Fortinet Agentic AI Moves SOC Teams from Reactive to: key implications for Agentic AI automated security investigations teams

Robert May at Fortinet is addressing a critical bottleneck in cybersecurity: the 'overloaded analyst' problem. As enterprise adoption of AI tools creates a massive influx of data and new security blind spots, traditional human--led monitoring is becoming mathematically impossible to scale. May’s vision centers on moving past simple automated alerts toward agentic AI—systems capable of autonomously performing investigative work across disparate products within the Fortinet Security Fabric. For SOC (Security Operations Center) teams, this means the AI doesn't just flag a threat; it actively pulls context from connected firewalls, SASE architectures, and security operations infrastructure to determine if an alert is a false positive or a legitimate breach. This shift is crucial because many organizations are currently running fragmented stacks of up to 50 different products that don't communicate well together. May emphasizes that agentic AI only works when there is a coherent underlying platform architecture (the Security Fabric), a point that highlights Fortinet’s engineering strategy: integrating data streams first so the AI agents can navigate them effectively. Furthermore, May addresses the looming 'data sovereignty' problem—a key concern for Canadian and global enterprises. By offering deployment flexibility (on-premise, public cloud, or regional specificities), Fortinet is ensuring that while companies adopt agentic automation, they don't lose control over where their sensitive source code or business-critical data is processed. This isn't a sudden pivot; it's an evolution of 15 years of AI history within the company, moving from passive machine learning to active agency in threat response.