How Sysdig Sage uses AI, agentic automation to quickly close cloud security gaps
Overview
In this exclusive DEMO episode, Sysdig's Director of Product Marketing Eric Carter walks us through a live demonstration of Sysdig Sage, the company’s AI-powered assistant designed to eliminate cloud security gaps, accelerate threat detection, and streamline vulnerability remediation. The video and full transcript below reveal how enterprises can use AI-driven cloud security tools, including real-time threat detection, natural language querying, and emerging agentic AI automation, to manage compliance, reduce misconfigurations, and minimize business risk.
If you're in DevOps, DevSecOps, or enterprise security operations, this in-depth conversation highlights how Sysdig Sage can help teams of all skill levels stay ahead of modern cloud security threats.
This episode is sponsored by Sysdig.
#Sysdig Sage, #cloud security automation, #AI in cybersecurity, #Agentic AI, #vunerability remediation, #real-time threat detection, #DevSecOps tools, #Sysdig demo, #AI security assistant, #enterprise security platform
Transcript
Keith Shaw: Hi everybody, welcome to DEMO, the show where companies showcase their latest platforms and products.
On this episode, we’re heading out to San Francisco to see how Sysdig’s AI assistant — Sysdig Sage — helps enterprises eliminate cloud security gaps, detect threats in real time, and fix vulnerabilities faster. Let’s go to our colleague, Brandon Mahne, for more. Over to you, Brandon.
Brandon Mahne: Thanks, Keith. I’m here today with Eric Carter, Director of Product Marketing at Sysdig. Welcome to DEMO, Eric.
Eric Carter: Thanks, Brandon. Appreciate you having me on.
Brandon: We're excited to talk today and hear about all the innovation you've been working on. Why don’t you start by telling us about Sysdig and what we’re going to see today? Eric: Sure.
Sysdig provides cloud security solutions. We offer a platform that unifies the different aspects of cloud security our customers care about — everything from posture management and vulnerability management to what we’re best known for: threat detection and response.
We help customers take action very quickly when bad things are happening in the cloud. What we’re focusing on today is AI. It’s everywhere — and with our solution, Sysdig Sage, we’ve built a companion that helps users be better, faster, and stronger when dealing with cloud security.
Brandon: Very cool.
When we talk about customers or users, who specifically in the enterprise is this tool or suite of tools aimed at?
Eric: There’s a bit of a span. We support folks in the DevOps and DevSecOps space — people who are running the platforms in the cloud. But security teams — those with the badge, sometimes seen as the "bad guys" — are also a big part of our user base.
They want to know whether things are being managed properly. We help these personas work together by giving them insights in the way they need to see them.
Brandon: So that’s a lot of different personas. What’s the main pain point you’re helping each of them solve?
Eric: A few things. First, visibility — being able to quickly see where you're at risk. Sysdig is a real-time security solution, built on an open-source tool we created called Falco. It detects issues within seconds. That speed is part of our secret sauce.
Also, keeping track of everything that’s constantly coming and going in the environment is key. And that’s what we help with.
Brandon: So if a company didn’t have a tool like Sysdig, what would they be using?
Eric: It’s usually a bunch of siloed tools — one for this, one for that — and they don’t provide a full picture. That introduces guesswork and gaps. We’ll look at AI today, specifically Sysdig Sage.
Without it, users might swivel in their chair to ask a colleague, escalate unnecessarily, or go search Google hoping to find the right answer. We’re trying to save time by giving you what you need — right in context — on the same screen.
Let’s jump into the demo. I’m going to switch to my other screen. What we’re looking at now is Sysdig Secure, our cloud security platform. The homepage gives you insights across different domains — vulnerabilities in workloads and applications, runtime events (real-time anomalies), compliance metrics, user access controls, and more.
We’re starting with Inventory, which is posture-oriented. It answers: What have I deployed? What’s running my apps in the cloud? Could be cloud, could be on-prem in Kubernetes. We store this data in a graph database, letting you connect the dots.
You can build queries using a custom language, but we’ve now integrated Sysdig Sage so users can ask questions in plain English.
For example, I’ll ask: Which cloud assets have failed security controls? Sage interprets this, builds the query, and returns a list. From there, I can click in for more detail on the risky controls. Now I’ll open the chat panel, which gives me contextual help.
