SHOW NOTES

Red Canary’s Jimmy Astle and Rafael Del Rey demonstrate how to build effective AI agents for cybersecurity. The discussion covers the fundamental difference between fully autonomous agents and deterministic workflows, showing why companies need to ‘tame’ their agents for production use. Through a live demonstration of building an email phishing classification agent, they illustrate the complete process from initial autonomous chatbot creation to structured, reliable workflows.

Key topics include agent architecture design, the importance of simulation at scale for testing, data retrieval challenges, and maintaining consistency across thousands of executions. The speakers emphasize that while autonomous agents are useful for exploration and ideation, production-ready agents require deterministic elements, proper instrumentation, and continuous evaluation. Red Canary’s experience with 21 production agents that processed over 30 million cybersecurity events demonstrates the practical application of these principles in real-world SOC operations.

Timestamps:

• 01:17 – Welcome to Red Canary Office Hours
• 02:06 – Fundamentals of building AI agent workflows in the SOC
• 04:24 – Choosing your AI automation style
• 06:18 – Embracing deterministic tasking
• 08:08 – Key AI agent workflow patterns
• 11:31 – AI agent tutorial
• 23:59 – Q&A with our experts