Agentic AI
,
Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
Krishna Sai on Secure-by-Design Principles Behind SolarWinds’ Agentic AI Platform
Yamini Kalra •
February 4, 2026
Krishna Sai, CTO, SolarWinds
Agentic artificial intelligence is redefining the operational contract between humans and software. When systems can interpret telemetry, infer root cause and initiate remediation, the core challenge shifts from capability to control, specifically around permissioning, explainability and governance. SolarWinds’ AI Agent is built around these constraints, embedded directly into existing IT service management and observability workflows and operating only on trusted in-environment telemetry.
See Also: Proof of Concept: Bot or Buyer? Identity Crisis in Retail
In an interview with Information Security Media Group, Krishna Sai, CTO of SolarWinds, draws on more than two decades of experience across observability, distributed systems, cloud infrastructure and security, including leadership roles at Atlassian and Groupon, to unpack the technical architecture behind SolarWinds’ approach to agentic AI and why fully autonomous remediation is a deliberate line not yet crossed.
Edited excerpts follow:
How is SolarWinds’ new AI Agent architected to operate securely in enterprise environments without expanding the attack surface or enabling unauthorized actions?
The SolarWinds AI Agent is built on the same secure by design and AI by design principles that govern all of our product development at SolarWinds. Every interaction is governed by role-based access control, multifactor authentication and clearly defined permission boundaries. Automated actions are executed only through pre-approved runbooks and policies defined by the customer, ensuring the agent operates as an extension of existing operational processes, not a privileged shortcut around them.
From an architectural standpoint, the AI Agent analyzes trusted telemetry – metrics, logs, events and traces – within the customer’s environment. All actions are logged, auditable and fully visible, allowing teams to trace decisions end-to-end. This approach ensures automation enhances operational speed and consistency without increasing risk or expanding the attack surface.
In observability and incident response, AI-driven root cause analysis and recommendations are inherently probabilistic. How does SolarWinds ensure explainability and confidence scoring in AI-generated insights so security and IT teams can trust – and verify – automated suggestions when it matters most?
Trust in AI comes from transparency. The platform is built to show IT and security teams not just what the AI is suggesting, but why it is suggesting it. Features like Root Cause Assist surface underlying signals such as related events, correlated metrics and recent changes that led to a particular recommendation. This gives teams a clear line of sight from raw telemetry to final insight.
Insights are accompanied by indicators based on the strength and consistency of the data patterns observed. The system also keeps a full audit trail. Teams can review past incidents, see which recommendations were accepted, what actions were taken and what outcomes followed. Over time, this builds trust and allows organizations to tune the AI’s behavior to their own environment and risk tolerance.
Following the resolution of the SEC case related to the 2020 Sunburst incident, how has SolarWinds evolved its “secure by design” framework to incorporate agentic AI securely, particularly in ensuring that features like the AI Agent’s natural language interactions and automated actions do not introduce new vectors for supply chain attacks or unauthorized access in hybrid environments?
Secure by design remains the foundation for every innovation, including agentic AI. Rather than layering controls after features are built, security is embedded throughout the product life cycle – from architecture and development to deployment and operation.
For agentic AI, this means natural language interactions and automated workflows are treated as first-class software components within the same trusted development and delivery pipeline. Inputs, actions and outputs are subject to the same controls, validation and monitoring as any other feature.
Our “AI by Design” framework further governs how data is handled, with strict access controls, anonymization and pseudonymization where appropriate, and continuous auditing to ensure visibility and accountability. This approach ensures that AI capabilities enhance operational efficiency without introducing new supply chain risks or bypassing established security controls – whether deployed on-premises, in the cloud or across hybrid environments.
The “State of ITSM 2025” report highlights measurable benefits from AI adoption. Where does AI deliver the most defensible cybersecurity ROI today, and where do you think the industry is still over-claiming?
The most defensible ROI from AI in cybersecurity today comes from reducing response time and operational overhead. In practical terms, this means more efficient handling of routine incidents. Indian enterprises, especially in sectors like banking, IT services and healthcare, see value when AI helps teams cut through alert noise and focus on what impacts service availability and risk.
A recent industry survey showed nearly 94% of Indian organizations are using AI to detect, respond to and predict cyberthreats, indicating strong traction for AI in operational decision-making. What’s increasingly clear is that this adoption is now translating into concrete, operational gains rather than just strategic intent, with generative AI-enabled organizations saving a cumulative 323,343 hours annually.
Where the industry tends to overestimate is in the idea of a fully autonomous security. Decisions still require human oversight, especially in regulated environments. AI can guide, recommend and even prepare actions, but it is not yet a substitute for accountability and contextual judgment.
Dynamic thresholds and AI-driven alert suppression promise to reduce alert fatigue. How do you balance noise reduction with the risk of masking early warning indicators of compromise or systemic anomalies that security teams still need to see?
Enterprises are rethinking how they monitor, predict and respond across complex IT environments, and agentic AI represents an evolution in how we manage complex IT environments. Traditional monitoring tools often struggle with the sheer volume of data and the multitude of platforms in today’s hybrid and multi-cloud setups. AI agents, however, can autonomously analyze system behaviors, predict potential failures and take corrective actions by making contextual decisions and learning from each incident.
This proactive, predictive approach is a significant departure from reactive alerting, which helps prevent cascading failures in complex distributed systems and drastically reduces the mean time to resolution. Importantly, raw data is never hidden, and metrics, logs and traces remain available for inspection. Teams can explore at any point to validate what the AI is showing them.
As SolarWinds expands AI-driven automation, what is one capability you’ve deliberately chosen not to build – at least for now – because the security or reliability trade-offs aren’t there yet?
We’ve intentionally avoided building fully autonomous, self-executing remediation that operates without defined guardrails or human oversight. While the technology is advancing rapidly, reliability and accountability still matter more than speed in most enterprise environments.
Instead, we focus on AI that recommends, prepares and orchestrates actions within customer-defined policies and approvals. This ensures organizations retain control, understand the impact of changes and can intervene when context or judgment is required.
Autonomy will continue to evolve, but it has to earn trust incrementally. For us, responsible progress means delivering automation that teams can rely on, without forcing them to surrender visibility or control before they’re ready.