InfoWatch, a Russian cybersecurity group, has introduced an AI-driven assistant into its data loss prevention (DLP) suite to speed investigations and reduce routine workload for security teams. Andrey Biryukov, vice-president for research, development and services at InfoWatch, described the practical applications and the limits the company imposes on the technology.
AI agent in cybersecurity
The new assistant, named “Junior Analyst”, is embedded in InfoWatch Traffic Monitor and accepts both voice and text requests. In a dedicated window, a security officer can ask in natural language for a report covering a specific period, the activity of a particular user, or other operational data. The agent analyses DLP outputs and either returns a text answer or produces the requested datasets for further review.
Biryukov said the technology is most effective in two areas: automating standard operational workflows and rapidly processing large volumes of information. For routine tasks, the agent performs the repetitive work that would otherwise occupy an officer’s time. For data-heavy tasks, machine learning techniques such as clustering help sort and classify documents passing through a client’s systems, assisting administrators in refining security policies.
InfoWatch uses machine learning across its solutions to distribute documents by type and class depending on their content. That classification supports policy configuration in the DLP environment and helps detect anomalous flows of sensitive information. The company emphasised that the principal role of the AI assistant is to reduce manual data collection so human analysts can concentrate on higher-value investigations.
While the capabilities are significant, Biryukov stressed that responsibility must remain with people. If an organisation decides to deploy algorithms to analyse X‑rays, answer user questions, or flag traffic anomalies, it should also assign human oversight for the decisions and outcomes produced by those algorithms. The agent is a tool to augment human analysts, not to replace them.
InfoWatch’s approach mirrors common practice across corporate security teams: use automation to handle standardised, repetitive tasks while reserving complex investigative work for experienced officers. The company highlighted examples familiar to many users — automated contact-centre bots resolving simple queries, and algorithms able to condense and interpret vast texts faster than a human can — to illustrate where the technology brings real efficiency gains.
Implementation details include natural language interaction, data extraction from the DLP system, and unsupervised methods such as clustering to group documents by content. These features allow faster visibility into data movement and simplify the administrative effort required to maintain and tune security rules.
For now, InfoWatch expects the main functionality of such agents in information security to remain focused on optimisation: freeing officers from standard tasks and enabling them to pursue complex or high-priority investigations. The company sees this practical role continuing for the foreseeable future, with human accountability guiding deployments and outcomes.
Key Takeaways:
- InfoWatch has integrated an AI agent into its DLP system to speed routine cybersecurity tasks.
- The AI agent in cybersecurity can process large data volumes and respond to natural language queries from security staff.
- The tool aims to free security officers from manual information gathering while leaving final responsibility with humans.
