5 min readNew DelhiJul 16, 2026 01:53 PM IST
Cybersecurity firm Sophos on Thursday, July 16, launched an AI-native cybersecurity defense system called Sophos Fusion that is built to deliver a coordinated response to threats in the AI era.
Based on Sophos Central, the company’s existing cybersecurity system used by over 6,25,000 organisations across the world, Fusion has been rebuilt with an open architecture. It leverages AI agents to connect and synchronise every control point across the whole environment.
Sophos Fusion comes with a range of capabilities that will become gradually available from August through October 2026. Its debut is the first major outcome of Sophos’ $859 million acquisition of US cybersecurity company Secureworks.
The launch also comes at a time when AI models are becoming more advanced and focused on cybersecurity issues, with several security researchers using them to uncover vulnerabilities that may have been dormant in software code for years.
But even as AI takes on more of the defensive workload, it is also becoming a powerful tool for attackers looking to launch ‘agentic ransomware’ attacks where an AI agent handles the technical execution of a real-world cyber attack from start to finish.
In its ‘The State of Ransomware Report 2026’ published on Thursday, Sophos said that over half of ransomware attacks (56 per cent) last year succeeded in encrypting data, including 16 per cent where data was both encrypted and stolen. However, the report also found that in the last two years, median ransomware demands have declined 65 per cent and payments have dropped 62 per cent.
The root cause of ransomware attacks has also changed for the first time in three years, with email-based phishing attacks (24 per cent) or malicious emails (26 per cent) emerging as the most common attack vectors compared to exploited vulnerabilities, which has dropped 14 percentage points over the last year to 18 per cent.
Story continues below this ad
“As AI increases the speed, scale, and complexity of attacks, organizations need a modern connected, intelligent, and adaptive defense. Sophos Fusion is built as a defense system optimized for Human-AI workflows. We bring the most complete solution to a new category, a timely advancement demanded by the AI era,” Joe Levy, chief executive officer, Sophos, said in a statement.
Sophos Fusion architecture, key features
Sophos Fusion is a type of cybersecurity defense system with a single, open architecture where every control point, every service, every data source, and every analyst operates as one, whether the control point is native or third-party, according to the UK-based firm.
The all-in-one defense system comprises the following:
-Sophos Next-Gen SIEM for long-term data retention, compliance reporting, and analytics on the same unified data. It will be generally available from August 15, 2026.
-Sophos AI Defense for securing AI tools used by organisations by giving them greater visibility into these tools, new controls to enforce policy, protect data those tools can reach, and more. It will be generally available from October 2026.
Story continues below this ad
-Sophos CISO Advantage gives every organisation access to CISO-level guidance, with continuous control validation, compliance mapping, peer benchmarking, and risk assessment. It is generally available from October 2026.
-Sophos MDR with continuous, AI-enabled threat hunting fed by the Sophos X-Ops research team and broader two-way response across endpoint, firewall, cloud, email, and identity. It will be generally available from August 15, 2026.
-Sophos XDR is designed to give teams faster, higher-fidelity detection and response with less manual work. It will be generally available from August 15, 2026.
Sophos Fusion also offers endpoint protection, endpoint detection and response (EDR), identity threat detection and response (ITDR), network security, etc. The underlying open and native architecture of Sophos Fusion comprises the following four layers:
Story continues below this ad
-One shared context lake, where every signal from every control point flows into a single data layer in real time.
-Synchronised Security, where a detection on one control point triggers coordinated action across the others at the same moment.
-Agentic autonomy with human governance, where the system investigates and responds inside boundaries analysts set and continuously calibrate.
-Compounding intelligence, where every threat seen across the defended base makes every customer’s defense stronger.
Story continues below this ad
Sophos said that it uses Fusion in its own operation running the world’s largest agentic SOC with over 40,000 customers worldwide. It mentioned that over 52 per cent of cases are resolved entirely by AI, and the average time from alert to a fully automated response is 89 seconds.
Additionally, Sophos Endpoint is designed to stop entire classes of attacks based on behaviors, such as memory abuses, data encryption and exfiltration, or other human or AI attacker tradecraft.





