Security operations teams are under mounting pressure to move faster in environments that are only getting more complex. Alert volumes are only increasing, staffing and resources are stretched thin, and many MSPs and internal security teams are still forced to manage incidents across fragmented tools, customer environments, and communication workflows. In that kind of environment, speed matters – but so does clarity.
The minutes immediately following the detection of a cyber incident are among the most consequential, and often the most chaotic. What happened? How serious is it? What systems are affected? What should we do next?
For MSPs and IT security teams managing multiple customers across complex environments, getting clear answers to those questions quickly can make the difference between rapid containment and a much broader escalation. Too often, the process of getting there still involves too many handoffs, too much back-and-forth, and too little time.
Looking to shorten that window significantly, Todyl recently launched Janus, an agentic AI built directly into its unified cybersecurity and assurance platform. Through natural language interaction, Janus correlates incident evidence, enriches it with threat intelligence and vulnerability context, and surfaces actionable explanations directly inside the incident, without requiring users to pivot to another tool or wait on another team.
The AI capabilities are important in their own right, but what’s more significant is where Janus sits within Todyl’s broader platform. Rather than functioning as a standalone AI add-on layered onto an existing product, Janus was designed to connect Todyl’s modules across threat protection, risk and compliance management, and insurability readiness. In practice, that gives users broader context across the entire platform and helps reduce the friction that can come with when security teams need to move between separate tools and workflows during an active incident.
“Janus gives teams immediate clarity on what happened, why it matters, and what to do next, in plain language, right inside the incident,” said John Nellen, Founder and CEO of Todyl. “That means faster collaboration with Todyl’s MXDR experts, fewer handoffs, and customer-ready explanations that build trust and prove value.”
That matters, especially for MSPs. Todyl’s MXDR offering pairs customers with assigned security experts who help lead investigation and response, but MSP and IT professionals still need fast, independent visibility so they can collaborate effectively, take follow-on action, and communicate outcomes to their customers. Janus fills that gap by letting users ask natural language questions to understand the reasoning behind MXDR findings, receive recommended response steps, and generate customer-facing explanations in seconds. The goal is to reduce bottlenecks, speed decision-making, and create a more consistent experience for the end customers who ultimately need to understand what happened and how it was handled.
Importantly, Janus doesn’t take people out of the mix. Rather, it provides MSPs and security teams with the information they need to take appropriate action, ensuring businesses are aware of what is happening, what remediation steps are being taken, and where things stand at any point in the incident response lifecycle.
Todyl built Janus with multi-tenant environments squarely in mind, a critical consideration for MSPs. Each tenant gets its own AI agent, with access limited to data tied to that specific customer. That architecture is intended to protect data privacy while preserving the speed and relevance needed for real-world incident response. Todyl says Janus also includes security guardrails designed to help prevent prompt injection, data leakage, and unauthorized access, keeping the AI within tightly defined boundaries rather than allowing it to operate broadly across the environment – an important factor considering the risks of unchecked AI.
The capability set also includes integration with threat intelligence and vulnerability feeds, surfacing relevant indicators of compromise and CVE context directly within each case. This gives analysts additional context to assess severity and prioritize response without having to hunt through multiple systems to piece together the bigger picture.
The Janus launch comes at a pivotal point in the market, as AI is moving from a behind-the-scenes capability that vendors use to improve internal operations into a front-line tool that security teams interact with directly.
This creates several advantages. It reduces response friction at the moment decisions need to be made. During an incident, teams do not just need better detection; they need fast answers, context, prioritization, and clear next steps. If AI can help provide that inside the workflow, it can shorten the gap between alert, understanding, and action.
It also helps address the skills and staffing problem. Security teams are already strained, and not every person handling an incident has deep expertise in every threat type, tool, or environment. A front-line AI layer can help less-experienced analysts work faster and more confidently, while helping senior staff scale their expertise.
Front-line AI also drives better communication. One of the hardest parts of security operations is translating technical findings into something customers, executives, or other internal stakeholders can understand. If AI can turn incident data into plain-language explanations, it helps teams justify actions, speed approvals, and show value more clearly.
Finally, when AI becomes part of the operational fabric rather than a hidden enhancement, it becomes a clear differentiator that MSPs can point to as something that actually improves cybersecurity when it matters most – as opposed to those whose AI is working behind the scenes. In other words, AI starts to deliver provable value, not merely abstract benefits.
Put more simply, the organizations will see benefit from AI being deeply integrated into existing workflows to reduce friction across detection, investigation, remediation, and customer communication. That’s the security experience Todyl is looking to create with Janus.
Edited by
Erik Linask
