than replacing them — but the hiring implications are already visible.