Let’s say I want to filter just to AWS assets. I can ask: Can you show me just AWS?
Sage will adjust the query and regenerate the result. It even gives me links in the UI that reflect exactly what I asked — so now I see only AWS violations. I can follow up with questions like, Why should I be concerned about this issue?
It’s an effective way to dig through massive amounts of data and get straight to the issue — preventing misconfigurations before they become breaches.
Now let’s look at vulnerabilities — another common issue. Whether during build or runtime, customers are often overwhelmed. So I’ll group vulnerabilities by image (referring to container images).
Let’s check one — say, our "counter app." There are several tickets open already, but if I want remediation guidance, I can click a button and Sysdig Sage will generate AI-based recommendations.
Sage understands context and gives smart upgrade suggestions. It might tell you to upgrade to a specific version, not just the latest. It covers both app layer (what devs wrote) and base layer (OS, image, etc.).
Now, instead of sending a vague ticket like "Fix this image," you can send a fully prefilled remediation ticket. That saves time — and ensures the dev has what they need to act immediately.
Also smart enough to avoid duplicate tickets. If one already exists, it’ll recognize that. So we’ve covered posture, vulnerability management, and now — what Sysdig is really known for — threat detection and response.
I’ve now switched to the Threats area. Let’s keep the chat panel open. I’ll ask: What are the top five events from the last hour? Sometimes, customers ask this first thing in the morning — Where should I focus today?
If there’s nothing recent, I’ll widen the scope: What are my high severity events from the last 48 hours?
Now we’re seeing real results — events like AWS credential issues or malicious binaries. I’ll click on the one that sounds the most serious. Sysdig drills into the details — how it was accessed, what commands were run, and so on.
You can highlight suspicious command lines and ask Sage: What does this command do? Sage might reply: This looks like cryptocurrency mining.
You can then follow up: Why should I be concerned? Even junior security folks can start learning right here. Sage walks you through the remediation steps, both short-term (stop the bleeding) and long-term (fix the root issue, strengthen policy, etc.).
This is the power of combining LLMs with security workflows. It makes investigations faster and more effective. Now, let’s move to something new: Agentic AI.
What we’ve seen so far involves interaction — I click or type, and Sage responds. But agentic AI is about giving the system a goal — and letting it take action. We’re now previewing an upcoming feature focused on vulnerability management. You’ll notice this different environment and theme. The problem?
Too many vulnerabilities. Over 70,000 in some cases. Even with prioritization tools, human judgment is still needed. So we implemented AI agents that do semantic analysis across multiple factors: * Is this in production? * Is it exposed to the internet? * Is it actually exploitable?
The system reasons about the environment, labels it (prod, dev, etc.), and filters the vulnerabilities accordingly. I can say: Show me just production — and the chart updates.
From here, I can ask: What does “exploitable” mean? Or anything else tied to the prioritization logic.
The next table visualizes frequency versus impact. Are these apps financial systems? Are they customer-facing? That influences priority. You can then click Fix this image or ask: Why is this important?
Sage explains: It’s running in multiple prod clusters, hosts critical business processes, etc. This is the info security teams typically piece together from multiple sources. And now?
You just click, get the remediation, and go.
This is how we cut through 1,000s of hours of manual work — filtering, reasoning, prioritizing, and remediating.
One last thing: Progress tracking. Boards and CTOs want to see the state of your security posture. Agentic AI helps identify and communicate risk reduction, so you can show how your team is moving the needle.
That’s what we’re up to with AI and Sysdig Sage — making security professionals more effective, no matter their skill level. From junior analysts to seasoned pros, this helps everyone move just as fast as the threats themselves.
Brandon: Wow, thanks Eric. That was amazing. If people want to learn more about Sysdig and Sysdig Sage, how can they do that?
Eric: Easiest way is to visit sysdig.com or go directly to sysdig.com/sage. There, you’ll find more info, a walk-through demo, and additional resources. Brandon: Excellent.
Thanks so much for the demo today. Keith, back to you.
Keith Shaw: Thanks, Brandon. That’s going to do it for this week’s episode. Be sure to like the video, subscribe to the channel, and leave any comments below. Join us every week for new episodes of DEMO. I’m Keith Shaw, thanks for watching.
