Artificial intelligence

The is our cybersecurity platform built for the AI era. The platform combines agentic AI, generative AI, machine learning (ML), and customer-specific context to improve detection, investigation, and response across endpoint, network, cloud, and identity environments.

AI features

is Arctic Wolf®'s portfolio of AI capabilities embedded across the .

These AI features are available in our platform:
  • Internal GenAI Tools — Generative AI capabilities used by Arctic Wolf to assist with tasks such as triage, investigation support, and incident handling. These tools include the , and are not exposed to customers.
  • Aurora Security Assistant — A generative AI interface that helps customers and analysts ask security questions, summarize investigations, and quickly access insights about their environment in natural language.
  • ML and detection models — ML models trained on more than a trillion security events per day across over 10,000 customer environments. These models support behavioral analytics, anomaly detection, and threat classification across endpoint, network, cloud, and identity telemetry.

AI and the Concierge Delivery Model

AI is not replacing the Concierge Security® Team (CST). We use AI for more repetitive work such as triage, enrichment, summarization, and ticket preparation. Using AI improves the speed and quality of investigations, reduces unnecessary back-and-forth between customers and the SOC, and helps customers gain value faster while giving both Arctic Wolf experts and customer teams more time to focus on proactive security work and progress along the customer's security journey.

Model training

Arctic Wolf uses ML algorithms that are trained on open-source data sets, commercial data sets, and certain executables collected from customers who opted in.

Customer-facing GenAI features, such as the Aurora Security Assistant, rely on models trained by third-party providers, and are not further trained by Arctic Wolf.

Certain internal generative AI tools utilize small language models (SLMs) that are owned and controlled by Arctic Wolf, and may be trained using customer-derived security signals, such as alert telemetry, network and process behavior, and threat metadata, where permitted. These trained SLMs are used internally and are not shared with third-party model providers, nor are they used to train frontier large-language models (LLMs).

Data Handling and Protection

Data sent to Arctic Wolf's AI tools is processed within Arctic Wolf-managed environments and approved third-party infrastructure, including providers listed in our Arctic Wolf Subprocessor List. Customer data and customer context are isolated by tenant and are not shared across environments. Customer-specific data is not surfaced in AI outputs to another customer.

Arctic Wolf collects data for each product and service in accordance with the following policies and agreements:

AI Risk and Regulatory Classification

An impact assessment was performed on all AI tools that are implemented at Arctic Wolf. No third-party evaluations have been conducted on the tools used. The use of AI at Arctic Wolf is considered minimal risk, according to the definitions outlined in the European Union AI Act.

Automated Decisions

Our ML algorithms classify files as malware, and your individual customer policy determines whether or not files that are classified as malware are blocked. The ML algorithms themselves do not make any automated decisions.

Aurora Security Assistant does not make any automated decisions, but might suggest steps or other actions that a human can choose to take.

Our internal GenAI tools primarily assist with analyst and internal workflows,for example triage and investigation support. Some of these tools may make automated decisions to support workflows, including but not limited to opening or closing tickets. These internal GenAI tools have bounded autonomy and can only support response actions within their designated area of expertise. Humans retain authority over irreversible, high-impact, or low-confidence actions.

Opt out

Our ML algorithms and internal GenAI tools are a core part of our service delivery, so they cannot be disabled. You can choose to not automatically block files that were classified as malware by the ML algorithms, but we recommend keeping this functionality enabled for optimal performance.

The Aurora Security Assistant in the Arctic Wolf Unified Portal is an optional tool that you can choose not to use. For more information, see Disable Aurora Security Assistant.