Expel extends coverage to every stage of the threat lifecycle with new agentic AI capabilities

News provided by

Expel

Jun 23, 2026, 09:00 ET

New capabilities extend Ruxie AI to address every stage from signal to stopped attack, matching the speed and scale of AI-powered threats

[TL;DR / Key Takeaways]

  • What: Expel today extended Ruxie, its AI SOC manager, with new agentic capabilities to apply AI coverage across every stage of the threat lifecycle.
  • The proof: the new and existing AI and agentic capabilities operate at scale and improve the accuracy and speed of Expel's human SOC analysts.
  • Availability: these capabilities are now in production in customers' Expel MDR deployments.

HERNDON, Va., June 23, 2026 /PRNewswire/ -- Expel, the leading agentic MDR provider, today extended Ruxie™, its AI SOC manager, with new AI and agentic capabilities to extend coverage to every stage of the threat lifecycle—enriching and triaging threats before analysts touch the alert queue, investigating threats, executing response actions, engineering new detection rules, and documenting outcomes.

AI-powered attacks compress the time from initial access to impact

Attackers are using AI to move faster through every stage of the kill chain and human-paced security operations can't contain the blast radius at scale. Fighting back requires AI coverage at every stage to achieve fast and accurate security outcomes.

Ruxie AI is built upon a decade of proven SOC principles and real MDR outcomes. Ruxie continuously applies AI and agentic capabilities across our customers' environments to operate at scale and dramatically improve the accuracy and speed of Expel's human SOC analysts. These new capabilities extend that coverage further across the threat lifecycle, targeting specific friction points that slow detection and response:

  • Enrichment: pulls telemetry and context from more than 160 integrated security tools and external intelligence sources so alerts arrive pre-enriched before an analyst touches the queue.
  • Context: quickly builds a complete, investigation-ready picture for every alert by pulling live telemetry, asset data, organizational and user context, and prior analyst decisions automatically.
  • Detection: correlates related threat data across endpoint, identity, cloud, network, and other attack surfaces to expose unified attack campaigns and hidden malicious patterns.
  • Detection engineering: multiple agentic workflows evaluate new vendor alerts against existing Expel detection strategies to identify coverage gaps and automatically generate new detection rules to protect all customers.
  • Triage: multiple AI workflows analyzes evidence to make high-confidence decisions such as classifying and auto-closing identity alerts and leverage agents to evaluate blocked malware alerts to free analysts to focus on true threats.
  • Investigation: agentic workflows extract, consolidate, evaluate, classify, and apply structured reasoning checks to return alert disposition recommendations for identity alerts.
  • Response: executes targeted response actions to contain and stop the threat the moment a threat is confirmed.
  • Reporting: documents every closed alert and incident in plain language for our analysts automatically, so outcomes are fully traceable.
  • Collaboration: syncs real-time Expel Workbench™ investigations with Slack and Microsoft Teams, delivering multi-channel visibility, escalation, and communication for alerts, decisions, questions, and response actions.

"AI-powered attackers don't pause between initial access and lateral movement. They're operating at machine speed," said Justin Bajko, Chief Strategy Officer, Expel. "Ruxie's job is to match that pace at every stage. These new agentic capabilities extend our AI coverage to specific and intentional stages of the threat life cycle, so there's no gap left for attackers to exploit."

Customers see the impact in alert volume and analyst focus

"Having AI workflows for context, then relying on a human expert to make the final call, offers a level of security we can't get from an AI-only approach," said Jason Waits, Chief Information Security Officer, Inductive Automation. "Automation and AI catch things in real time, and human expertise helps understand context, make nuanced decisions, and avoid false positives that disrupt operations."

Availability

Ruxie's new AI and agentic capabilities are now in production with more coming in the following months, and are incorporated into customers' existing Expel MDR deployments.

About Expel
Expel is the leading agentic MDR provider. Our solutions use AI to improve the speed and accuracy of our human expertise. Expel MDR works with the tools you already have, providing coverage across critical attack surfaces such as cloud, identity, email, SIEM, SaaS, and on-prem environments, out in the open, alongside you. No black boxes. No rip-and-replace. Just clearer decisions, faster action, and security operations that get stronger over time. For more information, visit our website, check out our blog, or follow us on LinkedIn.

SOURCE Expel

21%

more press release views with 
Request a Demo

Also from this source

Expel releases practitioner framework for AI-intentional security, backed by a decade of production AI

Expel releases practitioner framework for AI-intentional security, backed by a decade of production AI

Expel, the human-led, AI-accelerated security provider, today published a practitioner framework for deploying AI intentionally across the security...
Expel launches Managed SIEM to help ease customer burden of SIEM detection management

Expel launches Managed SIEM to help ease customer burden of SIEM detection management

Expel, the human-led, AI-accelerated security provider, today launched Expel Managed SIEM—a co-managed service that puts Expel's expert detection...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

Computer Software

Computer Software

Computer Software

Computer Software

News Releases in Similar Topics