The urgency for robust digital resilience is escalating across industries, driven by the growing demand for realtime visibility and scalable threat detection. As enterprises embrace hybrid environments and multi-cloud frameworks, they’re also exposing themselves to wider attack surfaces, heightened system complexity, and new points of failure accelerated by the use of artificial intelligence. In addition, CISOs and CTOs are grappling with an overabundance of alerts, inconsistent AI outcomes, and a workforce struggling to stay updated with evolving large language models. Without access to well-structured, realtime, and federated datasets, machine learning models fail to deliver accurate or actionable insights. This is where Splunk steps in.

Now part of Cisco, Splunk is a unified security and observability plat form designed to help enterprises ensure digital resilience by delivering real-time visibility, threat detection, and AI-driven analytics across complex hybrid infrastructures. It provides organizations with the infrastructure, applications and security operations to remediate threats and identify disruptions before they could become major problems. “Over the last few years, we’ve continuously enhanced our AI and machine learning capabilities, which has placed us at the forefront of the security and observability domains”, says Dhiraj Goklani, Area Vice President (South Asia), Splunk.

AI Integration Grounded in Real-World Constraints

As artificial intelligence evolved to include generative and retrieval augmented generation (RAG) models, Splunk sharpened its AI strategy around three core principles.

First, it prioritizes domain and Splunk-specific models, particularly in the critical areas of security and observability. Second, it upholds the philosophy of keeping a human in the loop, recognizing that while AI can accelerate workflows, it should act as a copilot to humans as responsible oversight is essential to mitigate risks and ensure trust. Finally, it avoids the black-box model approach, allowing organizations to customize, fine-tune, and adapt models according to their policies and risk tolerance, whether by integrating their own large language models (LLMs) or aligning with evolving frameworks.

Splunk AI Assistant empowers security and IT teams to dive deeper into data, solve problems faster, with intuitive explanations and real-time documentation access

In addition, the Splunk AI Assistant translates natural language into Splunk Search Processing Language (SPL) queries, making complex data analysis accessible to everyone. Whether creating new searches, under standing existing ones, or learning SPL, it accelerates the workflow. Splunk AI Assistant empowers security and IT teams to dive deeper into data, solve problems faster, with intuitive explanations and real-time documentation access.

Furthermore, the company’s Data Science and Deep Learning App (DSDL) supports optimization of GPUs to perform large-scale LLM processing. This is complemented by automated playbooks and powerful analytical capabilities that harness machine learning to improve operational efficiency from within.

A Pragmatic Blend of AI & Human Oversight

The company recognizes that while automation is advancing rapidly, human judgment remains indispensable, especially in high-stakes environments like SOCs. Its AI-driven automation is designed to swiftly detect anomalies within massive volumes of data, using a hybrid of machine learning and rules-based systems to ensure alerts are both accurate and actionable. By ranking threats based on risk, it enables analysts to prioritize critical incidents, addressing the common industry challenge of alert fatigue. Automated responses handle repetitive tasks, while higher-order decisions remain with the analyst, preserving essential over sight.

Leveraging its own predictive analytics and threat research team alongside Cisco’s Talos threat intelligence, it is ensuring proactive threat anticipation and response. On the innovation front, the company is driving three key initiatives, namely deploying generative AI assistants for both observability and security, enabling federated analytics to supercharge data management and perform data analysis at its source, and deepening integration with Cisco’s network data. By unifying observability, security, and AI capabilities on a single platform, Splunk is shaping a more intelligent, responsive SOC environment and building digitally-resilient organizations that can handle massive data volumes while delivering targeted, actionable insights.