Druva has made a significant breakthrough announcement regarding their AI, powered platform DruAI, where they reveal new Deep Analysis Agents that would drastically cut the time for cyber forensic investigations and compliance reporting. The new features are expected to help investigative working hours go down from a few days to minutes, thus assisting corporate IT and security teams in responding more quickly to incidents as well as regulatory requirements.
Security and IT teams in present, day enterprise environments tend to dedicate lots of their time to not only handling incidents but also accumulating and explaining the evidence of an attack or system anomaly. Forensic analysis, preparing for audits, and conducting operational reviews are only a few examples of tasks that require the teams to manually correlate logs, telemetry, and system data. These activities may be a cause for postponing remediation and that way lowering the overall pace of the response. The latest DruAI update addresses this challenge by enabling autonomous investigation workflows that gather evidence, analyze data relationships, and generate comprehensive reports automatically.
“IT teams are drowning in evidence collection and manual reporting,” said Stephen Manley, CTO at Druva. “This release turns AI from a conversational assistant into a partner that completes work. We are enabling teams to delegate multi-day investigations to agents that finish in minutes and deliver a final report that can be immediately shared with security, compliance, or operations teams.”
Automating Complex Investigations with Agentic Workflows
The newly launched Deep Analysis Agents operate within DruAI to independently carry out multi-step investigations. These agents analyze telemetry, logs, identity information, system configurations, and historical signals across enterprise environments. By orchestrating multiple data sources and analytical processes, the agents transform complex investigative workflows into automated tasks that produce clear, actionable insights.
What used to be two to three days of manual effort for investigations can now be done in around eight to ten minutes, and the reports are formatted for ready use by security, compliance, and operational teams. Using this automation, IT professionals are able to devote their time more to the remediation and strategic security initiatives rather than to the time, consuming reporting processes.
The Deep Analysis Agents are powered by Dru MetaGraph, a tenant-specific, graph-based data intelligence foundation that connects and contextualizes enterprise metadata in real time. By mapping relationships between datasets, logs, and system signals, Dru MetaGraph enables AI-driven investigations to deliver deeper insights with minimal human intervention.
Also Read: Arctic Wolf Expands MSP Capabilities with Aurora Managed Endpoint Defense
Introducing Agentic Memory for Personalized Intelligence
Alongside the new investigative agents, Druva introduced Agentic Memory, a capability that allows DruAI to retain and apply contextual information over time. Unlike traditional chat-based AI systems that operate only within a single interaction, Agentic Memory maintains both session-based context and structured long-term knowledge of an organization’s environment.
This functionality enables DruAI to adapt its responses based on user roles, operational preferences, and historical investigative patterns. For example, a security operations center analyst may receive detailed forensic insights, while compliance teams may be presented with executive summaries and audit-ready reports. Over time, the system learns from recurring workflows and preferences, enabling faster decision-making and reducing repetitive setup tasks.
Multimodal Assistance Enhances Operational Visibility
Moreover, the update adds an image, based help feature that lets users submit a screenshot of an alert, a configuration page, or error messages straight from their system, to the DruAI console. The system is capable of analyzing the picture and grasping its technical meaning, then it instructs the users with the next steps for fixing or solving the issue.
This multimodal capability expands the practical applications of AI in enterprise operations by combining visual analysis with contextual data intelligence, giving teams a faster path to resolving configuration issues and system anomalies.
“For the first time, we have an AI tool that delivers actionable insight right out of the gate,” said Hunter French, Senior Vice President for Impact Services at Goodwill Industries of the Valleys. “It analyzes weeks of log data and surfaces findings we can immediately put to work, saving hours of compliance reporting and manual review.”
Built with Enterprise Security and Compliance in Mind
Druva emphasized that its AI capabilities operate within a secure architecture designed to protect sensitive enterprise data. The company follows a zero-trust approach and complies with global standards including FedRAMP, SOC 2, GDPR, and IRAP. Data processed by DruAI remains encrypted and is not used to train external large language models. Instead, the platform uses isolated AI models and private retrieval-augmented generation to analyze organization metadata securely.
With the introduction of Deep Analysis Agents, Agentic Memory, and multimodal assistance, Druva continues to evolve DruAI from a conversational AI interface into a task-executing intelligence platform capable of automating critical cybersecurity workflows. These capabilities are now generally available to Druva customers.